The Family Educational Rights and Privacy Act (FERPA) is a Federal law designed to protect the privacy of a student’s education records. The law applies to all schools which receive funds under an applicable program of the U.S. Department of Education.
What Educators Should Know About FERPA
Due to the wording of this act (which originated in 1974, prior to the Internet) all computer ﬁles and records in courses using myCourses/Blackboard or other online components are considered educational records protected by the act. Simply disclosing the fact that a particular student is enrolled in a course could violate students’ legal rights and put the faculty member – and the university – at risk of legal action. What this means in practice is that students have the right to expect that any material they submit in a course with an online component—as well as their names and other identifying information—will not be viewable by guests or other individuals permitted access to the course. The exception to this is cases in which students have given explicit, written, signed consent. Verbal consent or e-mail is insufﬁcient.
Additionally, students who have elected to have their directory information restricted may ask to have their name withheld from other members of the course. Legally and ethically, such requests must be taken seriously. This information could compromise the safety of the student; there are cases where stalkers have creatively used enrollment information to terrorize their victims. Discuss concerns with students. Find out which portions of your course are causing concerns and why. If you cannot readily fulﬁll the student’s expectations, look for a compromise solution.
How does it apply to myCourses/Blackboard?
Under FERPA, it is not permissible to reveal the course or courses in which a student is enrolled (without prior written consent) to anyone except as permitted by the Student Records office.
Only “Directory Information” as deﬁned by the University may be released regarding a student. Students may elect to have their directory information withheld.
Since all computer ﬁles and computer generated information on a student maintained by the institution are considered educational records under the law, all data posted by or about a student in myCourses/ Blackboard is, at this time, considered an educational record covered by the act. (Also note that students retain copyright over materials that they post.)
Conditional Release of Materials
Instructors need to familiarize themselves with those features that allow conditional release of materials within a course. From a technical viewpoint, the main problem in relation to both copyright and FERPA is controlling access to materials. While myCourses/Blackboard requires users to authenticate to the system using Binghamton’s single sing-on, some instructors allow some form of guest access to their courses (e.g., guest lecturers, observers). However, these guests should not be able to access copyrighted materials or have access to enrolled student information. Access to copyrighted materials should be restricted to enrolled students and TAs. This means that these materials should only be linked or posted to pages to which access can be controlled.
FERPA requirements are largely fulﬁlled in Blackboard if all areas in which students’ work, names, or IDs might be visible are restricted to prevent guest access. This means that Discussion and E-mail tools, Grade Center, and Groups all should be restricted.
If you have questions about how to provide guest access to your course or what features in myCourses/Blackboard can enable FERPA compliance, please visit with our staff.
Considerations When Using Publisher or Third Party Resources
It has become quite common to hear news stories about security breaches at colleges and universities around the country. While Binghamton has been fortunate thus far, this is an issue the campus takes very seriously.
One way in which problems of this nature may occur is in the use of third parties to provide services. Examples include book publishers who offer online activities for students, course management software companies, popular blogging or discussion board sites, etc. To guard against illegal activity and to protect privacy, it is important that instructors use systems and services already approved and available from ITS, or that we develop contracts that ensure vendors are aware of and responsible for meeting our data privacy requirements.
All applications and services that utilize student records need extra attention to comply with federal law and to protect sensitive information. Please utilize the resources available through ITS or the CLT before engaging in such activities (contractual or informal) with a third party for any student related service.
Tips to Remain Compliant with FERPA Regulations
Use existing services and infrastructure; don’t agree to have your student data (names, grades, discussion boards, student projects, etc.) stored outside of Binghamton’s control
Talk with ITS and CLT about speciﬁc needs you have which are not currently available and/or supported by the university
Protect your students’ privacy; don’t share information about students with a third party
Keep your electronic devices (laptops, desktops, servers, tablets, etc.) secure, don’t leave devices where they could be stolen and hacked off site.
Keep your own portal password safe; don’t share it with peers or TA’s
CLT Event Presentation - The Legalese of Higher Education, November 21 2014
Frequently Asked Questions - The Legalese of Higher Education, November 21, 2014
This material is based on Legal Issues: Copyright, Accessibility, and FERPA by Educational Technologies (ET@MO), University of Missouri, Special thanks to Charles Rigdon, Educational Technology Specialist, for allowing us to modify and redistribute this work.