Frequently Asked Questions - FERPA/Buckley for Faculty and Staff


  1. What does FERPA/Buckley really mean for me as a university faculty or staff member?
  2. Is it okay to release student information if the student does not have a "do not release" flag on his records?
  3. Why can't I post lists of students and their grades on the department bulletin board or on my web site?
  4. I left a stack of graded papers in a box outside my office so students could pick them up at their convenience. Is this okay?
  5. At the start of the term, I pass a class roster around during my class, so students can check their info. Is this bad practice?
  6. I've been told I may not include information about top-notch students in the department's annual report. Is this correct?
  7. Former students frequently use my name as a reference. Are there any liabilities that I should be aware of?
  8. What is the right way for me to respond to a subpoena, court order or request from a law enforcement professional for records?
  9. Parents often inquire about their student's performance. What rights do they have in terms of access to student information?
  10. What about writing letters of recommendation, for either future employment or admission to an advanced degree program?
  11. Some of my students want to be advised either by mail or by e-mail. Are there issues involved with exchanging information?
  12. Class information was placed on the web. There are no links to the information, you can find it through search. What do I do?
  13. What do I do if a student tells me that he believes a colleague has inappropriately disclosed his student information?
  14. My department maintains a separate database of all students in our major. Is there any reason to safeguard these records?
  15. A student complained that I left my grade book open on my desk, and he could see grades for the whole class. Isn't that picky?
  16. I have been told that I can release directory information. Does that mean the university telephone book or the Alumni directory?
  17. What do I do when I receive a request for information about a student who has directed the university not to release any info?
  18. My car was just stolen along with my briefcase in which I had student personal information. What should I do?
  19. What is the best way to dispose of sensitive materials?
  20. I am the faculty/staff sponsor for the local chapter of an honorary organization that is an officially registered campus group.
What does FERPA/Buckley really mean for me as a university faculty or staff member?

You share the responsibility for protecting the privacy rights of ASU students and their records. You should become familiar with the various requirements of FERPA, a synopsis of which is available here. University policy regarding the management of student records is based on this federal legislation. The penalty for inappropriate disclosure is the withdrawal of federal funding of essentially all types. The staff in the University Registrar's Office is available to provide guidance for any situation.

Additional information is available at these web sites:

USI 107-01 Release of Student Information: http://www.asu.edu/aad/manuals/usi/usi107-01.html
ACD 121 Privacy Rights of Students: http://www.asu.edu/aad/manuals/acd/acd121.html
ACD 304-03 Posting of Student Grades: http://www.asu.edu/aad/manuals/acd/acd304-03.html
Office of General Counsel, Briefing Paper, Student Educational Records: FERPA http://www.asu.edu/counsel/brief/ferpa.html

Back to Top

Is it okay to release student information if the student does not have a "do not release" flag on his records?
You are encouraged to refer the requestor to any registrar location. Responding to requests for student information is part of the registrar staff's assigned job responsibilities, and they are very familiar with all aspect of FERPA/Buckley, including both restrictions and exceptions.

Back to Top

Why can't I post lists of students and their grades on the department bulletin board or on my web site?
FERPA does not permit the public disclosure of personally identifiable student information. Posting grades in the manner you have described would be a violation. It is, however, permissible to post student grades if you use the methods approved by the university. For example, you may use the Posting-ID that is provided on your class rosters. Additional information is available in the Academic Affairs Policy Manual, ACD 304-03, http://www.asu.edu/aad/manuals/acd/acd304-03.html.

Back to Top

I left a stack of graded papers in a box outside my office so students could pick them up at their convenience. Is this okay?
No, this is a problem. Although it may seem like a good service to your students to provide quick return of materials in this way, there is nothing to prevent anyone from inappropriately sifting through all of the papers to learn grades other than his own and possibly to obtain other students' identifying information, all of which is protected.

