FERPA - For Faculty


May I post grades?

The public posting of grades by the student’s name, CWID, or social security number, without the student’s written permission, is a violation of FERPA. If necessary, instructors can assign students unique numbers or codes that can be used to post grades, but the order of the posting must not be alphabetic. Students may access six-week grades and final course grades on Self Service soon after they are posted by faculty.

Back to Top


What are acceptable methods for returning assignments and exams?

Leaving personally identifiable, graded papers (exams, homework, etc.) unattended for students to view is a form of publicly posting grades. If these papers contain personally identifiable information, then leaving them unattended for anyone to see is a violation of FERPA. If papers cannot be returned personally and individually during class, an alternative would be to leave the graded papers with an assistant who would ask students for proper identification prior to releasing them.

Back to Top


Under FERPA, to which student records do I have access?

Faculty members are normally considered “school officials.” Under FERPA, school officials may obtain access to only those education records in which they have legitimate educational interests. “Legitimate educational interest” is defined as an interest which results from the duties officially assigned to a school official and which are related to such a school official’s responsibility for facilitating the student’s development. In other words, a faculty member should only access those student education records that are needed to perform his or her job as an official of the university. Any other access is a violation of FERPA.

Back to Top


What student information may I release?

FERPA protects the privacy of education records. As a faculty member you have a responsibility to protect educational records in your possession. You may not disclose personally identifiable information about students or permit inspection of their records without written permission from the student, unless such action is covered by certain exceptions permitted by FERPA.

Information that is defined as “directory information” may be released without student consent unless the student has directed the university to withhold such information. If such a hold is in place (called a “Buckley flag”), then no information may be released about that student, including no verification whether or not the individual is a student at OSU. If a student has a Buckley flag, "Confidential" will appear next to the student's name on the class list (class roll).

The OSU Communications Services Office handles most requests for directory information from entities outside of OSU.

University officials may request student record information through AIRS (Administrative Information Reporting System) (https://airs.okstate.edu/DW/AIRS/Login.aspx).

Protection of student privacy is crucial, and the consequences of mishandling of student information are significant. When in doubt, do not release student information—consult your department head, college administrators, or the Registrar’s Office.

Back to Top


What is considered directory information?

Directory information may be released without the written consent of the student, unless the student has filed a Request to Withhold Directory Information. If such a hold is in place (called a “Buckley flag”), then no information may be released about that student, including no verification whether or not the individual is a student at OSU. If a student has a Buckley flag, "Confidential" will appear next to the student's name on the class list (class roll).

An institution may not disclose or confirm directory information without the student’s written consent if the student’s social security number or other non-directory information is used alone or combined with other data elements to identify the student.

The following items are considered “directory information” at OSU.

  • student's name
  • local and permanent addresses or hometown
  • institutional electronic mail address
  • telephone number
  • year of birth
  • major field of study
  • dates of attendance at Oklahoma State University
  • degrees, honors, and awards granted or received and dates granted or received
  • academic classification such as freshman, sophomore, junior, senior, etc.
  • most recent educational institution previously attended
  • dissertation or thesis title
  • advisor or thesis/dissertation advisor
  • participation in officially recognized organizations, activities, sports, and weight and height of students participating in officially recognized sports
  • parents' names and addresses (city and state only)

Back to Top


How do I know if a student has restricted access to his/her directory information?

If a student has a Buckley flag, "Confidential" will appear next to the student's name on the class list (class roll). No information may be released about that student, including whether or not the individual is a student at OSU.

Back to Top


Am I required to verify the identity of the student or others to whom I disclose education records?

Yes. FERPA requires that institutions use “reasonable methods” to verify the identity of students, school officials, parents and others to whom information from education records is disclosed. The use of “widely available” information to verify identity, such as name, date of birth, social security number or student ID number, is not considered reasonable or sufficient.

Identity verification must include at least one element that is either known or possessed only by that person, for example:

  • Photo ID
  • Random PIN or token
  • Password
  • Biometric factors (ex: fingerprint scan, voice or facial recognition, etc.)

Back to Top


What are the limits in working with parents?

At the elementary and secondary school level, FERPA gives parents the right to access education records. When a student reaches 18 years of age or is attending an institution of post-secondary education, FERPA rights transfer from parent to student. Therefore, at the postsecondary level, parents have no inherent rights to access their son’s or daughter’s education records.

Information such as a student’s enrollment in a course, class attendance, or progress/grades in a course is personally identifiable information that constitutes part of the student’s education record that is protected under FERPA. Students may grant a parent or other individual view-only access to specific records using the Proxy tab in Self Service, and they may also provide consent for University officials to discuss all education records with the parent/proxy.  See more details here:  http://registrar.okstate.edu/Faculty-Advising-New-Student-System-Information#proxyaccess.  If a student has provided such consent to discuss records, faculty members may release information to parents, provided the identity of the parents has been authenticated.

Parents of a dependent student may challenge denial of access to educational records by providing to the Registrar’s Office evidence that they declare the student as a dependent on their most recent Federal Income Tax form (Form 1040).  In this case, faculty members may release information to parents, provided the identity of the parents has been authenticated.

Even if no specific information can be released about a student, faculty members may be able to assist parents by providing general information that does not violate FERPA. Course requirements, a copy of the course syllabus, and other similar information may be helpful.

Back to Top


How should I handle letters of recommendation?

As a faculty member, you may be asked to write a letter of recommendation on behalf of a student. If the letter includes information that falls within FERPA’s definition of educational records, such as grade point average or other non-directory indicators, the student’s written consent to disclose this information would be necessary. Unless the student has waived the right of access to the letter, he or she would have the right to read it, because it is part of the student's educational record.

The written release from the student should:

  1. specify the records that may be disclosed
  2. state the purpose of the disclosure, and
  3. identify the party or class of parties to whom disclosure may be made (FERPA § 99.30)

Statements in a recommendation that are based on the faculty member’s personal observations about a student do not require a written release from the student.

Click here for a sample permission form to write a single letter of recommendation.
Click here for a sample consent form that may be used for multiple recommendations.

Back to Top


What happens during crisis situations and emergencies?

If non-directory information is needed to resolve a crisis or emergency situation, an education institution may release that information if the institution determines that the information is necessary to protect the health or safety of the student or other individuals. Factors considered in making this assessment are: the severity of the threat to the health or safety of those involved; the need for the information; the time required to deal with the emergency; and the ability of the parties to whom the information is to be given to deal with the emergency. If information is released in this type of situation, a record must be placed in the student’s file describing the articulable and significant threat that formed the basis for the disclosure (the circumstances of the emergency).

Back to Top


Questions or concerns?

If you encounter a situation where you are uncertain on how to respond to a request for protected student information, please ask your department head for assistance. General questions may be directed to the Office of the Registrar or any other office that serves as an official custodian of student records. Comments or suggestions about this website should be addressed to the Office of the Registrar, 322 Student Union, Stillwater, OK 74078, 405-744-6878 or email: registrar@okstate.edu.

Back to Top