230 likes | 249 Views
FERPA. Family Educational R ights a nd P rivacy A ct 2012. Revised May 2013.
E N D
FERPA Family Educational Rights and Privacy Act 2012 Revised May 2013
FERPA is the Family Educational Rights and Privacy Act, also known as the “Buckley Amendment.” This federal law provides several important rights for students with respect to their education records. With limited exceptions, FERPA applies to all records maintained about a students and is not limited to academic records. The law gives college and university students the right to inspect and review their education records and to request an amendment to the records under certain circumstances. It limits the rights of colleges and universities to disclose records or information from records about a student without the student’s consent. Family Educational Rights and Privacy Act
All college students have rights under FERPA, even those who are younger than 18 years of age. FERPA protects the education records of students who are attending or who have attended the institution. Upon admission to the College the education records of each student, including the student’s application for admission and related materials, are automatically protected. FERPA does not extend rights to applicants who apply for admission, but who never actually attend the institution. Which students have rights?
…any record, with certain exceptions, maintained by an institution, that is directly related to a student or students. Records may include files, documents, and materials in whatever medium. A record is “directly related” to a student if it is personally identifiable. Personally identifiable means information which include: the name of the student, the student’s parents, or other family members; the student’s campus or home address; a personal identifier (such as a social security number or student number); information that alone or in combination is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty;” information requested by a person who the institution reasonably believes knows the identity of the student to whom the education record relates; biometric records of the student (i.e., biological or behavioral characteristics that can be used for automated recognition of an individual, including fingerprints, retina and iris patterns, voiceprints, DNA sequence, facial characteristics, and handwriting). Educational Records
FERPA provides several limited exceptions to the definition of education records. However, if any of these records are shared with another school official or placed in an area where they can be viewed by others, they become “education records” and are subject to FERPA. Exceptions include: records created and maintained by the institution's law enforcement unit; records of information about the student only after the student has left the institution. The new ruling clarifies that exclusion applies to records created or received by an institution after an individual is no longer a student in attendance and are not directly related to the individual’s attendance as a student; doctor-patient privilege records; employment records; certain records kept in the sole possession of the maker and not shared with anyone. Peer to Peer Grading (Owasso v. Falvo) Peer-graded papers that have not been collected and recorded by a teacher are not considered “maintained by an educational agency or institution” and, therefore, are not education records under FERPA. Educational Records
Current regulations prohibit recipients of education records, without prior written consent, from redisclosing personally identifiable information from the records unless the agency or institution disclosed the information with the understanding that the recipient may make further disclosures on its behalf and the agency or institution records the redisclosure. Educational Records
FERPA allows institutions to designate some information that may be released without a student’s written consent. This information is commonly referred to as “directory information.” Students must 1) be notified annually of the items listed as directory information and 2) be given the opportunity to request that his/her directory information not be released without their consent (Opt-out request). Social Security Number can never be designated directory information. FERPA prohibits the use of the SSN as an identification element when disclosing or confirming directory information unless the student has provided written consent for the disclosure. Other student ID numbers may be designated as directory information but only if access to education records requires student ID plus other authenticating information known only to the student (e.g., another separate password or PIN). Directory Information
Tri-County Technical College has designated directory information to be the student’s: name address telephone number email address birth date major participation in recognized activities attendance dates enrollment status degrees/awards received most recent previous school attended photographs Directory Information
If a student submits a Directory Restriction form, “Confidential” will appear on all Banner screens and ISIS reports.
