Home :: Frequently Asked Questions

Frequently Asked Questions - FERPA for Faculty and Staff


  1. What does FERPA really mean for me as a university faculty or staff member?
  2. I am the faculty/staff sponsor for the local chapter of an honorary organization that is an officially registered campus group.
  3. What is the best way to dispose of sensitive materials?
  4. My car was just stolen along with my briefcase in which I had student personal information. What should I do?
  5. What do I do when I receive a request for information about a student who has directed the university not to release any information?
  6. I have been told that I can release directory information. Does that mean the university telephone book or the Alumni directory?
  7. A student complained that I left my grade book open on my desk, and he could see grades for the whole class. Isn't that picky?
  8. My department maintains a separate database of all students in our major. Is there any reason to safeguard these records?
  9. What do I do if a student tells me that he believes a colleague has inappropriately disclosed his student information?
  10. FERPA-protected class information was placed on the web. There are no links to the information, but anyone can find it through an internet search. What should I do?
  11. Some of my students want to be advised either by mail or by e-mail. Are there issues involved with exchanging information?
  12. What about writing letters of recommendation, for either future employment or admission to an advanced degree program?
  13. Parents often inquire about their student's performance. What rights do they have in terms of access to student information?
  14. What is the right way for me to respond to a subpoena, court order or request from a law enforcement professional for records?
  15. Former students frequently use my name as a reference. Are there any liabilities that I should be aware of?
  16. I've been told I may not include information about top-notch students in the department's annual report. Is this correct?
  17. At the start of the term, I pass a class roster around during my class, so students can check their info. Is this bad practice?
  18. I left a stack of graded papers in a box outside my office so students could pick them up at their convenience. Is this okay?
  19. I think the new Photo Rosters will be a great way to promote class interaction in my class by speeding up the process by which students recognize and learn each other's names. May I share the roster with them?
  20. Why can't I post lists of students and their grades on the department bulletin board or on my web site?
What does FERPA really mean for me as a university faculty or staff member?

You share the responsibility for protecting the privacy rights of ASU students and their records. You should become familiar with the various requirements of FERPA, a synopsis of which is available here. University policy regarding the management of student records is based on this federal legislation. The penalty for inappropriate disclosure is the withdrawal of federal funding of essentially all types. The staff in the University Registrar's Office is available to provide guidance for any situation.

Additional information is available at these web sites:

USI 107-01 Release of Student Information: http://www.asu.edu/aad/manuals/usi/usi107-01.html
USI 107-02 Lost, Stolen, or Inappropriately Disclosed Student Records Information: http://www.asu.edu/aad/manuals/usi/usi107-02.html
ACD 304-03 Posting of Student Grades: http://www.asu.edu/aad/manuals/acd/acd304-03.html
Office of General Counsel, Briefing Paper, Student Educational Records: FERPA http://www.asu.edu/counsel/brief/ferpa.html

I am the faculty/staff sponsor for the local chapter of an honorary organization that is an officially registered campus group.

I am the faculty/staff sponsor for the local chapter of an honorary organization that is an officially registered campus group. The national chapter has asked me for a list of candidates so they can send membership invitations, but one of the criteria is a certain GPA. May I send them the list?

No, it would be inappropriate to provide any information that has been sorted by GPA or any other piece of non-directory information. What you may do is send the mailing from here without providing your national office the list. This gives students the opportunity to self-select by responding or not responding to the invitation and keeps ASU compliant with FERPA. Note that it is also inappropriate to permit any student members to have access to candidate information, if it is prepared using any non-directory information. Developing a list of potential candidates is not accomplished centrally. Your department or college has staff with My Reports access who can prepare this list for you. If you have any questions about this procedure, please consult with a member of the administrative staff in the University Registrar's Office.

