FERPA - For Staff
- Under FERPA, to which student records do I have access?
- What student information may I release?
- What is considered directory information?
- How do I know if a student has restricted access to his/her directory information?
- Am I required to verify the identity of the student or others to whom I disclose education records?
- How does FERPA apply to student workers?
- What are the limits in working with parents?
- How should I handle letters of recommendation?
- May I release information to fraternities and sororities?
- How are subpoenas handled?
- What happens during crisis situations and emergencies?
- Where are FERPA-related forms?
- Questions or concerns?
- FERPA Home
Staff members are normally considered “school officials.” Under FERPA, school officials may obtain access to only those education records in which they have legitimate educational interests. “Legitimate educational interest” is defined as an interest which results from the duties officially assigned to a school official and which are related to such a school official’s responsibility for facilitating the student’s development. In other words, a staff member should only access those student education records that are needed to perform his or her job as an official of the university. Any other access is a violation of FERPA.
FERPA protects the privacy of education records. As a staff member you have a responsibility to protect educational records in your possession. You may not disclose personally identifiable information about students or permit inspection of their records without written permission from the student, unless such action is covered by certain exceptions permitted by FERPA.
Information that is defined as “directory information” may be released without student consent unless the student has directed the university to withhold such information. If such a hold is in place (called a “Buckley flag”), then no information may be released about that student, including no verification whether or not the individual is a student at OSU. If a student has a Buckley flag, "Confidential" will appear next to the student's name on advisee lists/profiles and class lists (class rolls).
The OSU Communications Services Office handles most requests for directory information from entities outside of OSU.
University officials may request student record information through AIRS (Administrative Information Reporting System).
Protection of student privacy is crucial, and the consequences of mishandling of student information are significant. When in doubt, do not release student information—consult your supervisor, your department head, college administrators, or the Registrar’s Office.
Directory information may be released without the written consent of the student, unless the student has filed a Request to Withhold Directory Information. If such a hold is in place (called a “Buckley flag”), then no information may be released about that student, including no verification whether or not the individual is a student at OSU. If a student has a Buckley flag, "Confidential" will appear next to the student's name on advisee lists/profiles and class lists (class rolls).
An institution may not disclose or confirm directory information without the student’s written consent if the student’s social security number or other non-directory information is used alone or combined with other data elements to identify the student.
The following items are considered “directory information” at OSU.
- student's name
- local and permanent addresses or hometown
- institutional electronic mail address
- telephone number
- year of birth
- major field of study
- dates of attendance at Oklahoma State University
- degrees, honors, and awards granted or received and dates granted or received
- academic classification such as freshman, sophomore, junior, senior, etc.
- most recent educational institution previously attended
- dissertation or thesis title
- advisor or thesis/dissertation advisor
- participation in officially recognized organizations, activities, sports and weight and height of students participating in officially recognized sports parents' names and addresses (city and state only)
If a student has a Buckley flag, "Confidential" will appear next to the student's name on advisee lists/profiles and class lists (class rolls). No information may be released about that student, including whether or not the individual is a student at OSU.
Yes. FERPA requires that institutions use "reasonable methods" to verify the identity of students, school officials, parents and others to whom information from education records is disclosed. The use of "widely available" information to verify identity, such as name, date of birth, social security number or student ID number, is not considered reasonable or sufficient.
Identity verification must include at least one element that is either known or possessed only by that person, for example:
- Photo ID
- Random PIN or token
- Biometric factors (ex: fingerprint scan, voice or facial recognition, etc.)
Students who perform work for the university may be designated as “school officials” with a “legitimate educational interest” for specific purposes. The same requirements and responsibilities for full-time faculty and staff exist for student workers. Student workers must be trained on FERPA just as if they were faculty or staff.
At the elementary and secondary school level, FERPA gives parents the right to access education records. When a student reaches 18 years of age or is attending an institution of post-secondary education, FERPA rights transfer from parent to student. Therefore, at the postsecondary level, parents have no inherent rights to access their son’s or daughter’s education records.
Information such as a student’s enrollment in a course, class attendance, or progress/grades in a course is personally identifiable information that constitutes part of the student’s education record that is protected under FERPA. Students may grant a parent or other individual view-only access to specific records using the Proxy tab in Self-Service, and they may also provide consent for University officials to discuss all education records with the parent/proxy. See more details here at Proxy Access.
If a student has provided such consent to discuss records, staff members may release information to parents, provided the identity of the parents has been authenticated.
Parents of a dependent student may challenge denial of access to educational records by providing to the Registrar’s Office evidence that they declare the student as a dependent on their most recent Federal Income Tax form (Form 1040). In this case, staff members may release information to parents, provided the identity of the parents has been authenticated.
Even if no specific information can be released about a student, staff members can often assist parents by providing general information that does not violate FERPA. Enrollment procedures, academic calendar information, policy information, and other similar information may be helpful.
As a staff member, you may be asked to write a letter of recommendation on behalf of a student. If the letter includes information that falls within FERPA’s definition of educational records, such as grade point average or other non-directory indicators, the student’s written consent to disclose this information would be necessary. Unless the student has waived the right of access to the letter, he or she would have the right to read it, because it is part of the student's educational record.
The written release from the student should: (1) specify the records that may be disclosed; (2) state the purpose of the disclosure; and (3) identify the party or class of parties to whom disclosure may be made (FERPA § 99.30). Statements in a recommendation that are based on the staff member's personal observations about a student do not require a written release from the student.
Many fraternities and sororities maintain scholarship committees, academic excellence awards, and related types of activities that are based upon personally identifiable information. However, fraternity and sorority members in charge of these activities are not “university officials” and may not have access to student record information, unless the student has provided written authorization.
At OSU, subpoenas for student education records are generally directed to the Registrar, Bursar, Office of Student Affairs, or other office responsible for maintaining the specific records that are requested. Legal Counsel is consulted when a subpoena is received.
If non-directory information is needed to resolve a crisis or emergency situation, an education institution may release that information if the institution determines that the information is necessary to protect the health or safety of the student or other individuals. Factors considered in making this assessment are: the severity of the threat to the health or safety of those involved; the need for the information; the time required to deal with the emergency; and the ability of the parties to whom the information is to be given to deal with the emergency. If information is released in this type of situation, a record must be placed in the student’s file describing the articulable and significant threat that formed the basis for the disclosure (the circumstances of the emergency).
Please see "Access to Student Records" in the Forms section of the Registrar website.
If you encounter a situation where you are uncertain on how to respond to a request for protected student information, please ask your supervisor for assistance. General questions may be directed to the Office of the Registrar or any other office that serves as an official custodian of student records. Comments or suggestions about this website should be addressed to the Office of the Registrar, 322 Student Union, Stillwater, OK 74078, 405-744-6878 or email firstname.lastname@example.org.