What is FERPA?
The Family Educational Rights and Privacy Act of 1974, as amended (also known as the Buckley Amendment) affords students certain rights with respect to their education records. Specifically, students have the right to:
- Inspect and review their education records
- Request to amend inaccurate education records
- Consent to the disclosure of personally identifiable information from their education record
- File a complaint with the U.S. Department of Education’s Family Policy Compliance Office
Institutions are required to notify students at least annually of their rights under FERPA.
The Education Record
Any records maintained in any form by the College or by a party acting for the institution that are directly related to a student.
Access to the Education Record
School Officials are granted access to a student’s education record only if the following conditions are met:
- Legitimate Educational Interest
The School Official must have a need to access student education records for the purpose of performing an appropriate educational, research or administrative function for the College. A School Official generally has a legitimate educational interest if the official needs to review an education record in order to fulfill his or her professional responsibility.
- Official Duties
Information may only be used within the scope of their official duties as a School Official. As a faculty or staff member with access to confidential student records, you have a legal responsibility to protect the confidentiality of student education records. Neither curiosity nor personal interest is a legitimate educational “need to know.”
How does FERPA apply to faculty, staff?
- Addresses, email addresses & phone numbers: Students’ addresses, email addresses and phone numbers may not be shared with third parties and may only be used for legitimate educational purposes within the scope of your official duties. Use listservs or blind copy (BCC) when sending an email to students who may be receiving the same email message. Do not put students’ personally identifiable information in your subject lines, email messages, or social media posts.
- Lists of students: Do not provide anyone with lists of students enrolled in your classes or programs for any purpose. Requests of this nature should be referred to the Registrar.
- Grades: Personal identifiers such as name or student ID number should not be included with grades or scores and posted publicly. Partial UH Numbers CANNOT be used unless the student has freely given his or her written permission. If scores or grades are posted, use some code known only to the faculty member and the individual student. In no case should the list be posted in alphabetical sequence by student name. Grades or other academic information distributed for purposes of advisement should not be placed in plain view such as open mailboxes in public places.
- Papers, tests, & academic work: Graded papers or tests should not be left unattended on a desk, in plain view or in a public area. Give students a way to privately submit their papers and other academic work to you directly or in a secure location (your secure departmental mailbox). Do not allow students to sort through materials that include classmates’ work in order to retrieve their own work.
- Class lists/grade worksheets: These and other reports should be handled in a confidential manner and the information contained on them should not be disclosed to third parties. Copies of class lists containing students’ UH Numbers should not be routed in the classroom for attendance taking or any other purpose.
- Students’ schedules: Do not provide anyone with a student’s schedule; do not assist anyone other than a college employee in finding a student on campus. Refer such inquiries to the Vice Chancellor of Students Affairs.
ACCESSING & RETAINING RECORDS
- Access: Access to the student information system is not tantamount to authorization to view the data. Faculty members are deemed to be “school officials” and can access data in MyUH only if they have a legitimate educational interest. UH staff members may obtain access in Banner if they have a legitimate educational need to know.
- Record Retention: Keep only the education records needed for the fulfillment of your professional responsibilities. Comply with your department’s policies and plan for record retention and disposal.
RELEASING & SHARING INFORMATION
Confidential Flag: If a student’s record is flagged confidential in the student information system or in STAR, do not release any information from the student’s record.
- Do not include information about students’ grades or grade point averages in letters of recommendation without the written permission of the student. Please note that without a signed statement from the student waiving his or her right to view the letter of recommendation, the student may have rights to view the letter you have provided.
- Parents: Parents, spouses and other relations do not have a right to information contained in a student’s education record. The rights transfer to the student upon enrolling at a post-secondary institution (i.e., Kauai Community College), regardless of the student’s age.
- Employers: Employers do not have a right to educational information pertaining to a student.
STUDENT SAFETY & EMERGENCIES
In the case of an emergency requiring contact information, inquiries may be directed to the Vice Chancellor of Students Affairs.
University Officials and data users who may have access to sensitive and/or confidential information must complete:
- UH General Confidentiality Notice
- UH Information Security Awareness Training (ISAT)
Visit the University of Hawai‘i Acknowledgements and Certifications online service for more information.
Applicable University Policies
The University of Hawai‘i strives to fully comply with FERPA by protecting the privacy of student records and judiciously evaluating requests for release of information from these records. The applicable policies related to the maintenance and acceptable use of various types of data include:
EP 2.214: Security and Protection of Sensitive Information
EP 2.215: Institutional Data Governance
EP 2.216: Institutional Records Management and Electronic Approvals/Signatures
AP 2.215: Mandatory Training and Continuing Education Requirements for Data Users
AP 7.022: Procedures Relating to Protection of the Educational Rights and Privacy of Students