Frequently Asked Questions Regarding the Protection of Our Students’ Records
Compiled by the Office of the Registrar, Bloomington
Family Educational Rights & Privacy Act (FERPA), also known as the Buckley Amendment, was passed in 1974. Generally it is: “A federal law designed to protect the privacy of education records, to establish the right of students to inspect and review their education records, and to provide guidelines for the correction of inaccurate and misleading data through informal and formal hearings.”
Two key components of the law include:
- College students must be permitted to inspect their own education records
- School officials may not disclose personally identifiable information about students, nor permit inspection of their records, without written permission unless such action is covered by exceptions permitted by the Act. A notable exception is disclosing information to school officials determined by the institution to have a legitimate educational interest.
See our publication FERPA Basics-Presentation given by the Office of the Registrar for more information.
Directory information is information not generally considered harmful or an invasion of privacy if disclosed. Generally, student directory information can be released to the public unless the student has filed a restriction on such release (see section below). At IU- Bloomington, directory information includes:
- Address, Phone
- University email address with some restrictions
- Campus, School, College or Division
- Class Standing
- Major Field of Study
- Dates of Attendance
- Admission or Enrollment Status
- Degrees and Awards
- Sports and Athletic Information
Private or Confidential information cannot be released to the public and has some limitations on release within the University. The information is generally considered to be sensitive or an invasion of privacy if disclosed. At IU, private information includes:
- Social Security Numbers and Student ID Numbers
- Date of birth
- Grades, GPA
- Parent information
- Classes in which a student is enrolled
Education Records are directly related to a student and maintained by an institution or its agent, for example:
- Electronic record accessible in SIS
- A paper that has been graded
- Blue book exams
- Documents in a student’s file (e.g., advising history notes)
- Documents stored that pertain to a conversation with the student
Education Records are NOT:
- sole possession (lap drawer)
- law enforcement unit records
- employment records (unless employment is based on student status)
- medical records
- alumni records
A student may file a formal restriction on the release of all or some of his/her directory information at any time. Once a restriction is filed, the affected directory information becomes confidential.
If you have online access to the Student Information System (SIS), you will notice a privacy shade icon associated with their account. When you see this icon on any page, it indicates that the student has filed a restriction on the release of specific information to third parties. In order to find out what information is releasable, click on the privacy shade icon.
If you have any questions regarding this restriction, you may contact the Office of the Registrar at REGISTRAR@indiana.edu or call us at (812)855-1986.
For individuals looking at paper documents where restrictions are not clearly designated, err on the side of caution, consider the information not releasable. You may contact the Office of the Registrar to inquire about specific cases.
Yes, we consider the UID confidential information since it is the key to a student’s educational record that is maintained in SIS and other IU systems. The SSN used to be the key to the record but use of the SSN has decreased or been eliminated because of identity theft concerns. While the UID is not as sensitive as the SSN (regarding identify theft), it is still confidential especially when paired with other student identifiers such as name.
According to IU University Counsel, the display of the UID in the subject line of an email should be avoided.If you have a list of students to be transmitted via email, you should use slashtmp.iu.edu. Only use the combination of name and UID in the body of the email when absolutely necessary. Information about the slashtmp.iu.edu can be found at: https://slashtmp.iu.edu .
No, unless the student has signed a written consent authorizing release of the information to the parents this information cannot be released. You may direct the parents to talk with their son or daughter about a Third Party Pin which gives them access to OneStart/Self Service. Third Party PIN Information can be found at the following link: http://kb.iu.edu/data/auoz.html
No, you should never store student records or any confidential information on your desktop or the hard drive (typically, C:\) of your system. All student confidential information must be saved to a secure server.
Yes, you may. But you should realize that once information is stored in a file related to the student, it becomes part of that student’s educational record even if it is a personal note for your viewing only. And since it is part of the educational record, the student can request to inspect the file.
No, email is not considered a secure communication medium for transmitting sensitive/restricted information. We suggest that you send out emails to inform students that they need to contact you or to point them to a website where authentication is required (secure username and password).
Yes, a student employee can be considered a school official with a legitimate need to access the information as long as the student needs the access to perform his/her job. To request access to student records information, please contact your data supervisor. For a list of data supervisors : http://registrar.indiana.edu/dma/pdfs/datasupervisors.pdf
No, class rosters and a student’s schedule are considered confidential information and therefore, should not to be given to third parties.
No, grades should not be posted in a public area by SSN or UID. In addition, a breach of information including SSN can result in personal criminal charges according to Indiana Law. http://informationpolicy.iu.edu/resources/safedata/laws.shtml#ssn
No, pictures are not considered directory information at IU. You should obtain a written release before posting pictures on a website unless the student is unidentifiable.
No, you may not post confidential information on Oncourse for all students to view. When handling confidential information such as grades and attendance records, you must post this type of information to each student individually.
No, a student’s schedule is confidential information and is protected under FERPA. If it is an emergency, you may contact the Office of the Registrar or the Dean of Students to handle the situation.
- specify what records may be disclosed (e.g., admission status, grades)
- the purpose of the disclosure (e.g., supporting job searches)
- identify the party or class of parties to whom the disclosure may be made (e.g., parents)
- specify the time period or event in which consent applies (e.g., while the student is a University Division student)
- signature of the student and date
If you have any questions regarding written consent forms, please contact the Office of the Registrar or consult with University Counsel.
Statements made from personal observation or knowledge do not require signed release. However, specific information concerning academic performance, grades or ranking in class does require a release. As part of the education record, a student has the right to access the recommendation letter, unless the student waived this right in writing.
You should contact the Office of the Registrar: in person at 408 N. Union St. or by email at REGISTRAR@indiana.edu or by telephone at (812)855-1986.
In addition, please see our publication FERPA Basics-Presentation given by the Office of the Registrar for more information.