What are the responsibilities of faculty and staff regarding student records and disclosure of information?
All university faculty and staff are considered school officials and are required by law to maintain the confidentiality of student records. Any school official who maintains specific records is considered a record custodian. The Office of the Registrar is the official custodian for academic records.
The release of any non-directory information about a student (including course grades, letters of recommendation, GPA’s, etc) to any person outside the university community or to any university personnel without a legitimate educational interest violates federal and state law, as well as university regulations. All University faculty and staff are responsible for protecting the confidentiality of the information.
What are the consequences of violating FERPA?
FERPA violations may result in the loss of federal funding for the university. Any breach of confidentiality could lead to disciplinary action, including the possibility of termination of employment.
May I access any student’s academic record?
Not all faculty and staff have the right to inspect and review the education records of students. Faculty and staff must have a “legitimate educational interest” or “need to know” within the context of their role. Typically at UNC Asheville, faculty who serve as advisors may search for and access student academic records via their OnePort account. Faculty who do not serve in an advisor role, may not access student academic records. Staff must be employed in one of the administrative offices which require access to student academic records in order to perform essential job functions. If they are not, they cannot be given access to student academic records.
How do I notify students of their grades?
All faculty should instruct students to check their grades via their OnePort account. Grades will display for students once an official grade roll has been done by the Office of the Registrar. Grade rolls are performed regularly throughout the day when grading is open for that semester.
Graded work should be returned personally to the student. A stack of graded papers should not be left in a box for students to pick up themselves as this would violate their right to privacy.
What do I do if the parent of a student contacts me?
Parents lose their FERPA rights when their child turns 18 or starts attending college, whichever happens first. If the parent of a student contacts you, by any means, you should first verify with the Office of the Registrar that the student has authorized access through their OnePort account to a proxy. The proxy can be a parent or any individual the student authorizes. A student has control over what information they want their proxy to be able to view. The proxy will access that information, as authorized, via an online portal.
Please Note: There is no longer a paper FERPA Release form for students to fill out. The entire process is online. Since typically faculty and staff will not be able to view whether the student has completed the online FERPA authorization process, it is critical that you verify what you can and cannot release about that student prior to any discussions taking place.
In summary:
- Never release any information about a student that isn’t considered directory information as defined by the institution.
- If a parent shows up with the student, you may discuss information with them since the student is present but always ask to see a photo ID of the student if you are not familiar with him/her.
- If a parent says that they have a written consent form from the student, you should not accept it unless you witnessed the student signing it or have written confirmation from the student yourself that they have authorized you to release information to their parent. The written consent should clearly state what information may be released and the student must sign the request.
- After you have received clearance that releasing information about a particular student is permissible, always verify the identity of the person with whom you are speaking, especially if the student is not present. Ask to see their photo ID.
What security measures should I take to ensure confidentiality, security and integrity of student records and the University Student Information System?
- Never disclose, share or loan your personal username or password to anyone. Everyone should obtain their own individual log-on if access for them is deemed necessary.
- Ensure that remote access to, retrieval and transmission of confidential academic record information is accomplished through a secure and encrypted connection.
- Faculty and staff should restrict unauthorized persons from viewing confidential information. Some examples would include;
- never leave your computer unattended while signed on. Using a password-protected screen saver is one way but protective measures should be taken to ensure information is protected as well as unauthorized access to your work area;
- never leave personal logon information in view of unauthorized persons;
- always lock your office and lock up any academic records or confidential information away from view.
May I discuss my students with other faculty?
Faculty should discuss a student’s academic record only with that student or with university employees in the performance of official duties.