The Federal Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. All employees of Voyager Academy are required to be familiar with and uphold the basic provisions of the law. This article provides guidelines for working with student data.
What types of data are protected under FERPA? Below is a list of examples that is not meant to be exhaustive. When in doubt, err on the side of caution and do not release the data!
- Date and place of birth.
- Parent/guardian addresses and emergency contact information
- Any information on an official transcript, including grades, test scores, and courses taken
- Student number (UID)
- Social security number
- Picture/portrait (also subject to media release rules)
- EC records
- Disciplinary records
- Medical records (also protected under HIPAA)
Essentially, when working with protected data, you must be careful how you disclose it and to whom. The philosophy of the law is that if a 3rd party wants to view or know data about a student, that party must have a legitimate educational reason for doing so. Since you have access to protected data, you must make this determination when deciding whether or not to release it.
Taken from ed.gov:
Generally, schools must have written permission from the parent or eligible student in order to release any information from a student's education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions:
School officials with legitimate educational interest
Other schools to which a student is transferring
Specified officials for audit or evaluation purposes
Appropriate parties in connection with financial aid to a student
Organizations conducting certain studies for or on behalf of the school
To comply with a judicial order or lawfully issued subpoena
Appropriate officials in cases of health and safety emergencies
State and local authorities, within a juvenile justice system, pursuant to specific State law
- Use of another staff member's login credentials to access any student records system. In our case, this means NCEdCloud credentials (which are used for Powerschool), email, and others. You should not provide your own credentials, nor request or otherwise obtain credentials that are not your own. Please also note that doing so for any school-operated account, not just limited to those that house student data, is a violation of the Acceptable Use Policy for technology.
- Discussing a student's protected data with a colleague outside of a professional context.
- Sharing a student's data with other students.