Who Can Release Student Information?
If you have access to student data, you are responsible for its proper handling. No matter what the form or content, you are accountable for handling student records in accordance with the law and University policy. You can view the FERPA Restriction tutorial that demonstrates how to determine whether and which restrictions exist for a student.
FERPA requires that anyone accessing private student records have a "legitimate educational interest" for the information. Examples include:
- Performing a task that is specified in their position description or contract
- Performing a task related to a student’s education or to student discipline
- Maintaining safety and security on campus
University FERPA Training
Instructors are considered "school officials" and have access to basic information of students enrolled in their classes. Instructors may not access the educational records of students who are not currently enrolled in their classes without demonstrating a "legitimate educational interest" in such information.
All University of Arizona students, staff, and instructors are assigned a university managed email account to be utilized for purposes of official correspondence. Instructors may notify students of their individual grades via email, provided the email is sent from a university email account to a university email account. Notification of grades may also be made via the use of the University’s course management tool, Desire2Learn. In either case, students must provide their NetID and password to access their grades.
Leaving personally identifiable graded assignments (homework, quizzes, exams) unattended for students to view is a violation of FERPA. Instead, consider leaving the graded assignments with an assistant who will ask students for proper identification prior to returning the assignments.
It is a violation of FERPA to publicly post grades using the student's name, student identification number, or social security number. Instructors may assign students unique numbers or codes that can be used to post grades, but the order of the posting must not be alphabetic.
When deciding how long to hang on to completed work that was not returned to/picked up by the student, please refer to the University’s retention schedule.
FERPA indicates that an institution may release directory information to anyone, but there is no obligation to do so. Since students can restrict their directory information, you must check a student’s UAccess account for evidence of restriction prior to releasing information. When in doubt, do not release information and contact the Office of the Registrar for guidance.
A student’s educational record is protected under FERPA. Parents will not have access to it unless the student has provided written authorization that specifically identifies which information may be released to the parent. The presence of a parent affidavit permits you to disclose student record information, but you are under no obligation to do so or to speak to parents.
If non-directory information is needed to resolve a crisis or emergency, the University may release that information if it is determined to be "necessary to protect the health or safety of the student or other individuals." Factors considered in making this assessment include but are not limited to the severity of the threat to the health or safety of those involved, the need for the information, the time required to deal with the emergency, and the ability of the parties to whom the information is to be given to deal with the emergency.
Review more information on the FERPA Health & Safety exception.
All subpoenas are reviewed by the Office of the General Counsel to determine the appropriate course of action. If you receive a subpoena, please contact the Office of General Counsel.