Family Education Rights and Privacy Act (FERPA)
The Family Educational Rights and Privacy Act of 1974 (FERPA) as amended, is a federal law (20 U.S.C. 1232g) that protects the privacy of a student's educational record. FERPA applies to all educational institutions receiving funds from the United States Department of Education. Michigan Tech makes every effort to comply with FERPA, as outlined in the Disclosure and Release of Student Information policy.
The U.S. Department of Education summarizes the rights afforded to students by FERPA as follows:
- The right to review their educational records within forty-five days from their request
- The right to request amendment to records they believe to be inaccurate
- The right to limit disclosure of some personally identifiable information known as directory information
- The right to file a complaint with the Family Policy Compliance Office in Washington, DC, if they feel their FERPA rights have been violated
FERPA requires universities to provide students with annual notification of these rights. Michigan Tech's annual notification is available online. Students also receive notification of these rights via email each fall semester. Students who suspect that a FERPA violation has occurred should contact the University Registrar (Administration Building; 906 487-2319), or they can contact the Family Policy Compliance Office within the US Department of Education.
FERPA Frequently Asked Questions
What is an Education Record?
An education record is the official record directly related to a student and maintained by the University or by a party acting for the University. This includes any information or data recorded in any medium including, but not limited to handwriting, print, tapes, film, microfilm, microfiche, and any electronic storage or retrieval media.
Education records do not include:
- Sole possession notes that are used only as memory aids and not shared with others
- Campus law enforcement records
- Employment records, unless the employment is dependent on the employee's status as a student (such as evaluations of graduate assistants)
- Counseling and Medical Treatment records
- Alumni Records
What is Personally Identifiable Information?
Personally identifiable information is any information that identifies or describes a student. It includes, but is not limited to, a student's name, the name of a student's parent or other family members, the address of a student or student's family, any personal identifier such as a student's Social Security Number or student ID number, and any personal characteristics or other information that would make a student's identity easily traceable.
What does "legitimate educational interest" mean?
Legitimate educational interest is a demonstrated "need to know" by those officials of Michigan Tech who act in the student's educational interest, including faculty, administration, clerical and professional employees, and other persons who manage student record information including student employees or agents.
What is Directory Information?
Directory information is the information available about a student that is not considered harmful or an invasion of privacy if disclosed. While FERPA protects the privacy of educational records, directory information is not treated as confidential and may be disclosed by the university without student consent unless the student requests confidentiality. At Michigan Tech, directory information includes:
- student's name
- telephone number
- email address
- major field of study
- class (freshmen, sophomore, junior, senior)
- student status; full-time or part-time registration or not currently enrolled
- student level; undergraduate/graduate
- dates of attendance
- participation in officially recognized activities and sports
- leadership positions at Michigan Tech
- weight and height of athletic team member
- specific athletic achievements
- Michigan Tech job title
- degrees and awards received
- academic and other honors
- previous schools attended
- parent/guardian names in conjunction with university awards/recognition
What is Nondirectory Information?
Non-directory information refers to information that generally cannot be released without the student's consent. This includes:
- Social Security Number
- student ID number (unless not connected to student information)
- account balance
- country of citizenship
- credits enrolled
Students may request that no directory information be released to non-University personnel or listed in the campus directory. This status is retained when a student graduates or withdraws from the University and prevents us from complying with any requests for information received after their departure. Requests for confidential status of directory information must be obtained from and submitted to the Registrar's Office.
Requests for confidentiality will impact any request for information from other schools, prospective employers or other persons or organizations. In addition, the student's name will not appear in the Commencement program when they graduate. Any requests for information from non-University personnel will require a written release that the student has signed and dated in order to receive information regarding that student.
A confidential status is removed after the student submits a signed authorization requesting that it be removed to the Registrar's Office.
When asked for information on the student, avoid confirming the existence of the individual, a response of "I do not have any information on the individual" is appropriate. Be sure that individuals requesting confidentiality are excluded from any reports that do not meet a "legitimate educational interest" test.
FERPA's protection of personally identifiable information in a student's education records ends at the time of a student's death and therefore is a matter of institutional policy.
As a courtesy to the families of recently deceased students who were enrolled at the time of death, the University generally will not release information from their education records for one year without the consent of the deceased student's next of kin.
Unless it has information to the contrary, seventy-five years after the date the records were first created, the University will presume that the student is deceased. Thereafter the student's education records will be open.
Disposal of Information
All data, in any format, containing confidential information (such as class rosters, tests, files, etc.) should be destroyed in a manner that ensures that the data cannot be retrieved.
