FERPA 2008 New regulations enact updates from over a decade of interpretations.
Published byModified over 5 years ago
Presentation on theme: "FERPA 2008 New regulations enact updates from over a decade of interpretations."— Presentation transcript:
FERPA 2008 New regulations enact updates from over a decade of interpretations
Intro to FERPA Main purposes –College students must be allowed to inspect and have access to their own “education records” –School officials may not disclose “personally identifiable information” about students nor permit inspection of their records without 1) written permission from the students, or 2) under an exception covered by the act.
FERPA as KSU University policy 5-08 Operational policy 5-08.101 –Defines “school officials” and “legitimate educational interest” and more –Describes record request process –Outlines procedure for challenging the content of an educational record –Process for review and destruction of records Also, the Registrar has several reference materials available on its website and at: http://www.registrars.kent.edu/KSUCatalog/ferpa /ferpa.html http://www.registrars.kent.edu/KSUCatalog/ferpa /ferpa.html
Key Terms “Education records” – information and documents directly related to the student and maintained by the university “Personally identifiable information” – SSN or student number, financial information (continually being interpreted) “School official” – University employee (including students in certain situations), third-party vendor performing work of the University “Legitimate Educational Interest” – requires that a “school official” is performing a duty in the course and scope of their University employment.
Directory Opt-Out According to FERPA, students have the right to protect their directory information from disclosure by notifying the university. 1.At Kent State, the student notifies the Office of the Registrar. 2.The Registrar “marks” the student’s record to prevent disclosure of the information. 3.In Banner, if a student’s directory information is prohibited from disclosure, a “pop up” indicating such will be displayed on the first INB form that a person accesses of the student’s information. (It can also be viewed in the INB form SPAIDEN.) 4. Opt out lasts for the life of the student.
Revised Key Terms “Attendance” – includes videoconference, satellite, Internet, or ‘other technologies.’ Personally identifiable information can also include: –“Information that, alone or in combination, is linked or linkable to a specific student and their educational record or records.” –Student ID numbers (Applies to Banner, See Federal Regulations, FPCO decisions) –Genetic information –One-time testing numbers acceptable
Disclosure of PII In response to “targeted requests,” if the University reasonably believes that a public records request is targeted toward a specific student and the release of that information will lead to the identity of that student and the discovery of educational records, the University may refuse to release the information.
Disclosure New Regs clarify when educational records can be released without consent to parents: –The student is a dependent for Federal income tax purposes (Must verify with tax records); –In connection with a health or safety emergency; –If the student is under the age of 21 and has violated an institutional rule or policy governing the use or possession of alcohol or a controlled substance; –If the disclosure falls within any other exception to the consent requirement (such as in compliance with a court order or lawfully issued subpoena). Unsure about how to respond to a parent request? Call the Registrar.
Parental Disclosure Registrar’s Office provides an official “release form” for students to fill out, allowing their parents to view their educational records. The form is available on the Registrar’s site at (or search for it at kent.edu): http://www.registrars.kent.edu/home/forms /FERPA%20Parent%20Rights.pdf http://www.registrars.kent.edu/home/forms /FERPA%20Parent%20Rights.pdf
Disclosure Clarifies disclosure to “school officials” –The University must use “reasonable methods” to ensure that faculty and other officials obtain access to only those educational records in which they have a legitimate educational interest. –The controls should consist of a combination of physical, technical, administrative measures to limit access - i.e. the University’s use of the role-based security feature in Banner. –No right to “re-disclosure”. –Definition expanded to include contractors, consultants, volunteers, and third-parties to whom the university has outsourced “institutional services”
Outside contractors As specifically stated in the proposed language, the University is responsible for their outside service providers’ failures to comply with applicable FERPA requirements. The outside contractor who obtains access to educational records without consent must be under the direct control of the University and subject to the same conditions governing the use and redisclosure of records that apply to other school officials under the regulations.
Disclosure Allows for disclosure to other educational institutions; –Was strictly prohibited without consent; –Must be for purposes related to the student’s enrollment or transfer; –University may also provide updates, correct, or explain information it has disclosed; –Includes all records – education, health, discipline.
Disclosure More flexibility to “Health and Safety Emergencies” –Uses “totality of circumstances” perspective –If the University determines that there is an “articulable and significant threat to the health or safety of a student or to individuals”, it may disclose information from educational records to any person whose knowledge of the information is necessary to protect the health and safety of the student or other individual.
Other changes Alumni records vs. Student records Peer grading: not collected, not protected Third-party subpoena: If the University contracts with a firm to perform a service normally performed by the University, and that firm receives a subpoena, it has to comply and provide notice to any student/parent affected by the subpoena.
Other changes Identifying those accessing records: The University must use “reasonably methods” to identify and authenticate the identity of parents, students, school officials, and any other parties when requests are made. –“Reasonable” = if the measures reduce the risk of unauthorized disclosures using customary good business practices.