FERPA Basics for Instructors or Staff Members
With only a few exceptions (described below), student records are considered confidential and neither they nor personally identifiable information from them may be disclosed to others without the written consent of the student
As a faculty or staff member, you have a legal responsibility to protect student records in your possession from unauthorized disclosure, access, or use
As a faculty or staff member, you may access student information only when and to the extent that it is needed for legitimate completion of your responsibilities as a university employee
With only limited exceptions, students have a right to see our records about them, including even casual and informal records such as emails and handwritten notes to the file; with that in mind, all records about students should be created deliberately and thoughtfully
If you have any questions about FERPA, please do not hesitate to contact the Office of the Registrar at registrar@arizona.edu and/or the Office of General Counsel at OGC-Info@email.arizona.edu
Who Has Access to Education Records | Who Can Release Information?
In general, students have a right to access their own education records, as well as to control access to those records by others; in general, the University and its employees are prohibited from releasing or disclosing "personally identifiable information" from a student's education record to anyone other than the relevant student — including even the student's parents, and even if the student is a minor — without that student's prior written consent.
However, FERPA allows disclosure without student consent in several circumstances, including but not limited to the following:
Allows disclosure to University employees who have a job-related need to know the information contained in the records in order to perform their institutional duties (e.g., faculty members sending grades to the Registrar’s Office or faculty or staff concerned about a student’s behavior making a report to the Dean of Students Office, the Threat Assessment and Management Team, and/or University Police).
Allows disclosure of “directory information,” as described in more detail here.
Allows disclosure to the parents (or legal guardians) of a "dependent student," as defined in the Internal Revenue Code (under University policy, such disclosures will be made only when the requesting parent or guardian has provided a current, notarized affidavit, along with a copy of the relevant page of the parent's or guardian's most recent income tax return indicating the student's dependent status; otherwise, prior written consent from the student is required).
Allows disclosure of relevant appropriate information to those who need to know and/or can provide assessments and/or assistance in situation involving a significant perceived threat to the health and safety of students and/or others; such information may also be shared relatively freely internally under the “university employee” exception described above, but, in general and whenever reasonably possible, should be shared externally only by University Police, the Dean of Students, Campus Health, or others specifically authorized to do so by the University Registrar.
Questions on When to Release a Student's Information?
If you have access to student data, you are responsible for its proper handling. No matter what the form or content, you are accountable for handling student records in accordance with the law and University policy. You can view the FERPA Restriction tutorial that demonstrates how to determine whether and which restrictions exist for a student.
FERPA Training for Instructors, Instructional Support Teams, and Staff
All employees who utilize student data to complete their job duties are to complete FERPA training prior to accessing the data. The University provides two trainings: one for instructors and instructional support teams, and one for staff who do not fall under the first category. Please follow the link below to learn how to register for each respective training.
FERPA Training for Instructors and Instructional Support Teams, and Staff
FERPA Frequently Asked Questions for Instructors and Staff
Instructors are considered "school officials" and as such are granted access to certain basic information of students currently enrolled in their classes. Instructors may not access the education records of students who are not currently enrolled in their classes without demonstrating a "legitimate educational interest" in such information.
All University of Arizona students, staff, and instructors are assigned a university-managed email account to be used for purposes of official correspondence. Instructors may notify students of their individual grades via email, provided the email is sent from a university email account to a university email account. Notification of grades may also be made through the University’s course management tool, Desire2Learn. In either case, students must provide their NetID and password to access their grades.
Leaving personally identifiable graded assignments (homework, quizzes, exams) unattended for students to view is a violation of FERPA, as it allows for unauthorized access. Instead, consider leaving the graded assignments with an assistant who will ask students for proper identification prior to returning the assignments.
It is a violation of FERPA to publicly post grades using the student's name, student identification number, or social security number. Instructors may assign students unique numbers or codes that can be used to post grades, but the order of the posting must not be alphabetic. It is preferable to post grades to the University’s course management tool, Desire2Learn, which provides fast and easy access.
When deciding how long to hang on to completed work that was not returned to/picked up by the student, please refer to the University’s retention schedule.
FERPA provides that an institution may release general directory information (that is, the items of directory information that have been designated for general, not limited, release) to anyone, but there is no obligation to do so. Also, since students can restrict their directory information in various ways, you must check a student's UAccess account to confirm that there is no applicable restriction prior to releasing information. If you have any question or doubt about a request for directory information or a student's restriction status, do not release the information and contact the Office of the Registrar for guidance.
A university student’s records are protected under FERPA, regardless of the student’s age and regardless of whether the parents are paying the student’s tuition. A parent generally will not be granted access to those records unless the student has provided authorization that specifically identifies which information may be released to the parent. You can check for the presence of an active FERPA release in UAccess on the student record. An appropriate release on file permits you to disclose student record information, but you are under no obligation to do so or to speak to parents. If you have any question about a request or a student's FERPA authorization status, do not release the information and contact the Office of the Registrar for guidance.
Internally, relevant information may be shared relatively freely with University personnel who can help to assess or address the situation, such as the Dean of Students Office, the Threat Assessment and Management Team, and/or University Police, as well as to University personnel and students who need the information to protect their own health and safety. Externally, the University may share information that it determines to be "necessary to protect the health or safety of the student or other individuals." Factors considered in making this assessment include but are not limited to the severity of the threat to the health or safety of those involved, the need for the information, the time required to deal with the emergency, and the ability of the parties to whom the information is to be given to deal with the emergency. This determination and any such external disclosures are made by the Office of Public Safety, the University Police, the Dean of Students, Campus Health, and others specifically authorized to do so by the University Registrar.
Review more information on the FERPA Health & Safety exception.
All subpoenas are reviewed by the Office of the General Counsel to determine the appropriate course of action. If you receive a subpoena, please contact the Office of General Counsel.