The University recommends that all non-directory information should be transmitted by email only through the official Michigan Tech email account (@mtu.edu). The institution could be held accountable if an unauthorized third party gained access, in any manner, to a student's educational record through any electronic transmission method. Emails should be limited to communication between the University employee and the individual student, or between University employees with a "legitimate educational interest" in the student about whom the email is concerned.
If a student has requested "confidentiality" then no information about that particular student should be included in an email sent to all members of a class or organization in which that student participates.
Faculty who utilize electronic teaching tools such as Blackboard may wish to share students' email addresses or other directory information with others in the same class. This is permissible as long as the faculty member does not share the directory information of any student who has requested confidentiality.
Letters of Recommendation
Statements made by a person making a recommendation that are made from that person's personal observation or knowledge do not require a written release from the student who is the subject of the recommendation. However, if non-directory information obtained from a student's education record is included in a letter of recommendation (grades, GPA, etc), the writer is required to obtain written permission from the student which (1) specifies the records that may be disclosed, (2) states the purpose of the disclosure, and (3) identifies the party or class or parties to whom the disclosure can be made. The permission must also be signed and dated by the student.
If kept on file by the person writing the recommendation, it would be part of the student's education record and student has the right to read it unless he or she has waived that right of access. Letters of Recommendation should be kept on file for seven years from the last time a letter was sent for the individual.
The permission may be written or a form is provided for this purpose which may be accessed at:
University employees should follow university policy regarding the release of information to the media. FERPA does not allow Michigan Tech to discuss a student's educational record publicly—even if the information is a matter of public record. A school official may not assume that a student's public discussion of a matter constitutes implied consent for the disclosure of anything other than directory information in reply—unless confidentiality status has been requested, then no information may be included in the reply.
Parental/Legal Guardian Access
Parental FERPA rights transfer to the student when the child turns eighteen or enrolls in a post-secondary institution as a degree seeking student.
Parents/legal guardians may obtain directory information and must be allowed under the following conditions:
Records may be released to parents/legal guardians only if one of the following conditions has been met: (1) through the written consent of the students, (2) through the electronic consent option of the University Guest Access System, (3) in compliance with a subpoena, and (4) by submission of the Parental Affidavit for Education Record Information form that indicates the student was declared a dependent on their most recent federal income tax form. If the student is the financial dependent of either divorced parent, then 'personally identifiable' information may be disclosed to both parents.
If there is a court order, state statute, or legally binding document relating to such matters as divorce, separation, or custody revoking these rights then information will not be released.
The University is not required to disclose information from the student's education records to any parent/legal guardian of dependent students. However, it may exercise its discretion to do so. University employees may decline to provide the requested information if they determine that disclosure would be detrimental to the student-institution relationship or impede efficient and effective University operations.
Posting of Grades by Faculty
The public posting of grades either by the student's name, institutional student identification number, or Social Security Number without the student's written permission is a violation of FERPA. This includes the posting of grades to a class/University website and applies to any public posting of grades for students taking distance education courses.
Purging of Requests for Access, Records of Disclosure, and Education Records
The University may not purge any education records, if there is an outstanding request to inspect or review the records.
Releasing Non-directory Information over the Phone
FERPA does not preclude an institution from disclosing non-directory information from a student's education records to that student by telephone. We are charged with implementing whatever procedures we deem necessary to verify the individual's identity. Questions such as the student identification number (NOT Social Security Number), date of birth, recent course taken, grade received, instructor name, etc., could be asked. The questions should be correctly answered by the caller before personally identifiable information is provided via the telephone. A random selection of questions from a pool of questions makes it more difficult for an imposter. If you have any concerns as to whom you are talking then you should not disclose any information.
Retention/Storage of Information
Non-directory information should not be left accessible, unattended, or stored in an unsecured environment. Information on a computer system should be treated in the same way as printed material. This applies to data files on hard/jump drives, CDs, etc.
Student Identification Numbers (M numbers)
The student identification number is a randomly generated eight digit number preceded by an "M" and is used as the primary method of identifying students in our electronically stored records. This number is considered personally identifiable and thus confidential.
Student Photos/Voice Recordings
The public posting of student photos in which the student is identified in some way is prohibited. Obtain a signed waiver from the student when images or voice will be used by the University or anyone designated by the University. Download a model permission form and ask the student to complete and sign the form. Retain the form for seven years after the last photo or recording is published.
All lawfully issued subpoenas or court orders for the release of student information must be forwarded to the Registrar's Office for processing. FERPA requires that an attempt be made to contact the student in order that the student has time to challenge the request for information (unless the request specifically prohibits notifying the student). Unless advised to the contrary by University counsel or by court order, the requested information will be released.