FERPAFamily Education Rights and Privacy Act
Get strategic advice on regulatory applicability, security documentation, and validation of implemented controls
Protecting Student Information Starts Here
The objective of a CampusGuard FERPA assessment is to determine the gaps in organizational policy, operational processes and procedures, and employee training, as well as a detailed review of the critical cybersecurity requirements for FERPA protected information.
Common FERPA Exceptions
Is This a Violation?
It is not uncommon for situations to arise that can cause you to question whether or not providing a student’s information would be considered a FERPA violation. The team at CampusGuard is here to answer any questions you have.
Letters of RecommendationDetermining whether or not this would require consent has to do with the letter's sender and intended receiver. One scenario that would not require consent is a letter going from one school to another during a student's transfer.
Health InformationThere are times when anonymous records are required (i.e. a student tests positive for COVID-19), but releasing personally identifiable information without the consent of the student and/or their guardian (if the student is a dependent) is determined on a case-by-case base, for example: the student who tested positive for COVID-19 is a close-contact athlete and could therefore put several others at risk.
Copied EmailsIf an instructor is sending a specific message to several students at once and is not using a Blind Carbon Copy (BCC), they could be violating FERPA by revealing recipients of that email.
Disclosing an Athlete's StatusIf an athlete cannot compete due to their academic standing and that information is shared, it is a FERPA violation.
Law EnforcementIf the authorities are seeking protected information, they must present a court order to obtain it.
FERPA Online Training Course
This course is designed to help your organization and staff safeguard sensitive personal information and prevent potential data breaches. This training course provides an overview of the laws governing the acceptable use and release of student records, discusses individual staff and faculty responsibilities, provides guidance on how to protect students’ right to privacy, and explains the potential consequences of non-compliance.
- Family Educational Rights and Privacy Act Overview
- Common Scenarios (and how to respond)
Why Choose CampusGuard?
At CampusGuard, we specialize in the complexities and diverse environments of campus-based organizations. Our dedicated team prides itself on our expert accreditation, staying updated on the latest trends, and working alongside our clients with a personal approach.
Number of student records that have been impacted by a breach since 2005
This has been over the course of 2,691 reported data breaches in education
Number of ransomware attacks impacting higher ed in 2022
This number is on the rise
$ 4.54 M
Average cost of a ransomware attack
This figure does not include the ransom itself, if it was paid
Related Products and Services
Protect Your Students and Your Organization
Not making security a priority is not only a risk for your students, but for your organization as well. A breach can cost you millions of dollars and a damage reputation, both of which can be detrimental.
Top FERPA Frequently Asked Questions
FERPA, or the Family Educational Rights and Privacy Act, is a US federal law that protects the privacy of student education records. Under FERPA, students and their parents have the right to access and review their education records, request that any inaccurate or misleading information be corrected, and consent to the disclosure of personally identifiable information in their education records. Schools must have written permission from the student or parent before disclosing any personally identifiable information from the student's education records, except in certain limited circumstances, such as in response to a court order or subpoena. Schools must also have policies and procedures in place to protect the privacy of student education records.
FERPA protects the privacy of "education records," which are defined as any records that are directly related to a student and maintained by an educational institution or by a party acting for the institution. This includes records such as transcripts, grades, enrollment and attendance records, disciplinary records, and financial aid information.
FERPA also protects "personally identifiable information," which is any information that can be used to identify a student, including the student's name, address, Social Security number, or other personal information. This information cannot be disclosed without the written consent of the student or parent, except in limited circumstances such as when the information is needed for the health or safety of the student or others, or when required by law.
Under FERPA, an eligible student is a student who has reached the age of 18 or is attending a postsecondary institution at any age. Once a student becomes an eligible student, the rights that were previously held by the parents with respect to the student's education records transfer to the student.
This means that, with limited exceptions, the educational institution must obtain the written consent of the eligible student before disclosing any personally identifiable information from the student's education records. The eligible student also has the right to review and inspect their education records, request that any inaccurate or misleading information be corrected, and file a complaint with the U.S. Department of Education if they believe their rights under FERPA have been violated.
While FERPA grants certain rights to eligible students, it does not prevent schools from sharing information with parents or legal guardians of a student who is under the age of 18 and is considered a dependent for tax purposes. FERPA does not prevent schools from disclosing information that has been designated as "directory information," such as the student's name, address, phone number, and email address, without the student's written consent. However, schools must give eligible students the opportunity to opt out of the disclosure of directory information.
Article Higher Education
HIPAA vs. FERPA: High Level Guidance for Higher Ed
Colleges and universities maintain medical information in various ways and locations. While this personal information does indeed need to be protected, not all of those guidelines fall under HIPAA.Read More about the HIPAA vs. FERPA: High Level Guidance for Higher Ed