Ensuring parents and eligible students have appropriate rights regarding education records.

• Right to Inspect and Review Education Records - FERPA.1.1

  Provide parents and eligible students the right to inspect and review the student's education records within a reasonable time; not to exceed 45 days after the request.

• Right to Request Amendment of Records - FERPA.1.2

  Provide parents and eligible students the right to request that a school correct records which they believe to be inaccurate or misleading.

• Right to Consent to Disclosure - FERPA.1.3

  Obtain written consent from parents or eligible students before disclosing personally identifiable information (PII) from education records; except as permitted by law.

• Notification of Rights - FERPA.1.4

  Annually notify parents and eligible students of their rights under FERPA through various methods (e.g.; website; student handbook; direct mail).

Rules governing the disclosure of personally identifiable information from student education records.

• Prior Written Consent for Disclosure - FERPA.2.1

  Ensure that prior written consent is obtained from the parent or eligible student before disclosing PII from education records; unless an exception applies.

• Exceptions to Consent - School Officials - FERPA.2.2

  Disclose PII to school officials with legitimate educational interests.

• Exceptions to Consent - Transfer to Another School - FERPA.2.3

  Disclose PII to officials of another school where a student seeks or intends to enroll.

• Exceptions to Consent - Financial Aid - FERPA.2.4

  Disclose PII in connection with an application for or receipt of financial aid.

• Exceptions to Consent - Judicial Order/Subpoena - FERPA.2.5

  Disclose PII to comply with a judicial order or lawfully issued subpoena; typically with prior notification to the parent/student.

• Exceptions to Consent - Health or Safety Emergency - FERPA.2.6

  Disclose PII to appropriate parties in connection with an emergency if necessary to protect the health or safety of the student or other individuals.

• Exceptions to Consent - State/Local Authorities - FERPA.2.7

  Disclose PII to state and local educational authorities; e.g.; for audit or evaluation purposes.

• Exceptions to Consent - Directory Information - FERPA.2.8

  Disclose 'directory information' without consent; provided the institution has informed parents/eligible students of directory information and given them an opportunity to opt out.

• Exceptions to Consent - Audit or Evaluation - FERPA.2.9

  Disclose PII to authorized representatives of the Comptroller General of the United States; the Attorney General of the United States; the Secretary of Education; or state and local educational authorities for audit or evaluation of federal or state supported education programs.

• Exceptions to Consent - Research Studies - FERPA.2.10

  Disclose PII to organizations conducting studies for or on behalf of the institution to develop; validate; or administer predictive tests; administer student aid programs; or improve instruction.

• Exceptions to Consent - Victim of Violent Crime - FERPA.2.11

  Disclose to an alleged victim of any crime of violence or non-forcible sex offense; the final results of any disciplinary proceeding.

• Exceptions to Consent - Disciplinary Info (Drug/Alcohol) - FERPA.2.12

  Disclose to parents of students under 21; information regarding any violation of law or school policy concerning the use or possession of alcohol or a controlled substance.

• Exceptions to Consent - Sex Offender Info - FERPA.2.13

  Disclose information provided to the institution under a State law concerning sex offender registration information.

• Record of Disclosures - FERPA.2.14

  Maintain a record of all requests for and disclosures of PII from education records (except for certain exceptions like directory information).

• Directory Information Policy - FERPA.2.15

  Develop and implement a clear policy regarding what constitutes directory information and the opt-out process.

Implementing measures to protect the confidentiality; integrity; and availability of student education records.

• Access Controls for Education Records - FERPA.3.1

  Implement physical and technical access controls to limit access to education records only to authorized personnel with a legitimate educational interest.

• Data Encryption & Secure Transmission - FERPA.3.2

  Utilize encryption for sensitive student data at rest and in transit; especially when transmitted over public networks.

• Data Minimization & Retention - FERPA.3.3

  Collect and retain only necessary student data; and establish policies for secure disposal of records when no longer needed.

• Vendor/Third-Party Data Access Agreements - FERPA.3.4

  Ensure contracts with third-party vendors (e.g.; cloud service providers; learning platforms) that handle education records include FERPA-compliant provisions for data privacy and security.

• Employee Training on Data Privacy - FERPA.3.5

  Provide regular and mandatory training to all employees with access to education records on FERPA requirements and data privacy best practices.

• Incident Response for Data Breaches - FERPA.3.6

  Develop; implement; and regularly test an incident response plan to address and manage potential breaches of student education records.

• Physical Security of Records - FERPA.3.7

  Implement physical security measures to protect paper and digital records stored on-site from unauthorized access or theft.

Requirements for accurate maintenance and management of student education records.

• Accurate & Complete Education Records - FERPA.4.1

  Ensure that all education records are accurate; complete; and maintained in a systematic manner.

• Record Retention Policies - FERPA.4.2

  Establish and adhere to clear record retention schedules for all types of education records.

• Secure Storage of Records - FERPA.4.3

  Implement secure storage solutions for both physical and electronic education records to prevent unauthorized access or loss.

General obligations for educational institutions to ensure and demonstrate FERPA compliance.

• Annual Notification to Students/Parents (Detailed) - FERPA.5.1

  Ensure the detailed annual notification process for FERPA rights is comprehensive and reaches all relevant parties.

• Compliance Officer Designation - FERPA.5.2

  Designate an official responsible for ensuring FERPA compliance and responding to inquiries and complaints.

• Complaint Handling Process - FERPA.5.3

  Establish a clear and accessible process for parents and eligible students to file complaints regarding alleged FERPA violations.

• Internal Audits & Reviews - FERPA.5.4

  Conduct periodic internal audits and reviews of FERPA compliance practices and procedures.

• Response to OCR Investigations - FERPA.5.5

  Cooperate fully with investigations conducted by the U.S. Department of Education's Family Policy Compliance Office (FPCO) regarding FERPA violations.