The Family Education Rights and Privacy Act (FERPA)
What Is The Family Education Rights and Privacy Act (FERPA)?
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. The law affords parents the right to access their children’s education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information from the education records. When a student turns 18 years old or enters a postsecondary institution at any age the rights under FERPA transfer from the parents to the student.
Further, FERPA prohibits the disclosure of a student’s “protected information” to a third party, whether the disclosure is made verbally or by hand delivery, fax, mail, or electronic transmission. Disclosure also includes the provision of access to the educational institution’s career center database of student resumes.
According to FERPA, a “student” is an individual who is enrolled in and attends an educational institute. FERPA classifies protected information into three categories: educational records, personally identifiable information, and directory information. FERPA provides different levels of protection for each category.
How Does FERPA Define Personally Identifiable Information?
“Personally identifiable information” includes a student’s name or identification number, a student’s date of birth and other information which can be used to distinguish an individual’s identity. “Personally identifiable information” can only be disclosed if the educational institution obtains the signature of the parent or student (if over 18 years of age) on a document specifically identifying the information to be disclosed, the reason for the disclosure, and the parties to whom the disclosure will be made.
“Educational information/records” are defined as “records, files, documents, and other materials” that are “maintained by an educational agency or institution, or by a person acting for such agency or institution.” It includes a student’s transcripts, GPA, grades, social security number, academic evaluation, psychological evaluations, and attendance records. FERPA prohibits the disclosure of educational records without the signature of a parent or student (if over 18 years of age).
“Directory information” is defined as “information contained in an education record of a student that would not generally be considered harmful or an invasion of privacy if disclosed.” This includes such items as a list of students’ names, addresses, and telephone numbers, and also includes a student ID number (which includes electronic identifiers) provided it cannot be used to gain access to education records. Directory information can be disclosed provided that the educational institution has given public notice of the type of information to be disclosed, the right of every student to forbid disclosure, and the time period within which the student or parent must act to forbid the disclosure.
Whom this applies to: All educational institutions receiving federal funding in the United States need to remain FERPA compliant. Further, all third-parties that receive educational records from educational institutions must be compliant with certain aspects of FERPA, such as not improperly disclosing the information they receive.
What Does FERPA Require of Educational Institutions?
To remain in compliance with FERPA, educational institutions must do the following:
Who Enforces FERPA and What are the penalties for non-compliance?
The Department of Education is responsible for investigating all complaints regarding FERPA. An educational institution that fails to comply with FERPA may lose its federal funding. Although FERPA does not create a private right of action against educational institutions, some states allow for monetary damages for the disclosure of private information.