1. FERPA Training UNIV 101 Marian Yao FERPA Compliance Officer
University Registrar
San Jose State University
November 1-2, 2017
The following slides are designed to form the basis of a FERPA workshop/presentation and may be found on the enclosed CD. There are notes with most of the slides explaining what is covered in the slide. The title you give the presentation can be anything that describes what the presentation is about. The catchier the title, the better.

2. FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT OF 1974 (FERPA)
A Federal Law also known as the Buckley Amendment.
Family Policy Compliance Office
Dale King, Director
U.S. Department of Education
400 Maryland Ave., SW
Washington, D.C
(phone)
(fax)
box:
Congress enacted FERPA for the three main purposes shown in this slide. In this presentation, the first two purposes are covered. The third has not become a major factor in our study of FERPA. Although important to the overall understanding of the intent of Congress in protecting the privacy of education records and providing for corrections to erroneous information found in education records, the hearing process has not emerged as an important part of this legislation since there have not been that many hearings that have resulted from a FERPA complaint within an institution.

3. Primary Rights of Students under FERPA
Right to inspect records
Right to seek to amend the record
Right to have some control over the disclosure of information from education records
These are important concepts that all faculty and staff who regularly work with FERPA issues need to master. This and the next slide are shown twice in this presentation. The first time is here to introduce participants to those concepts and terms that will be emphasized in this presentation. This slide is also displayed toward the end of the presentation to reemphasize FERPA’s key terms and concepts.

4. WHAT IS AN “EDUCATION RECORD?”
Student record with personally identifiable info.
In any format: handwriting, print, tapes, disks, film, microfilm, microfiche
Exclusions:
“Sole Possession” notes
Law enforcement unit records
Employment records
Doctor-patient privilege records
Alumni Records
This is the FERPA definition of an “education record.” It is important to start with this definition since you must determine if a piece of information is an “education record.” If the record can be identified as an “education record,” it is subject to FERPA. Notice how broad the definition is; not only in the information covered but also in the variety of media in which such a record can be found. This definition basically tells us that an education record is not just a record that can be identified by a student’s name; nor is it just a paper document found in the Registrar’s Office. This is a pervasive definition that draws most, if not all, academic and administrative offices of an institution under the FERPA umbrella.

5. SJSU DIRECTORY INFORMATION
SJSU Policy (S66-20) on Disclosure of Student Directory information is more restrictive that what the law provides
SJSU DIRECTORY INFORMATION
Enrollment status
Degrees received and dates
Data element outside directory information can only be released with written permission of student.
Excludes solicitation for marketing or membership purposes.
At this point, with the proper foundation laid, you can now display on this slide what your institution identifies as directory information. This is a good “post-it” for future reference. Have this available as a separate handout or advise session participants to copy it and post it close to their phone.

6. FREQUENT FERPA VIOLATIONS
No SSNs on documents posted in public areas
Students walking over documents with other students’ personally identifiable information. For example, class rosters or memos with list of students’ names, SSNs, IDs, or grades. (Must be delivered by university staff member/campus mail)
Documents with SSNs through
No SSN as identifier: Student ID number, DOB. Address

7. Grades Disclosure of student grades in class without student’s consent
Posting of student grades with SSNs or ID numbers.
Sharing of Level 1 data on Google docs
Graded test papers exposed to other students. (Stack them upside down so grades don’t show)
grades (Enter grades in Canvas or Peoplesoft)
Student workers enter grades for the instructor of record. CSU guidelines).
Discarding documents
Recycle bins or trash: (Use campus designated shredding bins)

8. Family & Friends/ Institutional associates
Discussing progress of the student with parents without student’s permission. (Complete FERPA authorization release form on Registrar’s website)
Disclosing student information to friends and relatives
Third Party
Disclosure of student info for commercial, marketing, or membership solicitation purposes. (Use social media sites on SJSU to post membership eligibility requirements)
Disclosure of students’ schedules to locate the student. (In case of emergency, contact UPD
Creation of web forms that requests personally identifiable information that other submitters can see.

9. Third Party -Continued
Sharing of student information by faculty to other faculty, staff, and students unless class is team taught by the faculty members. Applies to clinical supervision site agreements with external entities. SJSU contracts with external sites should include a provision for privacy.
Phishing – don’t open suspicious s
Computer theft (desktop, laptop)- breach of student information either Level 1 (SSN, date of birth), or Level 2- student’s name, ID, GPA, address, phone numbers, address

10. Information Security Office
Mike Cook
Hien Huynh