FERPA Certification Training

  • Yearly recertification of FERPA credentials is mandatory for access to Purdue systems.

Introduction to FERPA

  • Employees must understand:

    • Classification and handling of sensitive and restricted data at Purdue.

    • Federal regulations that govern data management.

  • Preparation for FERPA certification is required annually.

Family Educational Rights and Privacy Act (FERPA)

  • Definition: FERPA, also known as the Buckley Amendment, is a federal law established by Congress in 1974.

  • Purpose: Protects the privacy of student educational records and governs the release of records maintained by educational institutions.

Student Rights Under FERPA

  1. Right to Inspect: Students can see the information that the institution keeps on them.

  2. Right to Amend: Students can seek changes to their records and append statements in certain cases.

  3. Right to Consent: Students must consent to the disclosure of their records, with exceptions.

  4. Right to File a Complaint: Students can file a complaint with the U.S. Department of Education.

Limitations: What Students Do Not Have the Right To

  • Inspect financial records of parents.

  • Access letters of recommendation if the student has waived this right.

  • Access information about other students.

Purdue University FERPA Policy

  • Purdue’s FERPA policy requires:

    • Establishing written institutional policies that comply with FERPA regulations.

    • Informing students about their rights and the data systems in place.

    • Protecting the privacy of student information by those who access it.

Definition of a Student at Purdue

  • A student is defined as any individual who is currently enrolled or has previously attended Purdue University and for whom the University maintains records.

  • Enrollment begins upon payment of fees or on the first day of the semester.

Educational Records Defined

  • Definition: Educational records are those that:

    • Directly relate to a student and are maintained by Purdue or a party acting on behalf of Purdue.

Examples of Educational Records

  • PUID card photos

  • Student grade records, including assignments and graded materials

  • Financial aid records

  • Student account records

  • Admission application records

Non-Educational Records (Not Subject to FERPA)

  • Sole possession records (private notes by faculty not shared with others).

  • Law enforcement unit records (e.g., traffic violations).

  • Employment records (unless related to student status).

  • Medical treatment records (unless used for educational planning).

  • Alumni records created after the student has left Purdue.

  • Peer-graded tests or assignments (grades become part of educational records only after collected by the instructor).

Access to Student Records

  • University officials may access student records if they have a legitimate educational need.

  • It is illegal for any campus community member to access records for non-educational purposes, leading to FERPA violations and possible fines from the Department of Education.

Personally Identifiable Information (PII)

  • Definition: PII is information that allows a reasonable person to identify a student.

  • Protection: Released PII to unauthorized parties is a FERPA violation.

Examples of PII

  • Biometric records

  • Social Security numbers (SSN)

  • Purdue IDs (PUID)

  • Personal characteristics that make the student identifiable.

Posting Grades and Graded Materials

  • Strictly Forbidden Practices:

    • Do not use email or social media to distribute grades.

    • Avoid leaving graded work out for students to find.

    • Do not post grades online that include student PUID or SSN.

Notifying Students of Exam Grades

  • Grades should be communicated without public disclosure of student identifiers.

Releasing Student Information

  • Written consent is required to release any non-directory information.

  • Purdue University maintains a Student Information Release Authorization Form on the Registrar’s website.

Directory Information

  • Directory information can be released without written consent, including:

    • Name

    • Contact information (email addresses, addresses, phone numbers)

    • Enrollment status

    • Dates of attendance

    • Classification

    • Awards received

    • Participation in recognized activities

Restrictions on Directory Information

  • Students have the right to restrict the release of directory information at any time.

FERPA and the USA PATRIOT Act

  • The Act allows the release of personal information without student consent for investigations pertaining to terrorism, under specific conditions.

Exceptions to Release Rules

  • Information can be disclosed without consent:

    1. When complying with lawful subpoenas or court orders (grand jury and law enforcement subpoenas).

    2. In cases of a significant threat to health or safety.

Restricting Directory Information

  • Students can request that their directory information not be disclosed.

  • Requests remain in effect until the student removes them.

Effects of Restricted Information

  • All requests for information will require written consent from the student.

Data Reporting Rules

  • Summaries of aggregated educational information can be published as long as individual identities cannot be discerned.

  • Small data sets containing non-directory information can only be released internally to legitimate educational stakeholders.

Protecting Student Data/Records

  • Best practices for confidentiality include:

    • Password protection and proper disposal of records.

    • Secure storage and not transmitting sensitive information via unsecured channels.

Parent and Student Rights

  • FERPA rights transfer to the student when they turn 18 or attend a postsecondary institution.

  • Parents can access educational records only if they can prove dependency.

Proxy Access Information

  • Students control who can view their information through the proxy setup on the MyPurdue Portal.

  • Students can grant access to specific information, such as grades and schedules.

Student Rights to Access Records

  • Students have the right to inspect and review their educational records within 45 calendar days of request.

Rights of Non-enrolled Students

  • Denied applicants do not have rights to their applications, and admitted students have no rights until enrollment.

  • Former students retain the same rights as current ones.

Conclusion

  • FERPA compliance is a shared responsibility.

  • Directory information is the only information that can be released without written consent unless restricted.

Key Takeaways

  • Always check confidentiality statuses.

  • Contact the Office of the Registrar with any FERPA inquiries.

Special Notes for Compliance

  • Never post identifiable information like names or PUIDs publically.

  • Avoid sharing student schedules or any confidential information without proper consent or in violation of FERPA regulations.