The Catholic University of America

Summary of Federal Laws

Students

Miscellaneous Laws Affecting Students  

Compliance Partners

Dean of Admissions

Chief Information Officer

Director of Disability Support Services

General Counsel

Director of Enrollment Services, Business Systems
Associate Dean - Student Conduct & Ethical Development
Associate Director of Enrollment Management Systems
Associate VP Enrollment Management & Registrar
Manager, Networks and Security
Program Coordinator, OCA
Dean of Students

Director of Alumni Relations

Information Security Officer

Related Policies

Student Records

Information Security and Assurance

Parental Notification

The Family Educational Rights and Privacy Act of 1974 (FERPA) (also known as the Buckley Amendment)

 20 U.S.C. § 1232g; 34 C.F.R. § 99.1 et seq.

Regulates the keeping and dissemination of *education records* at all institutions that receive federal funds or who have students receiving federal funds. Procedures must be in place to allow a student access to education records. Consent must be obtained to release education records to a third party, with certain exceptions contained in the law. Directory information may be released without permission of the student unless the student has specifically requested that said information not be released. Types of information that may be disclosed as directory information include: student's name, degrees and awards received, address, most recent previous institution attended, participation in officially recognized sports, activities, dates of attendance, major fields of study, e-mail address, class schedule, full- or part-time status, and photograph. Information which may not be released as directory information includes social security number, race/ethnicity or gender.

Students must be informed of their rights under this law. For a model notification policy for postsecondary schools see the Model Notification of Rights under FERPA for Postsecondary Institutions. Students must be granted a hearing to challenge information in a record they believe is incorrect.

College officials with a legitimate educational interest in the record may have access to it. Records of disclosures and requests for disclosure must be kept, as well as indicate specifically the legitimate interest that each such person has in obtaining the information. Records need not be kept when the request was from the student or accompanied by written consent from the student, from a faculty or school official who was granted access, a subpoena prohibiting disclosure to the student, or for directory information.

Changes made by the Higher Education Opportunity Act Effective August 14, 2009 institutions will be required to (upon written request) disclose to the alleged victim (or next of kin) of a crime of violence or a nonforcible sex offense, the final results of any institutional disciplinary proceeding dealing with the crime or offense. See the NAICU HEA 101 Quick Guide on this provision. This is subject to negotiated rulemaking.

 

Notice of an altered system of records, 78 Fed. Reg. 38963, June 28, 2013.

The Chief Operating Officer for Federal Student Aid (FSA) of the Department of Education (Department) published this notice proposing to revise the system of records entitled ``National Student Loan Data System (NSLDS)". Not technically an amendment to FERPA, but related to privacy issues and student record ID debate. For summary of issues, see ACE July 29, 2013 Comments on the NSLDS proposed revisions. Also note the notice issued in June is contrary to the decision in the Association of Private Sector Colleges and Universities v. Duncan, which noted that 20 USC 1015c prohibits the Department from collecting information for its National Student Loan Data System on students who do not receive and have not applied for either federal grants or federal loans.

Electronic Privacy Information Center et al  v. US Department of Education, *Case filed in US District Court for District of Columbia alleging violation of the Administrative Procedure Act in promulgation of FERPA regulations released Dec. 1, 2011. The amendments modified the definitions of the terms “authorized representative”, “directory information”, and “education program” as used in the statute and the litigation claims DOE exceeded its statutory authority in promulgating the regulations. See the EPIC press release on case.

 

FERPA Final Rule, 76 Fed. Reg. 75604, Dec. 2, 2011.
This 253 page document includes a number of changes to FERPA.  See the shorter summary for Parents and Students and the Overview for SEAS and LEAS all on the FPCO web page. The regulations are effective Jan. 3, 2012. The introduction to the regulations notes as follows: "These amendments also reduce barriers that have inhibited the effective use of SLDS as envisioned in the America Competes Act and the ARRA."

 

The Campus Sex Crimes Prevention Act and FERPA 

FERPA is amended (§ 1232g(b)(7)(A)) by the Campus Sex Crimes Prevention Act (Pub. L. No. 106-386; 42 U.S.C. § 14071) to make it clear that FERPA does not prohibit release of data on registered sex offenders under this law. The Campus Sex Crimes Prevention Act requires sex offenders who must register under state law to provide notice of enrollment or employment at any institution of higher education (IHE) in that state where the offender resides, as well as notice of each change of enrollment or employment status at the IHE. In turn, this information will be made available by the state authorities to the local law enforcement agency that has jurisdiction where the IHE is located. As of October 27, 2002, the IHE must issue a statement (under the reporting requirements in 20 U.S.C. § 1092(f)(1)) advising the campus community as to where information concerning registered sex offenders can be obtained. FERPA is amended to make it clear that FERPA does not prohibit release of data on registered sex offenders under this law. 

See the Family Policy Compliance Office guidance entitled Disclosure of Education Records Concerning Registered Sex Offenders. The guidance states in relevant part: 

Thus, nothing in FERPA prevents an educational institution from disclosing information provided to the institution under the Wetterling Act concerning registered sex offenders, including personally identifiable, non-directory information from education records that is disclosed without prior written consent or other consent from the person. The authority of educational institutions to make such disclosures extends both to information about registered sex offenders made available by a State in carrying out the specific requirements of the CSCPA (42 U.S.C. § 14071(j)), and information about registered sex offenders that may otherwise become available to educational institutions through the operation of State sex offender registration and community notification programs. 

Selected Case Law Under FERPA


Resources: 

NACUANOTES Vol. 11, No. 9: The Revised FERPA Regulations and Increased Access to Personally Identifiable Information (April 5, 2013)


Emergencies on Campus: Department of Education guidance on FERPA, June 2011

GAO Postsecondary Education: Many States Collect Graduates' Employment Information, but Clearer Guidance on Student Privacy Requirements is Needed September 2010 See letter at end of document for summary of future guidance to be issued on FERPA.

FPCO Letters from 2002 through June 2007: This page indexes and contains links to technical assistance letters issued by the Family Policy Compliance Office. The letters were obtained by a Freedom of Information request made by the Office of General Counsel at the Catholic University of America. 

Guidelines to Responding to Compulsory Legal Requests for Information: By Steven McDonald and Andrea Nixon
Includes information on responding to subpoenas, search warrants, court orders, National Security Letters, and Public Records Requests.

The Department of Education's Family Policy Compliance Office. School officials who have routine questions regarding FERPA may contact the Family Compliance Office via e-mail at FERPA@ed.gov

Students who wish to contact the office may call (202) 260-3887 or write to:
Family Policy Compliance Office
U.S. Department of Education
400 Maryland Avenue, SW
Washington, DC 20202-4605

 CUA Office of General Counsel Publication: November 1997 - Student Records

Privacy and the Handling of Student Information in the Electronic Networked Environments of Colleges and Universities
A wonderful 1997 White Paper by Cause (now Educause) in conjunction with AACRAO. It is probably the best help there is for universities trying to implement new student administration systems that are in compliance with FERPA.

 

 updated 4/9/13 CCR

updated 8/30/13 to add NSLDS issue