The Family Educational Rights and Privacy Act
What is FERPA?
The Family Educational Rights and Privacy Act (FERPA) [full text of Title 34, Part 99] is a Federal law that protects the privacy of student records. Established in 1974 with significant regulatory changes and clarifications in 2008, FERPA defines and regulates three types of information, each of which is subject to different policies.
This page is a basic guide to FERPA and should not be taken as legal advice. If you have any questions, please visit the UA FERPA information page. The Office of the Registrar at each campus is responsible for resolving any FERPA-related issues.
1. Student Records
In general, student records are confidential [see 34.99.31], with access limited to a) students themselves and b) school officials and teachers who have a “legitimate educational interest”, unless permission is explicitly granted by the parent or students. Students who are enrolled in higher education classes, who are under 18, maintain the privacy of their records from their parents or legal guardians unless the student gives permission.
2. Directory Information
Directory (aka public) information is an exception to the general rule and not assumed confidential provided that students have a) been informed about such information, and b) been provided adequate time to request that such information not be disclosed (at UA this is known as a “directory hold”).
Directory information includes, but is not limited to [see 34.99.3] the following, with additions that may be defined by the educational institution, student:
- name and address
- telephone listing
- email address
- date and place of birth
- major field of study
- dates of attendance, grade level, and enrollment status (e.g., undergraduate or graduate; full-time or part-time)
- participation in officially recognized activities and sports
- weight and height of members of athletic teams
- degrees, honors, and awards received
- the most recent educational agency or institution attended
3. Publicly Identifiable Information
The third area of protected information is Publicly Identifiable Information (PII) and includes family and other personal information not exempted by the exceptions for directory information and [34.99.3]:
- the student’s Biometric record, meaning “a record of one or more measurable biological or behavioral characteristics that can be used for automated recognition of an individual. Examples include fingerprints; retina and iris patterns; voiceprints; DNA sequence; facial characteristics; and handwriting.”
- a personal identifier, such as the student’s social security number, student number, or biometric record;
- other indirect identifiers, such as mother’s maiden name;
- other information that alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty;
- information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates.
Any faculty or staff who interact regularly with students are required to complete this training annually. This includes student employees who have access to student information.
How does FERPA affect my course?
- If students participate in any public-facing platform or activity, students may not be required to provide their name or any other PII as part of their public coursework. Examples of this include: posting on an open WordPress site, contributing to databases like iNaturalist, or participating in a performance that will be publicized.
- They can also not be required to connect any personal social media accounts to public platforms used in your course.
- Students can be required to participate in public systems as part of your classwork as long as they have the option to provide an alias. It should be your responsibility to make this option clearly available.
- None of this applies in a closed classroom situation, whether it is a face-to-face classroom, a closed section in your LMS, or another protected space such as a wiki.
- Instructors must not share grades in a manner that can be associated with a student’s PII. Beyond the student themself and official university processes, do not share grade information with others, including: other students, a student’s parents (even if they are under 18), potential or current employers, or on your personal social media accounts.
- Students can consent to their grades being shared with others through signing a FERPA release form.
- Sharing aggregate grade data is acceptable. An example of this would be a graph of grade distribution on a recent exam.
- Instructors can make comments and critiques, such as replying to a discussion post or verbally in a workshop. However, these comment’s should not be reasonably construed to equate to a particular assigned final grade for an assignment.
- There is precedent making peer evaluations, including specific grades, exempt from this restriction [see note B.2 re: Owasso Independent School Dist. No. I-011 v. Falvo].
- It is your responsibility to keep grade information private. Your LMS grade center and UA Online should be your primary portals for sharing grades. Email is not recommended because you have no guarantee that the student will be the sole recipient. Be careful with physical and digital files that contain grade information and protect yourself from being overheard when discussing grade information with a student in-person or virtually.
A FERPA slideshow
UAF Instructional Designers
This page has been authored collectively by the experts on the UAF Instructional Design Team. Let us know if you have suggestions or corrections!