Back to Top

At the start of the term, I pass a class roster around during my class, so students can check their info. Is this bad practice?

While there is an expectation that students may learn each others' names through the course of regular class activities through the term, official class rosters include student names and ID numbers, which may not be disclosed without the advance written consent of each individual student. A better approach would be to encourage your students to go to ASU Interactive on the web to confirm their registrations. If they have individual questions or concerns, they should contact any registration location.

Note: Remind your students that official registration and signing up for a class in myASU are two separate activities. To be officially registered, they must use ASU Interactive or in-person registration. Signing up for a class in myASU is merely giving them access to the electronic teaching environment.

Back to Top

I've been told I may not include information about top-notch students in the department's annual report. Is this correct?
The answer is perhaps. It would be a FERPA violation to include information about any student who has directed the university not to release his/her information. Additionally, without advance written consent, it would be a violation to disclose grades or performance indicators for any student. If you obtain written permission from each student, it would be permissible to include the information. The department would need to retain the written permission as documentation about the release.

Back to Top

Former students frequently use my name as a reference. Are there any liabilities that I should be aware of?
While we would prefer that students follow generally accepted protocol and ask permission in advance of using your name as a reference, you may still be able to provide assistance. First, if this is a frequent occurrence, you may wish to notify your current and future students that they need to discuss this with you in advance. Second, you should require written permission from each student who wishes to use you as a reference. For you to discuss the student and his/her performance freely, the permission needs to be worded very broadly. If the authorization is worded narrowly, be certain that you only discuss those areas which you have been given permission to disclose.

Back to Top

What is the right way for me to respond to a subpoena, court order or request from a law enforcement professional for records?
The Office of the University Registrar serves as Custodian of Records for the university. All requests for student information, whether by subpoena, court order, or authorization, should be sent to the University Registrar's Administrative Office for review and processing. If the request calls for more information than is available directly from the University Registrar's Office, those materials will be gathered together under the direction of the Office of General Counsel and submitted as a package in response to the request. Do not be intimidated by a badge. Refer all inquiries to the University Registrar's Office.

Back to Top

Parents often inquire about their student's performance. What rights do they have in terms of access to student information?
This can be an extremely frustrating area for parents of traditional aged students, particularly if the parents are paying the bills. Nonetheless, all FERPA rights transfer from the parent to the student when the student either reaches the age of eighteen or moves into post-secondary education, regardless of age. This means that you may not discuss anything about a student with a parent or spouse, unless you have advance written consent from the student. For students who have directed the university not to release their directory information, you may not even acknowledge that the student is present at ASU. There may be an occasional exception in the case of a legitimate emergency, but in that case law enforcement personnel will be involved, and they will work through the Office of the University Registrar.

Back to Top

What about writing letters of recommendation, for either future employment or admission to an advanced degree program?
Again, it is required that you have written authorization from the student, if you are going to discuss anything about his/her performance, which is likely what the recipient of your letter will be looking for. In addition, if you are writing a letter of recommendation for admission to a graduate program, you may also be shown a copy of a form the student has signed waiving his/her right to view your letter. It is good practice to copy that form and retain it for your own records, along with the student's written authorization document.

Back to Top

Some of my students want to be advised either by mail or by e-mail. Are there issues involved with exchanging information?
The biggest difference is that when a student comes to your office, you will ask for picture identification, and you are unable to do that through the mail or e-mail. It is always appropriate to communicate with a student by mail, provided that you use the student's address of record with ASU, which you may find in the student information system.
E-mail is another situation entirely. So much of our work has been improved by the use of technology, and both the ease and the speed of e-mail make it a very appealing communication choice. However, users should exercise extreme caution in using e-mail to communicate confidential or sensitive matters, and should not assume that e-mail is private and confidential. It is especially important that users are careful to send messages only to the intended recipient(s). If a student prefers to use e-mail, you may want to obtain his/her advance, signed, written authorization to exchange information by e-mail. The document should include their understanding that they assume all risk assumed with any possible inappropriate interception of an e-mail transmission. If you do follow this approach, be certain to retain the signed authorization document. Also, you should correspond only to the student's official @asu.edu e-mail address.

