The Family Educational Records Privacy Act, also known as FERPA or the Buckley Amendment, first became law in 1974 and has been amended numerous times. It specifies the rights students have to control certain of the information held as part of their educational record.
Who Is Protected by FERPA?
- All students, regardless of age, who are or have ever attended a postsecondary institution.
- If you have only applied to Samford University, but not yet enrolled, you do not have FERPA protection; you are not yet "in attendance."
Who Is Responsible for Enforcing FERPA?
Everyone on campus with access to student records shares this responsibility – faculty, staff, and students.
What Are a Student's Fundamental FERPA Rights?
- Right to inspect and review his or her own educational records
- Right to request any amendments of inaccuracies in his or her records
- Right to have some control over the release of his or her educational records
- Right to file a complaint with the U.S. Department of Education regarding any perceived failure to comply with FERPA
What is Considered Directory Information?
Under the terms of FERPA, Samford University has established the following as directory information:
- Telephone Number
- Place/Date of Birth
- Major Field of Study
- Participation in officially recognized activities and sports
- Weight and height of members of athletic teams
- Dates of Attendance
- Degrees, Certificates and Awards Received
- Most Recent Previous School Attended
- Picture or Photographic Representation
- E-mail Address
The above directory information will be available for release to the general public. However, the Act states that each student has the right to inform Samford University that any or all of the information is not to be released. In order to withhold release of directory information, a student must notify the Office of the Registrar in writing by September 1 of each year enrolled. Graduates are cautioned that they may not wish to leave before revoking their order to withhold directory information or the University will not be able to confirm graduation status to potential employers making inquiries.
Parental Access to Children's Educational Records
At the postsecondary level, parents have no inherent rights to inspect a student's education records. The right to inspect is limited solely to the student. Students may designate in writing whether they permit disclosure of their grades to their parents. Records may be released to parents only under the following circumstances: (1) through the written consent of the student, (2) in compliance with a subpoena, or (3) by producing a copy of the most recent Federal Income Tax form showing that the student was claimed as a dependent.
Posting of Grades by Faculty
The public posting of grades either by the student's name, institutional student identification number, or social security number without the student's written permission is a violation of FERPA. Even with names obscured, student identifier numbers are considered personally identifiable information. Therefore, the practice of posting grades by social security number or student identification number violates FERPA. The returning of papers via an "open" distribution system, e.g., stacking them on an open table, is a violation of a student's right to privacy, unless the student submits a signed waiver to the instructor for such purpose. The instructor must keep the waiver on file in order to avoid institutional or personal liability.
Your Responsibilities as an Employee
As an employee of Samford University, you may have access to the Student Education Records. Their confidentiality, use, and release are governed by FERPA. Your utilization of this information is governed by the regulations and the duties and responsibilities of your employment and position. Your job places you in a position of trust and you are an integral part in ensuring that student information is handled properly. Students have the right to expect that their education records are being treated with the care and respect that you would want for your own records. In general, all student information must be treated as confidential. Even public or "directory information" is subject to restriction on an individual basis. Unless your job involves release of information and you have been trained in that function, any requests for disclosure of information, especially from outside Samford, should be referred to the Office of the Registrar. Inappropriate release of information contained on a student's record without the written consent of the person identified on the document is in violation of Sec. 438 Public Law 90-247. As University employees, all of you should have your own accounts and passwords on the administrative computer system and on e-mail. You are responsible for your personal account and will be held accountable for any improper use. Protection of your sign-on password and procedure is critical for security. Your password is the only protection your account has, and the only way the computer system can verify that you are actually who you say you are.
Your Responsibilities as a Student Employee
Security and confidentiality are matters of concern to all offices and all persons who have access to office facilities. The Office of the Registrar is the official repository for student academic records, folders and other files for Samford University. Other education records are stored in both hard copy and electronic form in offices throughout the campus. Many offices are able to extend job opportunities and work experience to supplement students' finances and education. In doing so, the student employee is placed in a unique position of trust since a major responsibility of offices is the security and confidentiality of student records and files. Since conduct either on or off the job could affect or threaten security and confidentiality of this information, each student employee is expected to adhere to the following: (1) No one may make or permit unauthorized use of any information in files maintained, stored or processed by the office in which they are employed, (2) No one is permitted to seek personal benefit or to allow others to benefit personally by the knowledge of any confidential information which has come to them by virtue of their work assignments, (3) No one is to exhibit or divulge the contents of any record or report to any person except in the conduct of their work assignments and in accordance with University policies and procedures, (4) No one may knowingly include or cause to be included in any record or report a false, misleading entry. No one may knowingly expunge or cause a valid data entry to be expunged from any record or report, (5) No official record or report, or copy thereof, from the office where it is maintained, may be removed except in the performance of a person's duties, (6) No one is to aid, abet, or act in conspiracy with another to violate any part of this code, and (7) Any knowledge of a violation must be immediately reported to the person's supervisor.
Your Responsibilities as a Student on a Committee
Students serving in an official capacity on University committees have been designated as school officials and must adhere to the same policies of confidentiality and security as all school officials and employees.
Other Important Things to Remember
- Checking a person's picture identification when releasing education records is required.
- Always check to see if the student permitted disclosure of information before you release any information on the student.
- Discussing a student's record with any person who does not have legitimate education interest is a violation of FERPA. This pertains to conversations on and off the job.
- Removing any document from the office for non-business purposes is a violation of FERPA.
- Releasing confidential student information (non-directory) to another student, University organization, or any person who does not have legitimate educational interest, or to the parents of a dependent student without the student's written authorization is in violation of FERPA.
- Leaving reports or computer screens containing confidential information in view of others who do not have a legitimate educational interest in the data or leaving your computer unattended while connected to BANNER is in violation of FERPA.
- Making personal use of student information is in violation of FERPA.
- Allowing another person to use your computer access code is in violation of FERPA.
- Putting paperwork in the trash with a student's information (i.e., social security number or grades) is also in violation of FERPA.
- In addition to the possibility of personal litigation, proven FERPA violations may result in loss of federal funds to Samford University.
- Violation of confidentiality and security may lead to appropriate personnel action.
If you have any questions concerning FERPA or what you can or cannot release, please contact the Office of the Registrar after taking the tutorial.