FERPA for Faculty, Staff, & Administrators

Any record, with certain exceptions, maintained by an institution that is directly related to a student or students is an educational record. This record can contain a student's name, or several students' names, or information from which an individual student or students can be personally (individually) identified. Educational records include files, documents and materials in whatever medium (handwriting, print, monitor screen, tapes, disks, film, microfilm, microfiche or notes) that contain information directly related to students and from which students can be personally identified.

If ever in doubt whether information may be released, please call the Office of the Registrar at 458-4175 or 845-1711. They will help you determine if the information is an educational record and/or whether it may be disclosed without prior written consent. You may also send your questions to ferpa@tamu.edu.

A school official has a legitimate educational interest if the information requested is necessary for that official to:

(a) perform appropriate tasks that are specified in his/her position description or in the performance of regularly assigned duties by a lawful supervisor;
(b) fulfill the terms of a contractual agreement;
(c) perform a task related to a student's education;
(d) perform a task related to the discipline of a student; or
(e) provide a service or benefit relating to the student or student's family, such as health care, counseling, financial aid, job placement, or former student-related activities.

This means if a student is assigned to you for advising, you have a legitimate educational interest and may access his/her records. If a good friend asks you to tell him the grades his daughter has made, DON'T. This situation poses two problems. First, unless this student is your advisee, you do not have a legitimate educational interest. Second, if the parent has not filed the Certification of Dependency form with the Office of the Registrar, the parent may not be eligible to receive this information.

In post-secondary institutions, the student “owns” his/her educational record from the first enrollment, regardless of the age of the student.

Statements made by a person making a recommendation that are made from that person's personal observation or knowledge do not require a written release from the student who is the subject of the recommendation. However, if personally identifiable information obtained from a student's educational record is included (GPA, grades, etc.), the writer is required to obtain a signed release from the student. This letter would become a part of the student's educational record and the student has the right to read it unless he/she has waived that right.

The public posting of grades either by the student's name, institutional student identification number, social security number, or any portion of these numbers without the student's prior written consent is a violation of FERPA. This includes posting grades to a class/institutional website and applies to any public posting of grades for students taking distance education courses.

Even with names obscured, numeric student identifiers are considered personally identifiable information. The practice of posting grades by social security number, student identification number, or any portion of these numbers violates FERPA.

There is no guarantee of confidentiality when sending grades via email or the Internet. FERPA is a privacy law, not an IT security law. As such, FERPA does not explicitly prohibit use of email to transmit protected student information. However, the institution would be held responsible if an unauthorized third party gained access, in any manner, to a student's education record through any electronic transmission method, so information sent via email should be secured and not allow disclosures to third parties not authorized by the student, including parents or guardians, significant others, roommates, or other individuals who may have access to email for the purpose of IT support (e.g., Yahoo! employees). 

In order to avoid the risk of unauthorized access, only secure web sites which require authentication (howdy.tamu.edu) should be used for accessing grade information.

The Family Policy Compliance Office reviews and investigates complaints of violations of FERPA. The penalty for violating FERPA is loss of all federal funding, including grants and financial aid.

If you witness or commit what you believe to be a possible FERPA violation, please notify the Office of the Registrar immediately at 979-845-1711, ferpa@tamu.edu or Help Desk Central at 979-845-8300 (24 Hours). The Office of the Registrar will investigate the matter and determine what action, if any, should be taken. If you have any questions about FERPA compliance or the release of student information, please contact Rebecca Hapes, Associate Registrar at rhapes@tamu.edu or 979-845-1711.

• At any time use the social security number, institutional identification number, or any portion of these numbers in a public posting of grades
• Link the name of a student with that student's social security number in any public manner
• Leave graded tests or papers in a stack for students to pick up by sorting through the tests or papers of all students
• Circulate a printed class list with student name and social security number/institutional identification number or grades as an attendance roster
• Discuss the progress of any student with anyone other than the student (including parents/guardians) without the consent of the student
• Provide anyone with lists of students enrolled in your classes for any commercial purpose
• Provide anyone with student schedules or assist anyone in finding a student on campus