What is the best way to dispose of sensitive materials?
After confirming that you are following the appropriate retention schedule, shredding is the preferred method. For more information on the disposal of sensitive material vist this web page: http://uabf.asu.edu/recycling_shredded_paper.
My car was just stolen along with my briefcase in which I had student personal information. What should I do?
ASU has a policy/procedure that must be followed when information is lost, stolen, or inappropriately disclosed. Please go to this web page for instructions: http://www.asu.edu/aad/manuals/usi/usi107-02.html. The staff in the University Registrar's Administrative Office is available to provide assistance as needed.
What do I do when I receive a request for information about a student who has directed the university not to release any information?
This can be very awkward. If the student has told us not to release any information, university employees may not even acknowledge that the person is or has ever been a student here. You might say, "I have no releasable information." If the caller questions that statement, you may reiterate what you have already said; or, of course, you may refer them to the University Registrar's Office at 480.965.3124.
I have been told that I can release directory information. Does that mean the university telephone book or the Alumni directory?
Not necessarily. ASU permits release of "directory information" as defined by FERPA, unless a student directs us not to release such information. Referring a requestor to the University Registrar's Office is always appropriate in this situation. Otherwise, please go to the policy at http://www.asu.edu/aad/manuals/usi/usi107-01.html to view ASU's definition of directory information, and make your decision based on that.
A student complained that I left my grade book open on my desk, and he could see grades for the whole class. Isn't that picky?
No, actually, it's not. Everyone who deals with protected student information needs to be cautious about "passive" and unintended releases of information. This includes leaving information visible on your desk or walking away from a computer screen that displays student information. We even need to be alert to where monitors are placed, so that they are not visible through a window or doorway.
My department maintains a separate database of all students in our major. Is there any reason to safeguard these records?
Yes! All student records that are created and/or maintained by anyone in the university are protected by FERPA in exactly the same way. This includes derived databases in academic departments, colleges, business offices, etc.
What do I do if a student tells me that he believes a colleague has inappropriately disclosed his student information?
It is recommended you refer the student to a member of the University Registrar's administrative staff at 480.965.7302 to discuss the applicability of the Lost, Stolen, or Inappropriately Disclosed Student Records Information Policy at http://www.asu.edu/aad/manuals/usi/usi107-02.html.
FERPA-protected class information was placed on the web. There are no links to the information, but anyone can find it through an internet search. What should I do?
This should be reported to your department chair, so that the protected information can be removed from public access immediately and the necessary steps of the Lost, Stolen, or Inappropriately Disclosed Student Records Information Policy at http://www.asu.edu/aad/manuals/usi/usi107-02.html can be followed immediately. Experience has shown that when this occurs, it is generally unintentional. Many people have the mistaken notion that if they do not provide a link to their web space, it is private. With the powerful search engines that are available today, everyone must ensure that they are using appropriate security measures when placing sensitive information on the web. ASU employees who inappropriately post student information to publicly accessible web space risk losing access to their own ASU web space.
Some of my students want to be advised either by mail or by e-mail. Are there issues involved with exchanging information?
The biggest difference is that when a student comes to your office, you will ask for picture identification, and you are unable to do that through the mail or e-mail. It is always appropriate to communicate with a student by mail, provided that you use the student's address of record with ASU, which you may find in the student information system.
E-mail is another situation entirely. So much of our work has been improved by the use of technology, and both the ease and the speed of e-mail make it a very appealing communication choice. However, users should exercise extreme caution in using e-mail to communicate confidential or sensitive matters and should not assume that e-mail is private and confidential. It is especially important that users are careful to send messages only to the intended recipient(s). If a student prefers to use e-mail, you may want to obtain his/her advance, signed, written authorization to exchange information by e-mail. The document should include their understanding that they assume all risk assumed with any possible inappropriate interception of an e-mail transmission. If you do follow this approach, be certain to retain the signed authorization document. Also, you should correspond only to the student's official @asu.edu e-mail address.
What about writing letters of recommendation, for either future employment or admission to an advanced degree program?
Again, it is required that you have written authorization from the student, if you are going to discuss anything about his/her performance, which is likely what the recipient of your letter will be looking for. In addition, if you are writing a letter of recommendation for admission to a graduate program, you may also be shown a copy of a form the student has signed waiving his/her right to view your letter. It is good practice to copy that form and retain it for your own records, along with the student's written authorization document.
Parents often inquire about their student's performance. What rights do they have in terms of access to student information?
This can be an extremely frustrating area for parents of traditionally aged students, particularly if the parents are paying the bills. Nonetheless, all FERPA rights transfer from the parent to the student when the student either reaches the age of eighteen or moves into post-secondary education, regardless of age. This means that you may not discuss anything about a student with a parent or spouse, unless you have advance written consent from the student, or can confirm that a formal consent for access or affidavit of dependency has been filed in the University Registrar's Office and has been noted in the student information system (Peoplesoft). For instructions on how to view this information in Peoplesoft visit this web page: http://help.asu.edu/node/220. If your position does not require that you have access to the student information system, please contact the University Registrar's Office to determine if the information can be disclosed. For students who have directed the university not to release their directory information, you may not even acknowledge that the student is present at ASU. There may be an occasional exception in the case of a legitimate emergency, but in that case law enforcement personnel will be involved, and they will work through the University Registrar's Office.
What is the right way for me to respond to a subpoena, court order or request from a law enforcement professional for records?
All requests for student information, whether by subpoena, court order, or authorization, should be sent to the University Registrar's Administrative Office for review and processing. If the request calls for more information than is available directly from the University Registrar's Office, those materials will be gathered together under the direction of the Office of General Counsel and submitted as a package in response to the request. Do not be intimidated by a badge. Refer all inquiries to the University Registrar's Office.
Former students frequently use my name as a reference. Are there any liabilities that I should be aware of?
While we would prefer that students follow generally accepted protocol and ask permission in advance of using your name as a reference, you may still be able to provide assistance. First, if this is a frequent occurrence, you may wish to notify your current and future students that they need to discuss this with you in advance. Second, you should require written permission from each student who wishes to use you as a reference. For you to discuss the student and his/her performance freely, the permission needs to be worded very broadly. If the authorization is worded narrowly, be certain that you only discuss those areas which you have been given permission to disclose.
I've been told I may not include information about top-notch students in the department's annual report. Is this correct?
The answer is perhaps. It would be a FERPA violation to include information about any student who has directed the university not to release his/her information. Additionally, without advance written consent, it would be a violation to disclose grades or performance indicators for any student. If you obtain written permission from each student, it would be permissible to include the information. The department would need to retain the written permission as documentation about the release.
At the start of the term, I pass a class roster around during my class, so students can check their info. Is this bad practice?

