FERPA Privacy Checklist for Online Course Hosting
The Family Educational Rights and Privacy Act (FERPA) is a federal law that requires universities to (1) give students access to their education records, and (2) keep personally identifiable education records confidential with respect to third parties.
Because an online environment creates a record of student activity, it is subject to FERPA privacy rights, unlike verbal exchanges in a physical classroom.
STRICT CONFIDENTIALITY IS REQUIRED FOR INFORMATION ABOUT STUDENTS. More details: http://www.ncsu.edu/legal/legal_topics/student_privacy.php
[ Example: an off-campus vendor uses its servers to automatically grade electronic student assignments and send the grades back to the instructor on campus. ]
[ Examples: the instructor posts student work for other students in the class to review, or a person or computer at the university makes student information available to a vendor who provides online supplemental services for course management software or for textbook materials. ]
1. First Option -- Student Consent
If “yes,” to either of the two prior questions, then one way to comply with FERPA is to obtain the written, signed, dated consent of each student for the release of his/her information. This consent must be completely voluntary; that is, students who decline to provide the consent must not be denied any academic opportunity or privilege or suffer any adverse consequences. A generic consent form is at http://www.ncsu.edu/legal/legal_topics/ferpa/ferpaonlineforms.php
2. Second Option -- Student Comments Only Available to Other Students in the Course
For communications and posting of student work for electronic discussion among students in a class, the express written consent of students is NOT required, provided that
i. electronic postings of student work do not contain grades or evaluative comments of the professor,
ii. the students perform the posting rather than the professor,
iii. students are notified prior to or at the time of enrollment that posting of their work is a course requirement, and
iv. the posted work is available only to members of the class.
3. Third Option -- Outside Parties Under Contract to the University
Where an outside party, such as a vendor, receives student information (e.g., for grading, or access to online supplemental materials provided by a textbook publisher), the third party recipient should be bound by contract to preserve confidentiality, if at all possible. Please contact the Office of General Counsel for assistance with drafting a contract appropriate for your needs.
Do you require students to send a letter to the editor, or post to a non-university blog, or post to a social networking site not affiliated with faculty, or comparable activity?
In such cases the activity may not be FERPA-protected because it has not been received and therefore is not in the custody of the university, at least until the student submission is copied or possibly just reviewed by the faculty member. However, the privacy principle behind FERPA is a concern in this situation. Therefore…
This type of student submission should be assigned only if it can be done without the student being identified as an NC State student, and without indicating that the submission is part of academic endeavor.
Questions may be directed to Clifton Williams, Office of General Counsel, 919/515-3071 or firstname.lastname@example.org.
Please note that FERPA was written before the Internet existed, it is an awkward fit to modern teaching, and concerns about the workability or usefulness of FERPA are better addressed to the U.S. Department of Education.