FERPA: What faculty and staff members need to know
It’s Your Responsibility
The Family Educational Rights and Privacy Act of 1974 (FERPA), also known as the Buckley Amendment, is a federal law that protects the privacy of student “educational records.”
“Educational records” are defined, with a few exceptions, as records containing information directly related to a student that are maintained by a school or its agent (including electronic records). In higher education, FERPA prohibits schools from disclosing educational records, or personally identifiable information in those records, other than certain basic directory information, without the student’s prior written consent. The student may even request that directory information be withheld. Some exceptions allowing disclosure of educational records do apply. For further information contact the Office of the University Registrar at firstname.lastname@example.org.
Disclosure is defined as permitting access to, or the release, transfer, or other communication of personally identifiable information, contained in education records to any party, by any means, including oral, written or electronic. Exposing student educational records to unauthorized access due to inadequate security measures may constitute disclosure in violation of FERPA.
As a faculty or staff member, you have a legal responsibility under FERPA to protect the confidentiality of student educational records in your possession. You have access to student information only for legitimate use in the completion of your responsibilities as a university employee.
“Need to know” is the basic principle.
Your access to student information, including directory information, is based on your faculty or staff role within the university. You may not release lists or files with student information to any third party outside your college or departmental unit.
Student educational records (other than directory information) are considered confidential and may not be released without written consent of the student. Student information stored in electronic format must be secure and available only to those entitled to access that information.
Under the terms of FERPA, Willamette University defines the following as Directory Information and may release it unless the student specifically requests otherwise by submitting written notification in person to the Office of the University Registrar:
- Address (local, permanent, and email),
- Telephone number (local and permanent),
- College/School of enrollment,
- Major field of study,
- Current enrollment status (including dates of attendance, full-/part-time enrollment, withdrawn),
- Previous institutions attended,
- Degrees conferred by Willamette University (including date),
- Honors and awards received (e.g. College Honors),
- Participation in officially recognized sports and activities, and
- Weight and height of members of athletic teams.
All other information may not be released without written consent of the student. Grades, Student ID Numbers, Ethnic Backgrounds, and Student Schedules may not be released to anyone without the student’s written consent and NEVER over the phone. Please note that students may restrict Directory Information at any time and that if the student restricts the release of Directory Information, a red bar will appear in the context window on all Colleague (student information system) screens; no information may be released on that student without further written permission.
- Use the University ID number of a student in a public posting of grades or any other information.
- Link the name of a student with that student’s University ID number in any public manner.
- Leave graded tests, papers, or other student material for students to pick up in a stack that requires sorting through the papers of all the students.
- Circulate a printed class list with the student name and University ID number, photo, or grades as an attendance roster.
- Discuss the progress of any student with anyone other than the student (including parents ) without the consent of the student.
- Provide anyone with lists or files of students enrolled in your classes for any commercial purpose.
- Provide anyone with student schedules or assist anyone other than university employees in finding a student on campus.
- Access the records of any student for personal reasons.
- Store confidential information on any computer unless that information is required and secure from intrusion.