ÀÏ°ÄÃÅ×ÊÁÏ

Skip to Main Content
Office of Records and Registration
oneColumn

FERPA Information for Faculty

Many of the commonly asked questions concerning FERPA (Family Educational Rights and Privacy Act) are listed below. Visit the FERPA glossary for definitions of italicized terms. For additional questions, contact One-Stop Student Services.

 

  • What are my responsibilities regarding student records?

    All University faculty are considered school officials and are required by law to maintain the confidentiality of student records. Any school official who maintains specific records is considered a record custodian. At the ÀÏ°ÄÃÅ×ÊÁÏ, the University Registrar is the official custodian for academic records. 

    The release of any non-directory information about a student to any person outside the University community or to any University personnel without a legitimate educational interest violates federal and state law, as well as University regulations.

  • What are the consequences for violating FERPA?
    Under federal law, FERPA violations may result in the loss of federal funding for ÀÏ°ÄÃÅ×ÊÁÏ. Under state law, both ÀÏ°ÄÃÅ×ÊÁÏ and you personally may be sued. Any breach of confidentiality could lead to disciplinary action, including the possibility of termination of employment.
  • Must I formally acknowledge that I understand FERPA?

    All Enrollment Services employees who work with student records must sign the FERPA Agreement. This document explains that academic records may only be disclosed to or discussed with individuals with legitimate educational interest. Other staff and faculty on campus may be asked to complete the FERPA agreement prior to obtaining authorization to access student information. To complete the agreement, log on to and click on the Employee Resources box, then Employee Self-Service. Select the Personal Information tab at the top and click on "FERPA Agreement" in the menu. Carefully review the document and acknowledge your agreement at the bottom.

    All ÀÏ°ÄÃÅ×ÊÁÏ offices should consider developing a procedure for handling confidential academic records and ensuring that all staff are educated in these procedures. In addition, we strongly encourage you to require staff to acknowledge their understanding of such protocol in writing.

  • Can I access student academic records?
    Faculty must have a legitimate educational interest in order to access a student's academic record.
  • What are appropriate ways to notify students of their grades?
    • Please assign or allow students to choose a unique and confidential identifier (e.g., a 4-digit number). This unique identifier cannot be part of the student's name, ÀÏ°ÄÃÅ×ÊÁÏ ID (N-number), or Social Security Number.
    • Grade lists must be posted in random, not alphabetical, order.
    • Web-based course management systems such as Canvas can be used to post grades if the system is secured by username and password. For assistance with Canvas grade posting, please contact CIRT.
    • The Registrar's Office does not recommend sending grades by email because there is no guarantee of confidentiality with electronic transmission.
    • You can send grades via fax or by telephone only if you are certain the student is the one receiving the information. To verify the student's identity, you should confirm personally identifiable information with the student.
    • You may also mail students their final grades. Have students provide self-addressed, stamped envelopes. You may not send grade notification using a postcard.
  • What standard security practices must I follow?

    All faculty must utilize reasonable measures to preserve the confidentiality, security, and integrity of ÀÏ°ÄÃÅ×ÊÁÏ information systems and the information contained therein. All teaching staff should practice appropriate security measures:

    • Never disclose, share, or loan your username(s) and password(s) to anyone (e.g., another employee, faculty member, supervisor, student assistant, etc.). Department staff or supervising faculty should obtain individual log-on information for graduate/teaching assistants. Security access for the student records system is available from Enrollment Services.
    • Never use generic/group IDs when accessing confidential academic record information.

    In addition, faculty should take reasonable measures to restrict unauthorized persons from viewing confidential academic record information. For example, you should:

    • Never leave your computer workstation unattended while signed on without appropriate screen locking (e.g., a password-protected screen saver)
    • Never leave personal login information (e.g., username, password, network mapping, etc.) in view of unauthorized persons
    • Never program (or ‘hot-key’) automatic access to confidential academic record systems
  • What are acceptable methods for returning papers or exams?

    You may share graded papers and exams only with the student, with others upon receiving the student's consent, or with University officials in performance of official duties. Student papers or exams should not be left outside an office door where students must look through all the papers to find their own; students should not have access to other students' grades. While you may return papers and/or examinations by mail, the safest practice is to return papers personally to the student.

  • Can I circulate a class attendance roster?

    You can circulate an attendance roster, but it should not contain confidential information such as a Social Security Number, ÀÏ°ÄÃÅ×ÊÁÏ ID number, and/or grades.

  • Can I discuss my students with other faculty?
    Faculty should discuss a student’s academic record only with that student or with University employees in the performance of official duties.
  • Can I post my students’ email addresses?
    Faculty who utilize electronic teaching tools such as Canvas may wish to share students' email addresses or other personally identifiable information with others in the same class. This is permissible as long as students have an opportunity to decline. No information should be posted or disclosed for students with non-disclosure.
  • Am I required to obtain a release prior to writing a letter of recommendation for a student?

    It depends. In general, a written release is recommended, not required, for letters sent to other educational institutions to which the student is applying and to professional school admission services. The release is required, however, when the recommendation is sent to an employer or to an individual for another purpose.  

    Faculty may include information from personal observation or knowledge without the student's consent, but it is not acceptable for faculty to access a student's record to view grades/information from other classes and terms. If the recommendation will include non-directory/personally identifiable information (grades, GPA, class rank, etc.) obtained from the student’s academic record, you should obtain a signed release from the student. Releases should specify the information that may be disclosed, the identity of the party(ies) to whom the disclosure can be made, the student's signature, and the date.

  • How can I work at home while adhering to FERPA?
    Documents containing non-directory information should be returned to the office as soon as possible for proper storage or destruction. Electronic files containing non-directory information stored on a flash drive should be password-protected, in case the drive is lost or stolen.
  • Are comments stored on Canvas protected under FERPA?
    Instructor comments stored on Canvas are considered sole possession records. However, if a teaching assistant is assigned to the course and is able to view the comments, they become education records and are protected under FERPA.
  • Should I add anything to my email signature about student confidentiality?

    It is recommended for faculty and staff to add this confidentiality statement to their email signature:

    CONFIDENTIALITY NOTICE: This electronic mail transmission and any documents accompanying it may contain confidential information, protected by the Family Educational Rights and Privacy Act. Please protect the privacy of this information and do not forward this email. If you have received this transmission in error, please immediately notify the sender to arrange for the return of the message and any attached documents.

  • What are the guidelines regarding communicating with faculty, staff, and students via their personal email addresses rather than ÀÏ°ÄÃÅ×ÊÁÏ email addresses?

    Communicating with faculty, staff, and students via personal email addresses is discouraged although not prohibited. For security and accountability purposes, it is recommended that someone communicate via email with others using ÀÏ°ÄÃÅ×ÊÁÏ email addresses only.