The Family Educational Rights and Privacy Act (FERPA), a federal law, and its corresponding regulations give students certain rights to privacy of their education records and rights of access to these records. Faculty and staff should only have access to information needed to perform their job and have a legal responsibility to protect the confidentiality of student educational records in their possession.
Student educational records (other than directory information) are considered confidential and may not be released without written consent of the student. The exception is directory information which can be released without a student’s written permission unless the student asks to have this information restricted. Student information stored electronically, including educational technology that creates a record of student activity, must be secured and available only to those with a need to know.
- Follow your institution’s FERPA policy in regards to what is considered directory information and best practices for safeguarding confidential educational records such as grades, transcripts, schedules, and social security numbers/student ID numbers.
- When planning online instructional activities that will create protected educational records, use educational technology already under contract by your institution whenever possible. Services provided by your institution or contracted provider are designed to protect records using logins and passwords.
- Restrict online access to student content as much as possible given your instructional goals. Make sure content accessible online is protected by login. In most cases online work should be viewable only by members of the class.
- Inform students of any risks or conditions with educational technology you choose to use at the start of the term, ideally in the syllabus. This allows students who object to take another course or ask for alternative assignments.
- Carefully check the terms and conditions and privacy agreements of any online services you require using guidelines and best practices recommended by the US Department of Education and your institution’s FERPA policy.
- When requiring students to publicly post information caution them about posting personal information. Allow students to create accounts without using their real names or provide alternatives. Remind them while they are free to share information about themselves, they need to take care when posting information about classmates.
- Never provide lists or other information about students enrolled in your classes for a commercial purpose.
- When in doubt, ask for student consent before releasing information. Be prepared to provide alternatives for those who do not wish to do so.
- Check institution data governance policies.
- What educational technology services are provided and policies directing use of these services will vary widely.
“Family Educational Rights and Privacy Act (FERPA).” Family Educational Rights and Privacy Act (FERPA). U.S. Department of Education, 26 June 2015. Web. 10 July 2015. <http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html>.
Hlavac, George C., Esq., and Edward J. Easterly, Esq. “FERPA Primer: The Basics and Beyond.” NACE Journal (2015): n. pag. Web. 10 July 2015. <http://www.naceweb.org/public/ferpa0808.htm>.
Diaz, Veronica, Joann Golas, and Susan Gautsch. “Privacy Considerations in Cloud-Based Teaching and Learning Environments.” Educause ELI (2010): n. pag. Nov. 2010. Web. 10 July 2015. <https://library.educause.edu/resources/2011/1/privacy-considerations-in-cloudbased-teaching-and-learning-environments>.
“Protecting Student Privacy While Using Online Educational Services: Model Terms of Service.” Protecting Student Privacy While Using Online Educational Services: Model Terms of Service. Privacy Technical Assistance Center | U.S. Department of Education. Web. 10 July 2015. <https://studentprivacy.ed.gov/resources/protecting-student-privacy-while-using-online-educational-services-model-terms-service>.