Family Educational Rights & Privacy Issues

The Family Educational Rights and Privacy Act (FERPA) is a Federal law designed to protect the privacy of a student’s education records. The law applies to all schools which receive funds under an applicable program of the U.S. Department of Education.


-Family Compliance Office Homepage

What Educators Should Know About FERPA

Due to the wording of this act (which originated in 1974, prior to the Internet) all computer files and records in courses using myCourses/Blackboard or other online components are considered educational records protected by the act. Simply disclosing the fact that a particular student is enrolled in a course could violate students’ legal rights and put the faculty member – and the university – at risk of legal action. What this means in practice is that students have the right to expect that any material they submit in a course with an online component—as well as their names and other identifying information—will not be viewable by guests or other individuals permitted access to the course. The exception to this is cases in which students have given explicit, written, signed consent. Verbal consent or e-mail is insufficient.

Additionally, students who have elected to have their directory information restricted may ask to have their name withheld from other members of the course. Legally and ethically, such requests must be taken seriously. This information could compromise the safety of the student; there are cases where stalkers have creatively used enrollment information to terrorize their victims. Discuss concerns with students. Find out which portions of your course are causing concerns and why. If you cannot readily fulfill the student’s expectations, look for a compromise solution.

How does it apply to myCourses/Blackboard?

  1. Under FERPA, it is not permissible to reveal the course or courses in which a student is enrolled (without prior written consent) to anyone except as permitted by the Student Records office.

  2. Only “Directory Information” as defined by the University may be released regarding a student. Students may elect to have their directory information withheld.

  3. Since all computer files and computer generated information on a student maintained by the institution are considered educational records under the law, all data posted by or about a student in myCourses/ Blackboard is, at this time, considered an educational record covered by the act. (Also note that students retain copyright over materials that they post.)

Conditional Release of Materials

Instructors need to familiarize themselves with those features that allow conditional release of materials within a course. From a technical viewpoint, the main problem in relation to both copyright and FERPA is controlling access to materials. While myCourses/Blackboard requires users to authenticate to the system using Binghamton’s single sing-on, some instructors allow some form of guest access to their courses (e.g., guest lecturers, observers). However, these guests should not be able to access copyrighted materials or have access to enrolled student information. Access to copyrighted materials should be restricted to enrolled students and TAs. This means that these materials should only be linked or posted to pages to which access can be controlled.

FERPA requirements are largely fulfilled in Blackboard  if all areas in which students’ work, names, or IDs might be visible are restricted to prevent guest access. This means that Discussion and E-mail tools, Grade Center, and Groups all should be restricted.

If you have questions about how to provide guest access to your course or what features in myCourses/Blackboard can enable FERPA compliance, please visit with our staff. 

Considerations When Using Publisher or Third Party Resources

It has become quite common to hear news stories about security breaches at colleges and universities around the country. While Binghamton has been fortunate thus far, this is an issue the campus takes very seriously.

One way in which problems of this nature may occur is in the use of third parties to provide services. Examples include book publishers who offer online activities for students, course management software companies, popular blogging or discussion board sites, etc. To guard against illegal activity and to protect privacy, it is important that instructors use systems and services already approved and available from ITS, or that we develop contracts that ensure vendors are aware of and responsible for meeting our data privacy requirements.

All applications and services that utilize student records need extra attention to comply with federal law and to protect sensitive information. Please utilize the resources available through ITS or the CLT before engaging in such activities (contractual or informal) with a third party for any student related service.

Tips to Remain Compliant with FERPA Regulations

  • Use existing services and infrastructure; don’t agree to have your student data (names, grades, discussion boards, student projects, etc.) stored outside of Binghamton’s control

  • Talk with ITS and CLT  about specific needs you have which are not currently available and/or supported by the university

  • Protect your students’ privacy; don’t share information about students with a third party

  • Keep your electronic devices (laptops, desktops, servers, tablets, etc.) secure, don’t leave devices where they could be stolen and hacked off site.

  • Keep your own portal password safe; don’t share it with peers or TA’s



This material is based on Legal Issues: Copyright, Accessibility, and FERPA by Educational Technologies (ET@MO), University of Missouri, Special thanks to Charles Rigdon, Educational Technology Specialist, for allowing us to modify and redistribute this work.