Back to Top

Class information was placed on the web. There are no links to the information, you can find it through search. What do I do?
This should be reported to your department chair, so that the protected information can be removed from public access immediately. If that is not possible, please consult with a member of the University Registrar's administrative staff at 480.965.7302. Experience has shown that when this occurs, it is generally unintentional. Many people have the mistaken notion that if they do not provide a link to their web space, it is private. With the powerful search engines that are available today, everyone must ensure that they are using appropriate security measures when placing sensitive information on the web. ASU employees who inappropriately post student information to publicly accessible web space risk losing access to their own ASU web space.

Back to Top

What do I do if a student tells me that he believes a colleague has inappropriately disclosed his student information?
With the student's permission, you should discuss this with your colleague. If that is not possible, please consult with a member of the University Registrar's administrative staff at 480.965.7302.

Back to Top

My department maintains a separate database of all students in our major. Is there any reason to safeguard these records?
Yes! All student records that are created and/or maintained by anyone in the university are protected by FERPA in exactly the same way. This includes derived databases in academic departments, colleges, business offices, etc.

Back to Top

A student complained that I left my grade book open on my desk, and he could see grades for the whole class. Isn't that picky?
No, actually, it's not. Everyone who deals with protected student information needs to be cautious about "passive" and unintended releases of information. This includes leaving information visible on your desk or walking away from a computer screen that displays student information. We even need to be alert to where monitors are placed, so that they are not visible through a window or doorway.

Back to Top

I have been told that I can release directory information. Does that mean the university telephone book or the Alumni directory?
Not necessarily. ASU permits release of directory information, unless a student directs us not to release. Referring a requestor to the University Registrar's Office is always appropriate in this situation. Otherwise, please go to the policy to view ASU's definition of directory information, and make your decision based on that.

Back to Top

What do I do when I receive a request for information about a student who has directed the university not to release any info?
This can be very awkward. If the student has told us not to release any information, university employees may not even acknowledge that the person is or has ever been a student here. You might say, "I have no releasable information." If the caller questions that statement, you may reiterate what you have already said; or, of course, you may refer them to the University Registrar's Office at 480.965.3124.

Back to Top

My car was just stolen along with my briefcase in which I had student personal information. What should I do?
ASU has a policy/procedure that must be followed when information is lost or stolen. Please go to this web page for instructions: http://www.asu.edu/aad/manuals/usi/usi107-02.html. The staff in the University Registrar's Administrative Office is available to provide assistance as needed.

Back to Top

What is the best way to dispose of sensitive materials?
After confirming that you are following the appropriate retention schedule, shredding is the preferred method. In addition, the university contracts with a recycling company that offers secure recycling of sensitive materials. Call Surplus Property at 480.965.7640 for more information.

Back to Top

I am the faculty/staff sponsor for the local chapter of an honorary organization that is an officially registered campus group.

I am the faculty/staff sponsor for the local chapter of an honorary organization that is an officially registered campus group. The national chapter has asked me for a list of candidates so they can send membership invitations, but one of the criteria is a certain GPA. May I send them the list?

No, it would be inappropriate to provide any information that has been sorted by GPA or any other piece of non-directory information. What you may do is send the mailing from here without providing your national office the list. This gives students the opportunity to self-select by responding or not responding to the invitation, and keeps ASU compliant with FERPA. Note that it is also inappropriate to permit any student members to have access to candidate information, if it is prepared using any non-directory information. Developing a list of potential candidates is not accomplished centrally. Your department or college has a Data Warehouse person who can prepare this list for you. If you have any questions about this procedure, please consult with a member of the administrative staff in the University Registrar's Office.

Back to Top