The Family Educational Rights and Privacy Act (FERPA)

The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a federal law that protects the privacy of student education records. FERPA, signed into law in 1974, applies to all schools that receive funds under an applicable program of the U.S. Department of Education, including institutions of higher education (IHEs).

FERPA Overview

FERPA grants three primary rights to parents and eligible students:

I. Right to Inspect and Review/Right to Access Education Records
II. Right to Challenge the Content of Education Records
III. Right to Consent to the Disclosure of Education Records

In the kindergarten through high school setting, rights under FERPA rest with parents until the student reaches age 18. Once a student (of any age) enrolls at an IHE, these rights transfer to the student (§ 99.3 and 99.5). Students who hold these rights are called “eligible students.”

According to the U.S. Department of Education’s FERPA Web page, “Generally, schools must have written permission from the parent or eligible student in order to release any information from a student's education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR § 99.31):

• School officials with legitimate educational interest;
• Other schools to which a student is transferring;
• Specified officials for audit or evaluation purposes;
• Appropriate parties in connection with financial aid to a student;
• Organizations conducting certain studies for or on behalf of the school;
• Accrediting organizations;
• To comply with a judicial order or lawfully issued subpoena;
• Appropriate officials in cases of health and safety emergencies; and
• State and local authorities, within a juvenile justice system, pursuant to specific State law.

"Schools may disclose, without consent, ‘directory’ information such as a student's name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. However, schools must tell parents and eligible students about directory information and allow parents and eligible students a reasonable amount of time to request that the school not disclose directory information about them. Schools must notify parents and eligible students annually of their rights under FERPA. The actual means of notification (special letter, inclusion in a PTA bulletin, student handbook, or newspaper article) is left to the discretion of each school.”

FERPA and IHEs: AODV Disclosure

It is imperative for judicial affairs professionals on campus to understand FERPA and its implications for IHEs. One of the most significant ways in which FERPA affects how IHEs work with students concerns AODV disclosure issues.

For instance, in 1998, FERPA was revised to allow, but not require, IHEs to notify parents when students who are under the age of 21 violate campus AOD policies. This revision gives each individual campus the authority to determine its own parental notification policies.

Another FERPA amendment allows the release of the final results of disciplinary proceedings against a student who is an alleged perpetrator of a “crime of violence or non-forcible sex offense” and who was found responsible for violating campus policies in perpetrating the crime.

The Association for Student Conduct Administration’s (ASCA) report on FERPA, annotated history of FERPA details the most noteworthy FERPA amendments pertaining to IHEs. In addition to an annotated FERPA history, the report includes a FERPA quiz for use as a staff training exercise.

April 2011 Updates

In April 2011, U.S. Secretary of Education Arne Duncan announced a series of initiatives to continue safeguarding student privacy while clarifying what and how to share information that is necessary. The U.S. Department of Education’s Institute for Education Sciences has developed the Privacy Technical Assistance Center (PTAC) within the National Center for Education Statistics (NCES). PTAC provides a privacy toolkit, including resources such as frequently asked questions, a library of resources, and checklists for data governance plans.

NCES has launched a new series of technical briefs regarding best practices in data security and privacy protections. The U.S. Department of Education has also hired its first chief privacy officer, who serves as a senior adviser to the secretary on all policies and programs related to privacy, confidentiality, and data security. The chief privacy officer also heads a new division dedicated to advancing the responsible stewardship, collection, use, maintenance, and disclosure of information at the national level and coordinates the provision of technical assistance to states, districts, and other education stakeholders.

Visit the U.S. Department of Education’s Web site to view the complete press release regarding these initiatives to safeguard student privacy.

New FERPA and HEA Emergency Guidance

The Department’s new guidance, Addressing Emergencies on Campus (June 2011), is intended to assist campus officials who may be reassessing their campus safety policies by offering a summary of the Family Educational Rights and Privacy Act (FERPA), as well as pertinent provisions of the Higher Education Act of 1965 (HEA) that apply to postsecondary institutions.

To read the complete guidance, visit Addressing Emergencies on Campus.

Questions about this guidance or other requirements of FERPA may be e-mailed to FERPA@ED.Gov.

Questions about the HEA requirements can be directed to campussecurityhelp@westat.com.

For More Information

Please read the Final FERPA Regulations, a Dear Colleague letter about 12/9/08 Final Regulations, the Legislative History of Major FERPA Revisions, and a Section by Section Analysis of the Regulations on the U.S Department of Education’s Web site for detailed FERPA information.