Family Educational Rights Privacy Act (FERPA)

This section houses all guidance documents, training materials, policy letters and other resources directly related to the Family Educational Rights and Privacy Act.  The FERPA regulations can be found here.

Guidance

Dear Colleague Letter to School Officials at Institutions of Higher Education

Institutions of higher education have a strong interest in ensuring that students have uncompromised access to the support they need, without fear that the information they share will be disclosed inappropriately. Providing on-campus access to medical services, including mental health services, can help promote a safe and healthy campus. The practice of sharing a student’s sensitive medical records with others not involved in their treatment may discourage the use of medical services provided on campus.  The U.S.

Guidance
Videos

The A-B-C's of Student Directory Information

FERPA allows schools and districts to designate certain basic student information as directory information, and share that information without consent if certain additional requirements are met. This video describes why a school would want to use designated student directory information and the types of information that fall into this category. It also explains the process that schools and districts must adhere to when designating directory information.

Guidance

SPPO response to Louisiana on Enrollment Data and Disclosure Avoidance

Letter to the Louisiana State Superintendent of Education answering questions relating to protecting student privacy in public reporting.  The document addresses the U.S. Department of Education’s practices and recommendations to States on how to protect privacy when publicly reporting enrollment data. 

Guidance

Protecting Student Privacy While Using Online Educational Services: Model Terms of Service

The Privacy Technical Assistance Center, working with the Department of Education’s Family Policy Compliance office, has developed a checklist document that provides a framework for evaluating online educational tools' Terms of Service Agreements.  This document is intended to assist users in understanding how a given online service or app will collect, use and/or transmit user information so that they can then decide whether or not to sign up.

The document is divided into several sections:

Guidance

Responsibilities of Third-Party Service Providers under FERPA

This document was developed by PTAC to assist online educational services providers, vendors, and contractors in understanding the Family Educational Rights and Privacy Act (FERPA). Similar guidance, Protecting Student Privacy While Using Online Educational Services, is intended for school audiences; this guidance presents the same material, but in a format geared toward third-party service providers.

Guidance

Guidance for Reasonable Methods and Written Agreements

This document provides guidance for schools, school districts, postsecondary institutions, and State educational authorities (such as State educational agencies) that may disclose personally identifiable information from education records. The document provides these entities with information about requirements and best practices for data disclosures under the studies exception and the audit or evaluation exception, as specified in the Family Educational Rights and Privacy Act.

written agreement agreements

Guidance

Letter to Virginia Attorney General Mark Herring Regarding Public Release of Executive Summary provided to University of Virginia Board of Visitors

Letter to the Commonwealth of Virginia’s Attorney General Mark Herring providing guidance and technical assistance regarding the applicability of FERPA to the potential public release of an executive summary of a report provided to the University of Virginia’s Board of Visitors.

Guidance

Identity Authentication Best Practices

This brief offers best practice recommendations for developing and implementing effective authentication processes to help ensure that only appropriate individuals and entities have access to education records. General suggestions provided in the brief are applicable to all modes of data access, be it in person, over the phone, by mail, or electronically.