The Family Educational Rights and Privacy Act of 1974 (FERPA) is a federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA deals specifically with the education records of students, affording them certain rights with respect to those records. For purposes of definition, education records are those records which are:
FERPA gives students who reach the age of 18 or who attend a post-secondary institution the right to inspect and review their own education records. Furthermore, the right to request amendment of records and to have some control over the disclosure of personally identifiable information from these records shifts from the parent to the student at this time.
FERPA applies to the education records of persons who are or have been in attendance in post-secondary institutions, including students in cooperative and correspondence study programs, video conference, satellite, internet or other electronic forms. FERPA does not apply to records of applicants for admission who are denied acceptance or, if accepted, do not attend an institution.
For more information regarding FERPA, visit the U.S. Department of Education.
Those records directly related to a student and maintained by the institution or by a party acting for the institution are considered education records. The term "education records" does not include the following:
Records of instructional, supervisory, administrative, and certain educational information that is in the sole possession of the maker thereof, and are not accessible or revealed to any other individual except a substitute who performs on a temporary basis (as defined in the institutional personnel policy) the duties of the individual who made the records.
Records maintained by a law enforcement unit of the educational agency or institution that were created by that law enforcement unit for the purpose of law enforcement.
Records relating to individuals who are employed by the institution, which are made and maintained in the normal course of business, relate exclusively to individuals in their capacity as employees, and are not available for use for any other purpose. Records of individuals who are employed as a result of their status as students (for example, work study students) are education records.
Records relating to a student which are:
Created or maintained by a physician, psychiatrist, psychologist, or other recognized professional or paraprofessional, acting in his/her professional capacity or assisting in a paraprofessional capacity or assisting in a paraprofessional capacity.
Used solely in connection with the provision of treatment to the student.
Not disclosed to anyone other than individuals providing such treatment.
Faculty, administration, student employees, clerical and professional employees, and other persons who manage student records information.
This includes contractors, consultants, volunteers and other outside providers used by the University of Colorado Boulder. These include the University of Colorado Foundation and the National Student Clearinghouse.
It means the demonstrated need to know by those officials of an institution who act in the student's educational interest. Any school official who needs information about a student in the course of performing instructional, advisory, or administrative duties for the University of Colorado Boulder has a legitimate educational interest.
Boulder Campus Use Practices for Sending Student Data through Email and Fax
Any directory-level student information may be sent via email or fax.
Emails sent from an @colorado.edu address to another @colorado.edu address are, in general, encrypted. However, many Boulder Campus employees and students have opted to have their email forwarded to another email service provider. Thus, the campus allows the sending of Level 3 data (see CIW ISIS: Reporting Security Levels) via campus email, including to other University of Colorado campuses, but continues to restrict the sending of Level 4 and Level 5 data via email (restricted to certain Bursar's Office or Office of Financial Aid functions). The use of fax and the campus Large File Transfer service is allowed for Level 4 and Level 5 data. Sending password-protected files via email is discouraged, because the password is often also sent via email, thus removing the security, and also because passwords can be lost.
Large amounts of non-directory student data (i.e., greater than 24 students) and data reports containing Level 2 or higher data should always be sent via the Large File Transfer service or other protected means, and not via email.
Grade rosters must never be submitted by email. Grades must be submitted via the campus Web Grading system. Corrections to entire grade rosters (e.g., due to a roster-wide calculation error) also may not be submitted via email, even for rosters with fewer than 25 students.
IN REVIEW: Boulder campus allows the sending of student name and SID, as well as student name/SID/Level 3 data (including grades), via email only when the email is sent from an @colorado.edu address to another @colorado.edu (or other University of Colorado) email account, with the exception of grade roster submissions. Only directory information may be sent to non-CU email addresses.
Students may release their academic records to their parents, a prospective employer, insurance companies, etc., by providing written consent. The notice of written consent must include the following information:
If you intend to graduate in December 2014, be sure to complete each item below by the date listed. To find out about your graduation requirements, contact your department or advisor.