FERPA Basics for Faculty

The Family Educational Rights and Privacy Act (FERPA) of 1974, as amended, governs the disclosure of student data by institutions to external parties and governs the use of those data by university officials.

A student is an individual who is enrolled or was enrolled by an institution. Being offered admission to an institution does not invoke FERPA rights. Registering for classes creates the educational record that initiates FERPA rights and responsibilities. FERPA applies to all students at any institution receiving federal funds from the Department of Education.

Under FERPA, students have the right

  • To review their own record;
  • To request an amendment to their own record;
  • To request their directory information be protected;
  • To consent to the disclosure of personally identifiable information;
  • To file a complaint with the Family Policy Compliance Office within the Department of Education.

Students have the right to suppress their directory information. Students can do so by submitting the “Student’s Request to Prevent Disclosure” form, available on the Office of the Registrar's list of forms.

At AU, the definition of directory information encompasses:

  • Student’s name
  • Telephone numbers, addresses, and email addresses
  • Month and day of birth
  • Dates of attendance at the university
  • Major field of study and class
  • Date of graduation
  • Degrees and honors received at the university
  • Participation in officially recognized university activities
  • Height and weight of members of athletic teams
  • Photographs
  • Other similar information

Directory information CANNOT include any of the following:

  • Student identification numbers, 
  • Social Security numbers, 
  • Country of citizenship, 
  • Gender, 
  • Race, 
  • Religious preference, 
  • Grades, or
  • GPA.

What Not to Do

Do not discuss a record in public

Avoid talking about private information in the presence of others who may be able to hear you. This includes speaking on the phone as well.

Do not leave records in places that are not secure

Files containing confidential or sensitive information should not be left in places such as meeting rooms, break rooms, or even on your desk. Lock your screen (Windows + L) every time you step away.

Do not place records in the garbage or recycling bins

Paper containing confidential or sensitive information must be shredded. You can usually find shredders located in the administrative office of your department. If your office doesn't have a shredder available to you, send documents to be destroyed to the Office of the University Registrar with a request for shredding.

You may not review student records out of curiosity

You may only view records that you need to do your job. Remember, the fact that you have access to certain information does not mean you should look at the record.

Do not leave graded assignments out

Hand back graded assignments privately. Do not leave them out for students to "find their own and pick up."

Do not post grades in a public place for students to review

Instead, use secure tools provided by the university to post grades. These include the myAU PortalEagle Service, and Blackboard.

Additional Resources

Web resource: Confidentiality of Student Records (American University)

Document: [login to Blackboard first] FERPA One Page Overview (Office of the Registrar, American University)

Web resource: FERPA Primer: The Basics & Beyond (National Association of Colleges & Employers)

Website: Protecting Student Privacy (U.S. Department of Education)

Video: The A-B-C's of Student Directory Information (U.S. Department of Education, 03:25)