FERPA requires the College to use reasonable methods to identify and authenticate the identity of parents, students, school officials, and any other parties to whom they disclose education records. To confirm identity, the College may use PINS, passwords, personal security questions or other factors known or possessed only by the user. FERPA prohibits the use of the SSN as an identification element when disclosing or confirming directory information unless the student has provided written consent for the disclosure, regardless of whether SSN is used alone or in combination with other data elements. Student ID numbers (T#) may be used only if it is not used by itself to authenticate identity and cannot be used by itself to gain access to education records. Authentication of Identity
Disclosure is defined to mean permitting access to or the release, transfer, or other communication of personally identifiable information from education records to any party by any means. Current regulations prohibit College officials from releasing non-directory information without prior written consent. FERPA regulations excludes from “disclosure” returning an education record, or information from an education record, to the party identified as the provider or creator of the record. Disclosures
Under FERPA, ether parent or “eligible student” possesses FERPA rights (never both at the same time). Students at least 18 years of age, or in attendance at postsecondary institutions, are “eligible students.” Final Rule clarifies that institutions may still disclose information about a student to his/her parents: For health or safety emergencies For alcohol/controlled substance use and student is under age 21 Other exceptions, such as court orders and subpoenas Students who are dependents for tax purposes If desired, students may complete the Consent to Release Educational Records form (available only in Student Records) giving the College permission to release specific information to an identified recipient. If the form is completed in Student Records, it does not have to be notarized. The form is valid for one year and/or until revoked in writing by the student. Disclosures to Parents/Others
To determine if a consent form has been completed, click on the “Consent to Release Educational Records” link on the Faculty Tab in eTC. If consent has been given, the following information will display: If consent has not been given, the following information will display:
Access to Education Records by School Officials Requires the College to use “reasonable methods” to ensure that school officials obtain access to only those education records in which they have legitimate education interest. Institutions may chose not to use physical or technological controls to restrict access must ensure that their administrative policy is effective and that they remain in compliance with the legitimate education interest requirement for accessing records. Disclosure to a Transfer Institution Allows the College to disclose education records to another institution even after a student has already enrolled or transferred if it is for purposes related to the student’s enrollment or transfer. School Officials – Outsourcing Expands school officials to include contractors, consultants, volunteers, and other outside parties to whom the College has outsourced services or functions. Must have control over outside parties regarding education records, including data security (GLBA). Disclosures Without Consent
Organizations Conducting Studies for or on behalf of an the College Allows the College to disclose education records to third parties doing research for the College. FERPA requires the College to enter into a written agreement with recipient organization that specifies the purposes of the study and that the information from the education records may only be used to meet the purposes of the study. The agreement must also contain restrictions on redisclosure and destruction of the information. Ex parte court orders under the USA Patriot Act The College is permitted to disclose without consent or notice to the parent or student that would otherwise be required under FERPA and without recording the disclosure. Registered Sex Offenders The College is allowed to disclose information without consent information it has received from a State under the Wetterling Act (42 U.S.C 14071) about a student who is required to register as a sex offender in the State. Disclosures Without Consent
Health and Safety Emergencies If the College determines that there is an articulable and significant threat to the health or safety of a student or other individuals, it may disclose information from education records to appropriate parties who knowledge of the information is necessary to protect the health and safety of the student or other individuals. The College must document the articulable and significant threat that formed the basis for the disclosure and the parties to whom the information was disclosed. De-identification of Information Education records may be released without consent under FERPA if all personally identifiable information has been removed. New regulations provide objective standards under which the College may release, without consent, education records, or information from education records that have been de-identified through the removal of all “personally identifiable information.” The new standards apply to both individual, redacted records and statistical information from education records at both the student level or microdata and aggregate form. Disclosures Without Consent
FERPA regulations prohibit recipients of education records, without prior written consent, from redisclosing personally identifiable information unless the College discloses the information with the understanding that the recipient may make further disclosures on its behalf. Allows entities, such as state and local education agencies, to redisclose information. Regulations permit the College to disclose the outcome of a disciplinary proceeding to a victim of an alleged perpetrator of a crime of violence or a non-forcible sex offense, regardless of the outcome, but only on the condition that the institution notify the recipient that he or she may not redisclose the information without the student-perpetrator’s consent. Third parties that redisclose education records on behalf of the College in compliance with a court order or subpoena to comply with the notification requirements before it responds to the order or subpoena (except as required by Ex parte court orders under the USA Patriot Act). Redisclosure of Education Records
SIS: Access to the Student Information System is not tantamount to authorization to view the data. Faculty are deemed to be "school officials" and can access data in the SIS if they have a "legitimate educational interest." A legitimate educational interest exists if the faculty member needs to view the education record in order to fulfill his or her professional responsibility. Neither curiosity nor personal interest are a legitimate educational "need to know.”Work areas/desks: Personally identifiable education records should not be kept in open view when unattended. This could allow the inappropriate disclosure of confidential student information. This information should be kept in a secure environment when unattended. Grades: Students' scores or grades should not be displayed publicly. Even with names obscured, numeric student identifiers are considered personally identifiable information and must not be used. Grades, transcripts or degree audits distributed for purposes of advisement should not be placed in plain view in open mail boxes located in public places. Implications for Faculty & Staff
Papers/Tests: Graded papers or tests should not be left unattended on a desk in plain view in a public area nor should students sort through them in order to retrieve their own work. Class rosters/Reports:These and other reports should be handled in a confidential manner and the information contained on them should not be redisclosed to third partiesnor displayed publicly. Releasing educational records: Do not share student educational record information, including grades or grade point averages, with other faculty or staff members of the College unless their official responsibilities identify their "legitimate educational interest" in that information for that student. Do not share non-directory student information, including social security number, grades or grade point averages, course schedule, balance due, etc. with parents or others outside the College, including in letters of recommendation, without written permission from the student. Implications for Faculty & Staff
Please contact Scott Harvey, Registrar 190 Miller Hall (Pendleton Campus 864-646-1556 sharvey@tctc.edu Questions?