FERPA Compliance | Origin: CM141
This is a general discussion forum for the following learning topic:
FERPA and Privacy: A Practical Approach --> FERPA Compliance
Post what you've learned about this topic and how you intend to apply it. Feel free to post questions and comments too.
FERPA compliance means protecting student records and only sharing them when allowed.
What I learned: Student information is private and usually can’t be shared freely.
Only people with a “need to know” for their job can access records.
Students can view and correct their own records.
How I’ll apply it:
Keep student info private.
Only access or share it when necessary.
Check rules before using or sharing records.
I was not aware of the option to disclose information on any student under age 21 regarding a violation of an institutional rule or federal, state, or local law regarding the use of alcohol or a controlled substance, as long as state law permits such release.
Releasing student information should be handled in a case by case scenario. Best to error on the side of caution.
I learned that directory information can be requested to be kept private by the student.
You need a full time employee that has mastered all of the regulatory rules on call at all times to answer each specific instance depending on the situation. In most cases you better not release any information without permission.
Throughout this module I learned Institution may only disclose information if the students gave authorization to their parents.
I have learnt general rules of student information sharing
To provide a students information to a third party, Permission is required from student, and documentation of the information released to, as well as how it was released, email, mail etc.
Information may be released only with the student’s permission and when it is necessary for an appropriate, authorized purpose.
If multiple records were shared/viewed during an audit the school must document each shared record that it was selected during the audit.
As with other important information, it is best to err on the side of caution.
Throughout this module, I learned about recordkeeping requirements, the general rules for releasing student records, and how FERPA applies to third parties. I will use this knowledge to ensure I follow FERPA guidelines and protect students’ private information.
AACRAO has sample forms for various types of Release Authorizations - good to know.
The importance of FERPA release and tracking the releases.
Throughout this module, I have learned about recordkeeping, general rules to follow when releasing student records, how FERPA applies to third parties, and more. I intend to use this knowledge to make sure I am following FERPA's guidelines to ensure I am protecting students' private information.
Comment on Blake Cronin's post: I was also surprised to see information like date-of-birth was considered Directory Information as it is something I consider as a personal identifier.
Directory information can contain some things that I consider to be personally identifiable, but is okay to share as long as that is disclosed in advance and students are given the opportunity to opt out.
I’ve learned that institutions must carefully balance student privacy with the operational needs of school officials.
Comment on Kaytlynne Kuhler's post: I too learned about this aspect. It is interesting to me to note that if a password is used alongside the student number for student access this is allowable.
