The Federal Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. All employees of Voyager Academy are required to be familiar with and uphold the basic provisions of the law. This article provides guidelines for working with student data.

Protected Data

What types of data are protected under FERPA? Below is a list of examples that is not meant to be exhaustive. When in doubt, err on the side of caution and do not release the data!

  • Date and place of birth.
  • Parent/guardian addresses and emergency contact information
  • Any information on an official transcript, including grades, test scores, and courses taken
  • Student number (UID)
  • Social security number
  • Picture/portrait (also subject to media release rules)
  • EC records
  • Disciplinary records
  • Medical records (also protected under HIPAA)
  • Attendance
  • Awards

Your obligations

Essentially, when working with protected data, you must be careful how you disclose it and to whom. The philosophy of the law is that if a 3rd party wants to view or know data about a student, that party must have a legitimate educational reason for doing so. Since you have access to protected data, you must make this determination when deciding whether or not to release it.

Taken from ed.gov:

Generally, schools must have written permission from the parent or eligible student in order to release any information from a student's education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions:
  • School officials with legitimate educational interest
  • Other schools to which a student is transferring
  • Specified officials for audit or evaluation purposes
  • Appropriate parties in connection with financial aid to a student
  • Organizations conducting certain studies for or on behalf of the school
  • Accrediting organizations
  • To comply with a judicial order or lawfully issued subpoena
  • Appropriate officials in cases of health and safety emergencies
  • State and local authorities, within a juvenile justice system, pursuant to specific State law

Typical violations

  • Use of another staff member's login credentials to access any student records system. In our case, this means NCEdCloud credentials (which are used for Powerschool), email, and others. You should not provide your own credentials, nor request or otherwise obtain credentials that are not your own. Please also note that doing so for any school-operated account, not just limited to those that house student data, is a violation of the Acceptable Use Policy for technology.
  • Discussing a student's protected data with a colleague outside of a professional context.
  • Sharing a student's data with other students.