FERPA in the United States

Your Classroom Must Protect Student Privacy

Federal Privacy Guidelines in the United States

Here, I'll be discussing policies as they apply to a college classroom and at public institutions in the United States.  In a K-12 setting, the rules are somewhat different in regards to parental access to student information, and specific institutions (particularly military or religious-affiliated institutions) may apply these guidelines in ways that I'm unaware of.  I am not a lawyer and I am not a legal expert, and FERPA's policies are complex.  The Student Press Law Center offers a comprehensive guide to FERPA policies and case histories.  Also, these laws are specific to the United States — other countries will have different privacy laws, though the practices of protecting student privacy may be similar.

Also, please note that laws, policies, and internet security protocols regularly change, and that your institution may have specific requirements that differ from information provided online — you should always read and understand institutional guidance.  If your institution provides guidance that appears incorrect or potentially unlawful, you speak with campus administrators to ensure student privacy is protected.

• Under FERPA in a college setting, you cannot share student grades with anyone except that student.  You may not share grades with the student's parents, regardless of whether the parent is paying the student's tuition, unless the student provides you with a written and signed authorization to do so.

• You cannot use e-mail to share student grades.  You don't have any assurance that the student will be the one who accesses the e-mail, as a music student at McGill learned.

• Additionally, you may only track grades in a FERPA-compliant information system.  Paper records in a locked file cabinet, digital files on a password-protected computer, your institution-sanctioned Course Management System, Microsoft Enterprise Services, and GSuite for Education provide sufficient privacy protections to meet FERPA guidelines.  

• Consumer online storage might not meet FERPA guidelines, so always use institution-sanctioned servers.  Although I regularly recommend Google Docs as an excellent teaching tool, I will never record grades on a Google Sheets document, let alone use a Google Doc to share those grades, because I use a consumer Google account.  With a consumer account, it's possible that Google could mine my personal information for advertising or other purposes, including any student information located there.  Yes, I have dual sign-in on my account, and it is extremely unlikely that Google would "steal" student grades, but "likely safe" is not at all the same thing as legally protected.  Besides which, there's the chances of accidentally sharing your gradebook — if you drag it to a new folder by accident, it's suddenly shared with everyone else who has access.