What is FERPA?
The Family Educational Rights and Privacy Act (FERPA) [full text of Title 34, Part 99] is a Federal law (established in 1974, with significant regulatory changes and clarifications in 2008) protecting the privacy of student records. In summary, FERPA defines and regulates three types of information, each of which is subject to different policies.
In general, student records are confidential [see 34.99.31], with access limited to a) students themselves and b) school officials and teachers who have a “legitimate educational interest,” unless permission is explicitly granted by the parent or students. Students who are enrolled in higher education classes, who are under 18, maintain privacy of their records from their parents or legal guardians unless the student gives permission.
Directory (aka public) information is an exception to the general rule and not assumed confidential provided that students have a) been informed about such information, and b) been provided adequate time to request that such information not be disclosed (at UA this is known as a “directory hold”).
Directory information includes, but is not limited to [see 34.99.3] the following, with additions that may be defined by the educational institution, student’s:
- name and address
- telephone listing
- email address
- date and place of birth
- major field of study
- dates of attendance, grade level, and enrollment status (e.g., undergraduate or graduate; full-time or part-time)
- participation in officially recognized activities and sports
- weight and height of members of athletic teams
- degrees, honors and awards received
- the most recent educational agency or institution attended
Publicly Identifiable Information
The third area of protected information is Publicly Identifiable Information (PII) and includes family and other personal information not exempted by the exceptions for directory information and [34.99.3]:
- the student’s Biometric record, meaning “a record of one or more measurable biological or behavioral characteristics that can be used for automated recognition of an individual. Examples include fingerprints; retina and iris patterns; voiceprints; DNA sequence; facial characteristics; and handwriting.”
- A personal identifier, such as the student’s social security number, student number, or biometric record
- Other indirect identifiers, such as mother’s maiden name;
- Other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty
- Information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates
What does this mean?
- First: It means that students may not be required to provide PII as part of their public coursework (in other words, required to participate using their real name or any account that is associated with their real name, such as their Facebook account) though they of course have an option to do so (opt-in) if they wish.
- Second, students can be required to participate in public systems as part of your classwork as long as they have the option to provide an alias.
- Third: combined with the force of the assumed privacy of student records, it further means that instructors must not post grades publicly in a manner that they can be associated with a student’s PII. This includes grades on individual assignments and, we may reasonably assume, comments that can be reasonably construed to equate to a particular assigned final grade for an assignment. Interestingly, there is precedent making peer evaluations, including specific grades, exempt from this restriction [see note B.2 re: Owasso Independent School Dist. No. I-011 v. Falvo].
- Fourth: none of this applies in a closed classroom situation, whether it is a face-to-face classroom, a private Blackboard section, or another protected space such as a wiki.