The Family Educational Rights and Privacy Act (FERPA) is a federal law designed to protect the privacy of education records; to establish the right of students to inspect and review their education records; and to provide guidelines for the correction of inaccurate and misleading data through informal and formal hearings. Staff and faculty have access to student educational data in order to perform job duties, and staff and faculty have a legal responsibility to protect student education records in their possession. In general, faculty and staff may not release information from the student record to a third party, including parents, without written permission from the student.
- Be aware of FERPA regulations. It is not necessary for faculty and staff to understand every FERPA nuance, but is critically important to that it governs much of what we do.
- FERPA is everyone’s responsibility. Every employee of every higher education institution is FERPA liable if she/he has access to student education records.
- Almost all student records are subject to FERPA. Faculty and staff often believe that only “academic records” are subject to FERPA. In fact, the law itself defines student records, and the definition is very inclusive. Faculty and staff do not have the authority to decide which records fall under the law.
- Disclosure of student records without student consent is risk for violation of the law. FERPA provides for the disclosure of student records without consent to certain designated persons, or under certain specific circumstances, but those exceptions are few and narrowly defined.
- Students have the right to see their records. FERPA requires all custodians of student records to accord review of those records to the specified student under almost all circumstances. Employees are not accorded the prerogative of deciding whether students should see their records.
- The right of employees to access student records is very narrow. FERPA accords school employees the right to view student records under “legitimate educational interest.” In general, this means “the employee needs access to the records to do his/her job.” Curiosity is not a legitimate educational interest. The ability to access student records does not confer the right to view student records.
- Good intentions, common sense, or innocent mistakes do not mitigate privacy violations. Most FERPA violations by faculty and staff are unintentional. Nonetheless, it is the responsibility of the institution to prevent violations, and intent is not a defense.
- Ask for help! Faculty and staff they are professionally responsible to understand student records privacy. Contact the Office of the Registrar (ummregistrar@)for clarification or consultation.
Excerpts from Karl Johnson article, former associate registrar at the University of Minnesota, Duluth
Special FERPA Technology Considerations
When working with technologies that involve capturing student data online:
- use University of Minnesota Systems of Record to avoid exposing student records.
- be explicit about what you’re requiring students to do in your course if a student work will be made public.
Systems of Record
Systems of record store and protect data. Anything that the Office of Information Technology considers part of the “common good,” supported in the University central infrastructure and x .500 integrated, is a system of record.
- the registrar’s gradebook system
- Moodle’s built-in grade book
- Active Directory
- The University’s installation of Google is a system of record.
Do not keep student records on your desktop computer, laptop, or in an unlocked drawer. Do not use third-party applications.
Making Student Work Public
When making student work public, be explicit about what you’re requiring students to do in your course.
Complications can arise when you require students to make themselves and their work public (e.g., recording one another and posting to a public website). Their visibility may be a risk for them. The likelihood of this is remote, but it’s important to think about how you might accommodate students who don’t want their info on the web.
As an instructor you are entitled to design learning environments to best meet the learning outcomes. The learning environment can compel students to be public, share their content, develop media-rich learning objects with their name on it, receive feedback from peers and instructors, etc. But you have to be explicit and clearly specify the conditions of participation in the course.
There is a right to student privacy, but instructors also have a right to establish a learning environment. The Office of General Counsel (OGC) at the University of Minnesota has said that instructors can’t publish grades, but they can have peer review, rich commentary, all in a public space, and can require that learners contribute content to Wikipedia, and open themselves up to criticism in a very public way.
It’s important to put a statement in your syllabus explaining their exposure to others beyond the class. It’s good practice to provide accommodations to students who have a need to protect their identity, but according to OGC, you are not obligated to provide an accommodation.
Excerpts from Instructor Support post.