The Family Educational Rights and Privacy Act (FERPA), as amended (January 8, 2009), is a federal law that protects the privacy of student education records.
It is important that every person who works with student education records understands: what an education record is; what information within that record may be disclosed; and, to whom and under what conditions that information may be disclosed.
An Education Record is any record containing information (including Personally Identifiable Information) directly related to a student that is maintained by an institution, educational agency, or by an individual acting directly for such institution or agency. It may be maintained in any medium: print, film, handwriting, electronic text, photographs, etc.
Education Records do not include:
- Private/Personal notes, data, or records of individual staff or faculty that are kept exclusively by the maker of the records and not accessible or revealed to anyone else;
- University Police records;
- Medical records;
- Employment records which are used only in relation to a student’s employment by the university;
- Financial records and statements of a student’s parent(s)/legal guardian(s); or
- Statistical data compilations that contain no mention of personally identifiable information about any specific student.
Personally Identifiable Information includes, but is not limited to:
- the student’s name;
- the name of the student’s parent/guardian or other family members;
- the address of the student or student’ s family;
- a personal identifier, such as the student’s Social Security number, driver’s license number, UIN, or biometric record;
- other indirect identifiers, such as a student’s date of birth, place of birth, or mother’s maiden name; and
- other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty.
Under FERPA, items defined by the institution as directory information may be made public unless the student has requested to withhold any or all of this information. Effective January 1, 2012, the following items will be defined by Texas A&M University as directory information:
- Universal Identification Number (UIN)
- Local Address
- Permanent Address
- E-mail Address
- Local Telephone Number
- Permanent Telephone Number
- Dates of Attendance
- Program of Study (college, major, and campus)
- Previous Educational Agencies/Institutions Attended
- Degrees, Honors and Awards Received
- Participation in Officially Recognized Activities and Sports
The addition of the student UIN to directory information was approved effective January 2012. The student UIN cannot be used alone to gain access to student education records. In cases where a UIN is required for authentication, at least one additional item not considered directory information is also required (e.g., a password).
Texas A&M University employees should exercise discretion in the release of all directory information. Staff with access to the Compass student information system may view any holds a student has placed on his or her directory information on the SWAINFO form. Items checked on SWAINFO have been withheld and should not be disclosed without prior written consent from the student. Additional training about FERPA information in Compass is available in the Compass User Training channel on the Employee tab in Howdy.
Faculty and instructors may view students with directory holds on the class roster. Students with the word “Confidential” listed next to their names have requested directory holds. Clicking on the “Confidential” indicator will display the specific items on which a student has placed a directory hold.
Students may request to have any and all directory information items withheld from disclosure without prior written consent. Students may do so by going to https://howdy.tamu.edu and clicking on the “Withhold Directory Information” link in the Student Records channel on the My Record tab. This may also be done by completing the Hold Directory Information Form and submitting it to the Office of the Registrar in Suite 1501 of the General Services Complex.
To whom or under what conditions an education record or personally identifiable information (e.g., non-directory information) may be released without prior written consent from the student:
- University officials who have legitimate educational interests
- To appropriate parties, including parents of an eligible student, in connection with an emergency if knowledge of the information is necessary to protect the health or safety of the student or other individuals
- State and local educational authorities
- Law enforcement agents who have a lawfully issued subpoena
In short: Items defined as directory information may be released without the student’s written permission, provided that the student has not chosen to restrict his or her directory information. All other personally identifiable information in a student’s education record is confidential and should be protected as such.
FERPA DOs and DON’Ts
- DO NOT link the name of a student with that student’s social security number or institutional identification number (UIN) in any public manner including posting of grades or printed attendance rosters.
- DO NOT leave graded tests or papers in a stack for students to pick-up by sorting through the tests or papers of all students.
- DO NOT discuss the progress of any student with anyone other than the student (including parents/guardians) without the consent of the student.
- DO NOT provide anyone with lists of students enrolled in classes for any commercial purpose.
- DO NOT provide anyone with student schedules or assist anyone other than professional university employees in finding a student on campus.
- DO post grades using secure technology (see below)
- DO store documents or physical media containing confidential or personally identifiable information in locked file cabinets or drawers and hide the keys in a secure area
- DO encrypt any confidential or personally identifiable information stored on computers, portable computing devices, or portable media. See http://itim.tamu.edu/encryption/ for more information.
Posting of Grades by Faculty
FERPA requires student grades be accessible only to individual students and other authorized personnel. Posting grades in a secure course management system like Blackboard Vista (Bb Vista, formerly WebCT Vista) is the preferred method for distributing grades online at Texas A&M University. Instructional Technology Services (ITS) would like to remind faculty of the secure, online technologies available on campus for delivering student grades.
ITS is available to support faculty in adhering to university regulations, especially in terms of incorporating new technologies. If you would like more information about using the Bb Vista Grade Book, contact ITS at 862-3977 or email firstname.lastname@example.org.
Special Reminders for Faculty and Staff
Any confidential information stored on a portable computing or storage device must be encrypted with an appropriate encryption technique, according to Standard Administrative Procedure (SAP) 29.01.99.M1.16 (http://rules-saps.tamu.edu/PDFs/29.01.99.M1.16.pdf). Ask your IT support personnel for assistance or go to http://itim.tamu.edu/encryption/ for more information.
If the unauthorized disclosure or release of confidential or sensitive personal information should occur, see SAP 29.01.99.M1.24 (http://rules-saps.tamu.edu/PDFs/29.01.99.M1.24.pdf) for appropriate procedures.
Additional Information and Questions
Additional information about FERPA is available online at http://registrar.tamu.edu/General/FERPA.aspx