Why Is FERPA Compliance Training Important?
Sunny studio/Shutterstock.com

What Is FERPA?

FERPA stands for the Family Educational Rights and Privacy Act [1]. Passed in 1974, it is a law that is designed to protect the privacy of student records. With FERPA, students have the right to:

  • Inspect and review the information contained within their education record
  • Request that their education records be amended
  • Consent to personally-identifiable information being disclosed from their education record
  • File a complaint with the Family Policy Compliance Office of the Department of Education

Who Does FERPA Apply To?

FERPA applies to the student education records of any educational institution or agency that receives federal funds administered by the Department of Education. It retroactively encompasses the admission records of students who apply once they become students and attend classes at a federally-funded university.

It does not apply to applicants who are successfully admitted but for whatever reason, choose not to attend. It also does not apply to applicants who applied for admission and were denied.

As soon as a student enters a post-secondary institution or turns 18 years old, FERPA rights transfer from the parents to the student [2]. Alumni can also be defined as students, but keep in mind that FERPA does not cover records that relate to details of the student’s life after they graduate.

What Information Does FERPA Protect?

FERPA protects 3 main types of information:

  1. Personally-identifiable information (PII)
  2. Education Information
  3. Directory Information

It is important to note that directory information does not require signed or written consent before it is released, although it should be disclosed to the student that this information was released [3]. Consequently, the two biggest parts of the coverage that FERPA provides are educational and personally-identifiable information.

In short, FERPA covers all kinds of educational information, including academic report cards, class schedules, transcripts, family and contact details, and even disciplinary reports.

Fortunately, FERPA compliance is not difficult, but there are some points that need to be kept in mind with regard to consent, students' rights, and what can and cannot be released, and to whom.

Students Should Be Aware Of Their Rights

Educational institutions should inform students of their rights, including any potential changes to FERPA that may impact them. This should be done on a yearly basis. Keep in mind that students have the right to view their educational records and any recommendation letters at any time. If they want, they can waive these rights to be able to see these files. It is their choice.

With tuition rates climbing higher and higher, students and their parents need to feel confident that their information is being properly safeguarded. Beyond this, the educational institution has an obligation to be involved in social responsibility and demonstrate that safeguards are in place, not just in terms of physical papers and records, but digital files as well.

Notifying Groups About Information Covered Under FERPA

Job recruiters, employment agencies and employers often visit universities and other educational institutions, so it is entirely possible that they can be exposed to private information.

In these cases, it is a smart idea to remind them that the information they are being exposed to is covered under FERPA and that this information cannot be disclosed without the student’s consent. More than the actual employers and agencies themselves, this extends to any third parties as well.

Student Information Used In Directories

Unlike with other types of information, where students have to give consent to it being released, the educational institution is only required to notify the student when their information will be used in a directory.

Of course, it is a good idea to clearly let them know what protected details will be included and give them a reasonable amount of time to opt out or let the university know that they do not want their information to be included in a directory.

The Ever-Important Role Of Cybersecurity And FERPA

FERPA compliance also covers digital information. Hackers, scammers and other unsavory individuals and groups have been known to steal private student information, including logins and passwords.

For example, it is a good idea for all universities and educational institutions to have their information technology department to be FERPA compliant. Utilizing security tools such as encryption and compliance monitoring are crucial to safeguarding student information. As well as, routinely conducting vulnerability tests on both local and cloud-based database systems to check for and patch any vulnerabilities that may exist.

Of course, it is clearly no longer a matter of  "if" a data breach happens, but when. This is why it is so important to create and have a contingency plan in place should if such a disaster should occur. Not only will this demonstrate preparedness and assertiveness on the part of the university, but it will also help to safeguard the institution’s reputation even in difficult and trying times.

Why Is Compliance Training So Important?

It is important to note that some institutions only require their staff to sign off saying that they understand FERPA without actually undergoing any training. In this day and age, with cybersecurity threats, this can become a crucial mistake both in terms of the actual damage done financially as well as the goodwill endangered by the lack of training and appropriate response.

Without the right training, staff may not understand what is protected and what is not, as well as how those protections are applied. Beyond simply knowing about protections, it is important to actually put that training into practice.

For example, there are lots of free apps out there that can easily steal information from your network, so you will need to be informed on the proper processes and procedures as to what’s safe for your network and what is not [4].

It is also vital that campus administrators address scandals immediately and publicly. News organizations pounce on stories about fraternities and hazing, athletic scandals and sex crimes almost the moment these stories break. Universities and educational institutions must know how to address these issues while staying in compliance with FERPA.

This is why the right FERPA compliance training is so critical to ensuring that the university not only projects a safe, stable and secure presence to the community and its students but also takes prompt and decisive action without simply opening the floodgates to the wealth of student information when the press comes knocking.

What Are The Consequences Of Non-Compliance?

The consequences of non-compliance can go well beyond monetary fines or the removal of federal funding from the university or college. These points alone are enough to cripple a campus, but they may also open the doors for lawsuits and other litigation depending on the severity of the breach. In addition, each state may also levy penalties against the institution for failing to be FERPA compliant.

As you can see, FERPA is an integral part of promoting a safe, secure and private college experience for all students. Failing to abide by this law can have a ripple effect across the entire campus and the reputation of the university as a whole. To avoid this, ensure that your staff, employees, directors and all parties involved in the protection and dissemination of personally-identifiable student information are properly trained and understand the regulations and rules regarding how they deal with student information.

According to the U.S. State Department of Education, these trainings foster educational excellence and ensure equal access.


[1] Family Educational Rights and Privacy Act 

[2] Protecting the Privacy of Student Education Records

[3] Student Privacy 101: Why school directory information sharing is a major student privacy issue (https://www.worldprivacyforum.org/2015/08/student-privacy-101-why-directory-information-and-ferpa-is-a-major-edu-privacy-issue/)

[4] The Unintentional Ways Schools Might Be Violating FERPA, and How They Can Stay Vigilant (https://www.edsurge.com/news/2018-09-12-the-unintentional-ways-schools-might-be-violating-ferpa-and-how-they-can-stay-vigilant)

eBook Release: KnowledgeCity LMS
KnowledgeCity LMS
KnowledgeCity LMS is more than a state-of-the-art employee training platform. Our LMS is loaded with powerful tools that put you in full control to manage, personalize and guide organizational training to deliver the best learning experience.