The Family Educational Rights and Privacy Act protects student data at schools that receive funding from the U.S. Department of Education (DoE). That funding covers about 8 percent of the budget for U.S. elementary, middle, and high schools, and contributes heavily to college and university operations through student aid programs like the Federal Pell Grant. Because unaddressed FERPA violations can result in the DoE withholding funds, school administrators at every level work hard to comply with this privacy law.
So what does FERPA require? Generally speaking, it requires just two things, says LeRoy Rooker, senior fellow at the American Association of Collegiate Registrars and Admissions Officers (AACRAO) and director of the Family Policy Compliance Office at the U.S. Department of Education from 1988 to 2009.
“The first is that institutions have to protect the privacy of their students’ education records,” Rooker says. “The second piece is that institutions have to give students access to those records upon request.”
Many school employees run the risk of violating FERPA’s privacy protections. Protected student information can slip out in all sorts of seemingly innocent ways. Taking a closer look at specific scenarios can help administrators avoid similar mistakes. Here are a few FERPA violation examples, culled from Rooker’s 21 years of administering the law. (Note: This article is not intended as legal advice.)
Just so you know
Need a secure way to collect student information online? Explore Jotform’s free education forms! Visit our blog to learn more about how to keep your forms FERPA compliant.
FERPA violation example no. 1: The letter of recommendation from a professor to a student’s potential employer
Letters of recommendation typically qualify as student records. In order to send a letter from a teacher at one school to the registrar at another, you might expect that schools would need signed consent from parents (if students are under 18) or students themselves (if 18 or older) to comply with FERPA.
But under section 34 CFR § 99.31 of the Act, there’s an exception for this sort of record sharing. During potential transfers, educational institutions don’t need consent to send letters of recommendation to the destination school.
This exception, however, doesn’t apply to sharing letters of recommendation outside of the educational system. “If [a school official] were sending a letter of recommendation to a potential employer, that official would need consent,” Rooker says. “There’s not an exception that lets [school staff] provide information from the student’s record to a potential employer.”
Violation no. 2: The group email from a teacher to multiple students
The blind carbon copy (BCC) feature sends a single email to a group without the recipient email addresses being visible. It’s easy to forget to use the BCC field or to misuse this technology, which can quickly lead to a teacher inadvertently sharing protected information among multiple students.
“There could be a case in which an instructor sends an email to students who are in danger of failing the class,” Rooker says. “But instead of sending an email to each individual, it’s a distribution that goes to all the names [on the list of failing students]. [If the instructor doesn’t BCC,] everyone who got that same email knows everyone else who’s failing.”
This is a clear violation of FERPA’s protections.
Violation no. 3: The coach who explains why the star quarterback won’t be returning this season
Often, school employees who violate FERPA do so through unintentional, even casual, information sharing. Imagine the case of “the coach who discloses that a star quarterback is not eligible to play because of academic failing,” Rooker says.
The student-athlete’s academic standing is protected information. By telling other students that their classmate is on probation — or suspended from extracurriculars due to a declining grade point average — this well-meaning coach violates FERPA.
How to comply with FERPA and avoid violations
According to Rooker, the best way to avoid becoming a FERPA violation example like those outlined above is to provide intensive training to all relevant school staff. That training would likely include registrars and administrators, but it should also include frontline teaching staff and IT personnel.
“Even with the folks who are the best informed and have the best understanding [of the law], there are a lot of gray areas with FERPA,” Rooker says. “So training is such a key thing.” Find AACRAO’s FERPA training programs here, or check out the DoE’s online training modules here to provide staff with the information they need to provide full FERPA compliance.
Pro Tip
For an insightful look into the future of higher education, explore “8 Top Trends in Higher Education to Watch in 2024” on Jotform’s blog.
Send Comment:
13 Comments:
105 days ago
Is accidentally leaving a document on the printer face down (white side facing up with no visible information) a FERPA violation?
299 days ago
Is it a FERPA violation if a nondistrict employee, asked my son for his transcript, twice?
More than a year ago
If the school were to post a list of student names on the inside classroom door asking the listed students to see financial aid or the school director, is that a violation of FERPA?
More than a year ago
Is it a violation to withhold witness statements against a student when requested in disciplinary suspension .
More than a year ago
Is it a violation for a behavioral specialist to complain to her grown son about a student's conduct in school?
So much so that the son threatened the family of harm.
More than a year ago
Is it a violation of FERPA to have a student serve on the NHS faculty council on election of chapter officers?
More than a year ago
Is it a FERPA violation for a University to outsource it's Admissions Department (so making Admission Decisions with all the student info) overseas to India?
More than a year ago
Is it a violation of FERPA if the superintendent sends a students cheer scores certified mail to another parent during a grievance process?
More than a year ago
Good afternoon,
Is it a violation of FERPA to list a CVID diagnosis in attendance records for JK-8 students?
Thank you.
More than a year ago
recently a teacher pulled each student one by one out of the classroom to ask the student if they had noticed 2 students cheating on a test. She listed both of the students names to each of the students she questioned. Is this a violation of FERPA. She did not talk to the 2 students accused of cheating before talking about them to the other students.
More than a year ago
@Mark Weber I believe so, yes. Especially if the administrator shared information about your academic standing in public. If the student who overheard the coaches got information about your academic standing or other protected information, then yes. I'd recommend asking for legal assistance from a specialized professional first before making any decisions.
More than a year ago
Recently I was written up by my administrator. Today a student reported to me that the coaches who are friends of my principal were discussing my reprimand. Can I file a violation of my rights (ferpa)
More than a year ago
I’m looking for information about whether or not the Clip Classroom Management System violates FERPA. I believe it does because student conduct is posted in the classroom for everyone to see. Students have to physically move their clips in front of the class. The daily chart information is recorded and then used to determine conduct grades which become part of the report card and then eventually get recorded in the permanent records just like a test score and class average. To me this seems like it should be considered confidential student information which is protected by FERPA.
Can anyone help me with information to support my idea?
Thanks