FERPA and Student Privacy

What is FERPA?

  • The Family Educational Rights and Privacy Act of 1974, also known as FERPA, is a federal law designed to protect the privacy of education records and guarantees eligible students the following four rights:
    1. The right to inspect and review educational records
    2. The right to seek to amend education records
    3. The right to consent to disclosures of personally identifiable information contained in the student’s education records, except to the extent that FERPA authorizes disclosure without consent
    4. The right to file a complaint with the Department of Education against any institution for an alleged violation of their FERPA rights. The office that administers FERPA and investigates violations is the Family Policy Compliance Office, located in Washington, D.C.
  • FERPA applies to the District because the colleges receive federal funds.
  • Student FERPA rights begin the first time a student is enrolled in and attends class. Only those with a legitimate educational interest that is, school officials, accrediting organizations or law enforcement agencies who require student information in their official capacity, may access student records without a student’s signed and written consent.

 

What is an Education Record?

An Education Record is any information that is directly related to a student and maintained in a central location by an institution (or party acting for the institution). Education Records may be in any form and include written documents, computer media, video or audiotape, photographs, and electronic files. Examples include:

  • Demographic Information
  • Class Schedules
  • Enrollment Records
  • Class Lists
  • Grades
  • Graded Papers
  • Social Security Number
  • ID Number

 

FERPA and Distance Education

Regulation Definition

  • A “student” is defined as an individual who is or has been “in attendance” at an educational agency or institution and regarding whom the agency or institution maintains education records. The final regulations add other situations in which students “attend” classes but are not physically present, including attendance by videoconference, satellite, Internet, or other electronic information and telecommunications technologies. This change will ensure that individuals who receive instruction through distance learning and other contemporary modalities are covered as “students” and, therefore, that their records are protected under FERPA (US Department of Education § 99.3 Links to an external site.).

What this means at SMCCCD

  • When FERPA privacy guidelines were created in 1974, they stated that any electronic information becomes student record. Since this was before the widespread use of computers and the internet, this has wide-ranging implications for any form of learning which utilizes electronic delivery methods. Electronic information, therefore, refers not only to computerized educational records but also to email communication, comments in discussion boards, student projects uploaded to a website, etc. This makes it necessary to consider how course structure and materials will affect online learning with regard to FERPA.
  • FERPA regulations also refer to TAs, college assistants or student helpers. Any person who is not the Instructor of Record cannot have access to student records. Instructors may share notes with assistants, but not the educational records themselves.

 

FERPA and Publisher's Online Resources

  • Prebuilt publisher online resources and homework managers present several issues in terms of student privacy. Because some resources direct students to third party websites, it is important to verify that the website complies with FERPA guidelines. When considering third-party publisher content, please verify that personally identifiable information such as name, address, g numbers, ssn or anything regarding student-submitted work and grades are not collected and stored.

 

FERPA and the Internet

Since many websites may require written input of some sort (email registration, comments, etc.) it is important to understand how different activities on the internet may affect FERPA Compliance.

FERPA compliant

  • Internet research, information retrieval
  • Surveys, tests, quizzes, problem sets that do not require login information
  • Publisher websites that do not require login information

Only FERPA compliant if just directory information required

  • Internet research, information retrieval that requires login information
  • Voluntary surveys, tests, quizzes, problem sets that require login information
  • Publisher websites that do not store grades but require login information

Most likely not FERPA compliant*

  • Social media sites
  • Blog or wiki creation outside of Canvas
  • Mandatory surveys, tests, quizzes, problem sets that require login information
    Publisher websites that store grades

*Third-party websites that require or store any information that may compromise student privacy (grades, student ID numbers, etc.) are not FERPA compliant. To conceal student identities, aliases may be used. Before entering into an agreement with a third-party vendor (such as a publisher), contact the Distance Education Department to ensure the site complies with FERPA guidelines.

 

FERPA and Canvas

Only instructors of record and enrolled students should have access to individual courses in CANVAS. Because CANVAS is offered through SMCCCD, activities conducted within the LMS will be FERPA compliant. Even so, it is necessary to consider the following:

  • For students who opt to keep their settings private, accommodations should be made so that those students can either post to discussion boards anonymously or send private emails to the instructors.
  • Guest access should never be allowed to individuals outside the course.
  • Rosters and grade information should be accessible only to the instructor.

 

Tips to Maintain Student Privacy

Consider doing the following:

  • Do put papers, projects, exams, or reports on a secure SMCCCD server, such as OneDrive.
  • Keep any personal notes relating to individual students separate from Education Records and stored on a secure SMCCCD server, such as OneDrive.
  • Keep only those individual student records necessary for the fulfillment of your responsibilities.
  • Ensure that student information, work, or grades are shredded or deleted when no longer needed.
  • Turn off or log off of your computer if you are going to step away from your device.

Do not do the following:

  • Display student scores, grades, or G numbers on Canvas or other websites, even if it is partially masked.
  • Post a class list with the student name linked to their G number.
  • Download, view, or print papers, projects, exams, or reports on publicly accessible devices without deleting the files and emptying the trash before logging off.
  • Share student information, including grades or GPA’s, with other faculty or staff unless their responsibilities warrant a “need-to-know.”
  • Discuss a student’s progress with anyone (including parents) without the written consent of the student.
  • Discuss confidential student information in a manner in which others who do not have a legitimate interest in knowing such information can hear.
  • Provide anyone with lists of students enrolled in your classes for any commercial purpose.

Adapted from Pasadena City College Distance Education Handbook Links to an external site..

 

Back to Table of Contents