Family Educational Rights and Privacy Act (FERPA) The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. See: U. S. Department of Education – FERPA. Educational institutions receiving funds under programs administered by the U.S. Secretary of Education are bound by FERPA regulations. Institutions that fail to comply with FERPA may have funds administered by the Secretary of Education withheld.

  • College students must be permitted to inspect their own education records
  • Once a student begins attending a university, the rights transfer from the parents having the right to inspect and review a student’s record to the college student.
  • School officials may not disclose personally identifiable information about students, nor permit inspection of their records, without written permission from the student, unless such action is covered by exceptions permitted by the Act. A notable exception is disclosing information to school officials determined by the institution to have a legitimate educational interest.

Protecting institutional data

Every employee is responsible for protecting institutional data and understanding the laws governing the release of data.

Tips for safeguarding student data

  • Know who has access to storage locations before you save restricted or critical data. Do not store sensitive data in locations that are publicly accessible from the Internet. If you can access it without a password, so can others.
  • Mobile or portable devices even for email use should be protected by a passcode and encrypted. Laptops, smart phones, and memory sticks can be lost or stolen, and if unencrypted can result in a data breach.
  • Follow passphrase requirements and NEVER share your passphrase, use it for other services, or save it in memory!
  • If sensitive data is no longer needed, don’t retain it! Know your department’s retention and disposal policies.
  • Be on the lookout for phishing scams.
  • Run anti-virus and anti-malware tools routinely and alert IT staff if you encounter issues.
  • Do not use unencrypted wireless connections when working with or sending sensitive data. VPN is secure options.
  • Do not send confidential data in an email unless the data is encrypted.

What are the Penalties for Violating FERPA Regulations?

  • The Family Policy Compliance Office with the Department of Education in Washington, D.C. reviews and investigates complaints of alleged violations of FERPA.
  • If the Office confirms that a violation has occurred, it will establish a reasonable period of time for the College to make the mandated correction(s) in order to bring the College into compliance.
  • If the College fails to make the mandated corrections, the Secretary of Education can direct that no federal funds under his or her administrative control be made available to the College.
  • A willful or unauthorized disclosure could constitute just cause for disciplinary action according to CCC or Board of Trustees ’ Policy.