The Family Educational Rights and Privacy Act | FERPA | Overview

The Family Educational Rights and Privacy Act – simply known as FERPA to many – is a federal law passed in 1974 for the purposes of protecting private student information. In accordance with FERPA guidelines, students have a number of privacy rights, such as the following:

  • The right to control disclosure of their educational records, along with the right to inspect and review their educational records.
  • The right to request amendment and correction of their educational records, if they are inaccurate or misleading. (Note: Student has a right to a formal hearing if necessary).
  • The right to file a complaint regarding a FERPA violation.

The Family Educational Rights and Privacy Act | FERPA | Rights of Students

It’s important to note that parents retain such privacy rights for their children, until they turn eighteen (18) or attend a school of high education (i.e., above primary level), in which such rights are transferred to the students themselves. While schools must have consent from parents or eligible students for disclosing educational records, there are exceptions, such as the following (according to the United States Department of Education at

  • School officials having a legitimate educational interest for such records.
  • Other institutions for which such student is transferring to.
  • Officials who need such records for audit or evaluation purposes.
  • Various parties affiliated with financial aid matters.
  • Various entities undertaking specific studies for an institution.
  • Accrediting bodies.
  • Orders of a court.
  • Various officials in cases of health and safety emergencies.
  • Local, state, and federal authorities.

The Importance of Security Policies for FERPA Compliance

It’s also important to note that amended changes since the inception of FERPA in 1974 had discussed the need for information security, particularly the safeguarding of personally identifiable information. Specifically, in 2008, the Department of Education stated that it “encourages the holders of personally identifiable information to consider actions that mitigate the risk and are reasonably calculated to protect such information”. Furthermore, the FERPA Final

Furthermore, the publication states if a theft of systems, hacking – anything relating to unauthorized disclosure of PII – then additional measures are to be considered, such as performing a risk assessment, among other things. Fast forward to recent FERPA changes that went into effect on January 3, 2012, and can see how information security again plays an important role, especially regarding the strengthening of FERPA enforcement provisions, which essentially hold all parties more accountable for the misuse and abuse of PII, particularly that of confidential student information, which has been broadened to include the reference to “directory” information.

Industry Leading Security Policies | Download Today for FERPA

What does it all mean – that it’s time for educational institutions and other relevant third parties to get serious about ensuring the safety and security of highly privileged and sensitive information. The very best place to start is by adopting comprehensive operational, business specific, and information security policies and procedures, such as those included within the FLANK21 set of documents offered by us. Containing literally hundreds of high-quality policies, procedures, forms, checklists, and templates – and more – the GISCP packet from FLANK should be your only choice for high-quality security documentation.