FERPA Guidelines for Faculty and Staff

  • The release of non-directory information to parties outside of the University is restricted to the appropriate educational record custodian and only if the custodian has a signed and dated authorization to release statement from the student. A Consent to Release Education Records form is available to facilitate the collection of written consent from the student for release of his/her educational record.
  • Information from a student's educational record may be shared among University officials who have legitimate educational interests.
  • Access to a student's educational records by University officials is restricted to that portion of the record necessary for the discharge of assigned duties.
  • Directory information on individual students may be made available publicly by the appropriate educational record custodian, unless the student has blocked disclosure of directory information. Please refer to the instructions below on how to check for student confidentiality and what to do if a student has blocked disclosure of their directory information.
  • The University does not provide mailing lists to any third party for either commercial use or for solicitation of any product or service. For additional guidelines on appropriate use of student data, see ADG06.

FERPA Tutorial

Learn more about the Family Educational Rights and Privacy Act (FERPA) and its role in governing privacy of student education records.

View FERPA Tutorial

How to Check for Student Confidentiality

The federal Family Educational Rights and Privacy Act of 1974 (FERPA, also known as the Buckley Amendment) is the federal law that protects the privacy of student education records and identifies the rights of students with respect to their education records kept by institutions. As part of the requirements of FERPA, the University has a policy on Confidentiality of Student Records (policy AD-11). Faculty and staff have access to student records for "legitimate educational interests" necessary to carry out their job responsibilities.

Under FERPA, institutions must not release education records without prior written consent from the student. However, FERPA identifies a category of information as "directory information," which institution may release without student permission unless the student has blocked disclosure of such information. The list of items Penn State has designated as "directory information" can be found on the Registrar's Office website.

If you are asked for information about a student by anyone external to the University, even if it's simply directory information, you must first check to see if the student has blocked disclosure:

  • In LionPATH, a FERPA alert night shade icon can be viewed on most pages of a student's account in the Student Center to indicate that the student has requested that directory information not be released.
  • In LionPATH, a FERPA alert night shade icon can be viewed on most pages of a student's account in Advisor Center > Student Center to indicate that the student has requested that directory information not be released.
  • Canvas class rosters flag those students who have requested that directory information not be released with an asterisk (*) on the People page.

If a student has blocked disclosure of directory information, you must respond to the requestor that we have no record of the person. You may not even acknowledge the fact that the person is or ever was a Penn State student.

More information about student confidentiality holds can be found on the Understanding the Student FERPA/Confidentiality Hold section.

For questions about FERPA or student confidentiality, please contact the Office of the University Registrar.

Additional Resources

Find answers to some of the most frequently asked questions about FERPA and how to correctly manage common scenarios involving student information.

View FERPA Scenarios View FERPA FAQs View Faculty and FERPA Understand the FERPA/Confidentiality Hold

Do's and Don'ts

Good practice by faculty and staff members requires that they maintain, use, and report student data in compliance with the requirements of FERPA and University Policy (policy AD11). The following statements provide practical guidelines to follow:

  1. Do refer requests for student record information to the proper educational record custodian.
  2. Do keep only those individual student records necessary for the fulfillment of your teaching or advising responsibilities.
  3. Do keep any personal records relating to individual students separate from their educational records. Private notes of a professor/staff member concerning a student that are intended for professor's/staff member's own use are not part of the student's educational record.
  4. Do insure privacy when asking for student PSU ID. When on the telephone, be aware that the student may not be in a private environment.
  5. Do ask for only the last four digits of the PSU ID on exams and other documents, when needed, to identify different students with the same name.
  6. Do properly dispose of all papers and documents that contain the PSU ID.
  7. Do use blind copies when emailing groups of students.
  8. Do Not include the PSU ID in the subject line of an email message.
  9. Do Not include the PSU ID on any document mailed by surface mail where the PSU ID is visible on the document or in a window envelope.
  10. Do Not display student scores or grades publicly in association with the student name, PSU ID, Social Security number, or other personal identifier. Scores or grades may be posted using a code known only to you and the student.
  11. Do Not put papers or lab reports containing student names and grades in publicly accessible places. Students must not have access to the scores and grades of others in the class.
  12. Do Not circulate printed class lists containing non-directory information such as, PSU IDs for purposes of taking attendance. Instead, use a blank "sign in" sheet.
  13. Do Not upload a class list or any information about a student to a vendor's website without first checking with purchasesoftware@psu.edu to see if Penn State has a FERPA-compliant contract with the vendor.
  14. Do Not conduct research using student information without first receiving approval from the Office of Research Protections/Institutional Review Board and ensuring compliance with FERPA requirements.
  15. Do Not make value judgments or use inappropriate language in any comments or notes that are entered into LionPATH or stored in shared student files, since these comments and notes are considered part of the education record and are subject to the student's right to review.
  16. Do Not request information from the educational record custodian without a legitimate educational interest and the appropriate authority to do so.
  17. Do Not share student educational record information with other faculty or staff members of the University unless their official responsibilities provide for a legitimate educational interest.
  18. Do Not ask for the PSU ID on any document that will be viewed by anyone other than a University employee with an educational need to know. Examples:
    • On exams, homework assignments and attendance rosters, especially if other students may view these documents.
    • On questionnaires, surveys and other documents soliciting additional personal information.
    • On checks payable to the University or to the student.
    • On non-academic documents such as a Fitness Pass or an appointment sign-in sheet.
  19. Do Not share, by phone or correspondence, information from student educational records, including grades or grade-point averages, with parents or others outside the University, including within letters of recommendation, without written consent from the student.