While there is an expectation that students may learn each other's names through the course of regular class activities during the term, official class rosters include student names and ID numbers, which may not be disclosed without the advance written consent of each individual student. A better approach would be to encourage your students to go to My ASU to confirm their registration. If they have individual questions or concerns, they should contact any registration location.

I left a stack of graded papers in a box outside my office so students could pick them up at their convenience. Is this okay?
No, this is a problem. Although it may seem like a good service to your students to provide quick return of materials in this way, there is nothing to prevent anyone from inappropriately sifting through all of the papers to learn grades other than his own and possibly to obtain other students' identifying information, all of which is protected.
I think the new Photo Rosters will be a great way to promote class interaction in my class by speeding up the process by which students recognize and learn each other's names. May I share the roster with them?
No, this will be a FERPA violation, unless you obtain the specific written consent of each student in advance. Class rosters contain personally indentifiable information, e.g., photo and ID number, which is protected from disclosure to third parties, even classmates, by FERPA. Such rosters are intended for instructor use only.
Why can't I post lists of students and their grades on the department bulletin board or on my web site?
FERPA does not permit the public disclosure of personally identifiable student information. Posting grades in the manner you have described would be a violation. It is, however, permissible to post student grades if you use the methods approved by the university. For example, you may use the Posting-ID that is provided on your class rosters. Additional information is available in the Academic Affairs Policy Manual, ACD 304-03, http://www.asu.edu/aad/manuals/acd/acd304-03.html.