FERPA for Faculty, Staff, & Administrators

What is FERPA?

FERPA stands for Family Educational Rights and Privacy Act of 1974, as Amended. It is commonly known as FERPA, the Privacy Act or the Buckley Amendment. It is a federal law designed to protect the privacy of educational records, to establish the right of students to inspect and review their educational records, and to provide guidelines for the correction of inaccurate and misleading data through informal and formal hearings.

FERPA allows release of specified items but does not require it. Items that may be released are called directory information. Texas A&M University has classified these items as directory information:

Directory Information Items
Universal Identification Number (UIN) - effective January 2012
Local Address
Permanent Address
E-mail Address
Local Telephone Number
Permanent Telephone Number
Dates of Attendance
Program of Study
Previous Educational Agencies/Institutions Attended
Degrees, Honors, and Awards Received
Participation in Officially Recognized Activities and Sports
Medical Residence Location (Health Science Center students)
Medical Residence Specialization (Health Science Center students)

Current students may place a directory hold on any or all of this information via the My Record tab in Howdy. After this information is entered into the Compass Student Information System, a warning message which indicates the student has blocked his/her information will display when a student's ID number is entered on any Compass form. A "Confidential" notation will also appear in the upper left-hand corner of any Compass form containing student information when a student has restricted the release of any directory item. Check the Compass SWAINFO form for the specific directory items that have been restricted and may not be released without prior written consent from the student.

Items which cannot be identified as directory information are a student's social security number, race, religion, national origin, gender, grades, or GPA.

Any record, with certain exceptions, maintained by an institution that is directly related to a student or students is an educational record. This record can contain a student's name, or several students' names, or information from which an individual student or students can be personally (individually) identified. Educational records include files, documents and materials in whatever medium (handwriting, print, monitor screen, tapes, disks, film, microfilm, microfiche or notes) that contain information directly related to students and from which students can be personally identified.

If ever in doubt whether information may be released, please call the Office of the Registrar at 458-4175 or 845-1711. They will help you determine if the information is an educational record and/or whether it may be disclosed without prior written consent. You may also send your questions to ferpa@tamu.edu.

A school official has a legitimate educational interest if the information requested is necessary for that official to:

(a) perform appropriate tasks that are specified in his/her position description or in the performance of regularly assigned duties by a lawful supervisor;
(b) fulfill the terms of a contractual agreement;
(c) perform a task related to a student's education;
(d) perform a task related to the discipline of a student; or
(e) provide a service or benefit relating to the student or student's family, such as health care, counseling, financial aid, job placement, or former student-related activities.

This means if a student is assigned to you for advising, you have a legitimate educational interest and may access his/her records. If a good friend asks you to tell him the grades his daughter has made, DON'T. This situation poses two problems. First, unless this student is your advisee, you do not have a legitimate educational interest. Second, if the parent has not filed the Certification of Dependency form with the Office of the Registrar, the parent may not be eligible to receive this information.

In post-secondary institutions, the student “owns” his/her educational record from the first enrollment, regardless of the age of the student.

Statements made by a person making a recommendation that are made from that person's personal observation or knowledge do not require a written release from the student who is the subject of the recommendation. However, if personally identifiable information obtained from a student's educational record is included (GPA, grades, etc.), the writer is required to obtain a signed release from the student. This letter would become a part of the student's educational record and the student has the right to read it unless he/she has waived that right.

The public posting of grades either by the student's name, institutional student identification number, social security number, or any portion of these numbers without the student's prior written consent is a violation of FERPA. This includes posting grades to a class/institutional website and applies to any public posting of grades for students taking distance education courses.

Even with names obscured, numeric student identifiers are considered personally identifiable information. The practice of posting grades by social security number, student identification number, or any portion of these numbers violates FERPA.

There is no guarantee of confidentiality when sending grades via email or the Internet. FERPA is a privacy law, not an IT security law. As such, FERPA does not explicitly prohibit use of email to transmit protected student information. However, the institution would be held responsible if an unauthorized third party gained access, in any manner, to a student's education record through any electronic transmission method, so information sent via email should be secured and not allow disclosures to third parties not authorized by the student, including parents or guardians, significant others, roommates, or other individuals who may have access to email for the purpose of IT support (e.g., Yahoo! employees). 

In order to avoid the risk of unauthorized access, only secure web sites which require authentication (howdy.tamu.edu) should be used for accessing grade information.

The Family Policy Compliance Office reviews and investigates complaints of violations of FERPA. The penalty for violating FERPA is loss of all federal funding, including grants and financial aid.

If you witness or commit what you believe to be a possible FERPA violation, please notify the Office of the Registrar immediately at 979-845-1711, ferpa@tamu.edu or Help Desk Central at 979-845-8300 (24 Hours). The Office of the Registrar will investigate the matter and determine what action, if any, should be taken. If you have any questions about FERPA compliance or the release of student information, please contact Rebecca Hapes, Associate Registrar at rhapes@tamu.edu or 979-845-1711.

  • At any time use the social security number, institutional identification number, or any portion of these numbers in a public posting of grades
  • Link the name of a student with that student's social security number in any public manner
  • Leave graded tests or papers in a stack for students to pick up by sorting through the tests or papers of all students
  • Circulate a printed class list with student name and social security number/institutional identification number or grades as an attendance roster
  • Discuss the progress of any student with anyone other than the student (including parents/guardians) without the consent of the student
  • Provide anyone with lists of students enrolled in your classes for any commercial purpose
  • Provide anyone with student schedules or assist anyone in finding a student on campus
The staff members of the Office of the Registrar are available to participate in a FERPA question and answer session for any department or college faculty meeting. To make arrangements, please call the Office of the Registrar at 979-845-1711 or submit a request to ferpa@tamu.edu.

FERPA Tutorial for Faculty, Staff, & Administrators