FERPA & Privacy

The Family Educational Rights and Privacy Act of 1974 (FERPA) is a federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

FERPA for Faculty and Staff

  • Never use student name, SSN, student ID, photo or other personally identifiable information when posting class or grade rosters, regardless of medium.
  • Do not maintain student grades with personally identifiable information on public computers, websites or personal laptops. (Questions about appropriate storage and technologies may be directed to IT Security at 303-735-HELP or to the Office of the Registrar.)
  • Ensure learning management and other systems do not display sensitive information to others.
  • Unless you know the student, always verify that you are providing non-directory information appropriately by asking for a photo ID; you may also verify using the security passphrase or ID photo in MyCUInfo.
  • Ensure a student has not restricted release of directory information before disclosing it.
  • Never leave student papers, exams or files on desks/desktops when away from the office.
  • Request a release prior to drafting a student letter of recommendation.
  • Securely dispose of documents and files containing sensitive information.
  • Never provide class schedules to unauthorized third parties for purposes of locating a student.
  • Answer parent/third-party questions by referencing university policy and procedures that apply to all students BEFORE disclosing information from a student's record (see also Verifying FERPA Consent to Release).

FERPA Certification

All faculty or staff members who obtain CU-SIS access must agree to and abide by the FERPA certification, reproduced here:

Student data originated and stored on university computer equipment through reports or through the sharing of data files is university property. I understand that by virtue of my employment at the University of Colorado, I may have access to records that contain individually identifiable student data. I understand it becomes my responsibility to maintain the rights of students particularly as outlined in the Family Educational Rights and Privacy Act of 1974 (FERPA). I understand I have the responsibility to maintain confidentiality. I will not exhibit or divulge the contents of any record or report to any person except in the conduct of my work assignment and in accordance with FERPA. I acknowledge that I fully understand that the intentional disclosure by me of this information to any unauthorized person, including another university employee, or the tampering of any data that resides on any data system, violates university policy and could constitute just cause for disciplinary action, including but not limited to suspension of access privileges, a letter of reprimand, employment termination and/or accountability in a court of law. I understand that security dictates that I do not allow anyone to know or use my password and should I discover that my password is known (whether used or not), I will immediately change my password. Furthermore, I understand that should it be learned that I allow another person to use my logon ID and password, all access to these systems granted as a registered user will be immediately terminated.