Family Educational Rights and Privacy Act (FERPA)
Read the information below and then take the FERPA self-assessment quiz.
The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
While FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are "eligible students."
The term "education records" is broadly defined as all records, files, documents and other materials which: contain information directly related to a student; and are maintained by the educational agency or institution or by a person acting for such agency or institution.
The ACT states that each educational agency or institution shall maintain a record, kept with the education records of each student, which will indicate all individuals [except for those defined by the institution to have a “legitimate educational interest”], agencies, or organizations which have requested or obtained access to a student’s educationalrecords maintained by such educational agency or institution, and which will indicate specifically the legitimate interest that each such person, agency, or organization has in obtaining this information.
Institutions are allowed to publish “directory information,” so long as public notice is given of the categories of information which it has so designated to be such information with respect to each student attending the institution. Institutions must also allow a reasonable period of time after such notice has been given for the eligible student to inform them that any or all of the information designated should not be released without their prior consent.
For the purposes of this section, the ACT indicates that the term “directory information” relating to a student may include the following: the student’s name, address, telephone listing, date and place of birth, major field of study, participation in officially recognized activities and sports, weight and height of members of athletic teams, dates of attendance, degrees and awards received, and the most recent previous educational agency or institution attended by the student.
Auburn University publishes its list of “Directory Information” at the following web page:
Students may restrict release of specific pieces of this “directory information” under the PLUS/OASIS system. Under Banner, they will either restrict all or none of said information.
RELEASE OF ALL OTHER EDUCATIONAL RECORDS
Release of ALL other “Educational Records” (except for the exclusions listed in 34 CFR § 99.31) is dependent upon the student authorizing such release. The only exception would be the case of a dependent parent who can have access to a student’s records under provisions outlined on this same Auburn web page:
Parents of students termed as "dependent" for income tax purposes may have access to the student’s education records. A request for the specific records desired along with a copy of the parent’s most recent federal income tax return, on which the parents declared the student as dependent, must be submitted to the Registrar's Office to document "dependency." The student will be notified of the request made by the parent and allowed adequate time (10 days) to question the request.
The Office of Student Financial Services provides the ability for students to add a parent or other individual to their “e-bill” account. Students may also fill out an information release form (available on OASIS web) authorizing certain other individuals to access financial information. Such a form eliminates the necessity for the parents to prove financial dependency as well as the requirement that the student to be notified each and every time an authorized parent requests financial information from Student Financial Services.
Release of any “educational records,” through any other venues to third parties (including parents) should be handled according Auburn University’s posted guidelines.
Be careful about disclosing information over the telephone or email. Unless you’ve clearly authenticated the student’s identity (e.g., via a prearranged PIN or password), you have no way of knowing that you’re talking to the student. If it is merely someone pretending to be the student (e.g., a roommate, significant other, or relative), you’ve disclosed personally identifiable information without consent. Keep in mind that these individuals may know many of the identifiers you might ordinarily use to authenticate identity, such as date of birth, social security number, and mother’s maiden name, so those identifiers are insufficient to guarantee the privacy of the student’s information.
Even caller ID cannot be trusted, since it is relatively easy to spoof the caller ID. (The caller ID information provided to businesses in connection with a toll free number uses a different system that is much more difficult to spoof.) If you are going to disclose information over the telephone, only do so after you’ve called back the individual at a telephone number you have on file for them.
The informal nature of a telephone call makes it very easy to accidentally disclose information. Private investigators routinely use pretexting (pretending to be someone that they aren’t) and other techniques to extract information. For example, getting someone to correct an error is often used. They ask you "when did so and so graduate" and when you say "they haven’t graduated yet", you just disclosed that they are a student.
Last Updated: January 24, 2011