FERPA Student Privacy Guidelines

What is FERPA?

The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of students’ education records. Educational agencies and institutions that receive funds under a program administered by the U.S. Department of Education (ED) must comply with FERPA. FERPA does apply to virtually every postsecondary institution in the United States.

At the postsecondary level, FERPA affords eligible students these rights with respect to their education records:

• To inspect and review the student’s education records maintained by the school;
• To request amendment of any education records that they believe to be inaccurate or misleading; and
• To consent to the disclosure of personally identifiable information (PII) from the student’s education record to third parties, subject to certain exceptions.

An “eligible student” includes students attending postsecondary institutions at any age.

For more information, please peruse the following resource:
FERPA 101: For Colleges and Universities

What cannot be shared under FERPA?

Education records:
• FERPA defines this term broadly to mean records containing information directly related to a student that are maintained by an educational agency or institution (or by a party acting for the agency or institution). Education records may be in any form — handwritten, printed or saved on computer media, video or audio tape or film, microfilm or microfiche.
• Education records include student work, recorded audio or video lectures with student picture and/or student voice.

Personally Identifiable Information (PII) and Directory Information:
• Information that can be used to identify a student.
• Includes student name and address, family members, personal identifier like a student ID number, date of birth, phots, etc.
• Other information that would allow re-identification of a student with reasonable certainty.

Suggested Dos and Don’ts to maintain FERPA Privacy Guidelines

 Do: keep the “People” tab hidden in Canvas to protect private information. If you’re unsure how to do this, reach out to your instructional designer or email onlinelearningsupport@ciis.edu. The default for all classes is the “People” tab already hidden.
Do: collect and grade assignments via Canvas. This ensures the student’s work and information is kept securely in one location that only you, the student, and the school can access.
Do: Be mindful of what you’re screensharing, especially when it contains student names and grades. Remove any student information/ grades from any screenshots shared.
Do: Be aware of what you’re asking students to share in a shared drive or document.

Don’t: Share any student work or recorded class meetings with students in them outside of the course in which they originated. This includes posting recordings to sites such as YouTube. If you need to share a recording widely (outside of Canvas), be sure to remove any student names/likenesses.
Don’t: Email multiple students in an email with their email addresses exposed. Instead, send an email with all students BCC’d or send a message through Canvas.