- Under FERPA, to which student records do I have access?
- What student information may I release?
- What is considered directory information?
- How do I know if a student has restricted access to his/her directory information?
- Am I required to verify the identity of the student or others to whom I disclose education records?
- How does FERPA apply to student workers?
- What are the limits in working with parents?
- How should I handle letters of recommendation?
- May I release information to fraternities and sororities?
- How are subpoenas handled?
- What happens during crisis situations and emergencies?
- Where are FERPA-related forms?
- Questions or concerns?
- FERPA Home
Under FERPA, to which student records do I have access?
Staff members are normally considered school officials. Under FERPA, school officials may obtain access to only those education records in which they have legitimate educational interests. Legitimate educational interest is defined as an interest which results from the duties officially assigned to a school official and which are related to such a school officials responsibility for facilitating the students development. In other words, a staff member should only access those student education records that are needed to perform his or her job as an official of the university. Any other access is a violation of FERPA.
What student information may I release?
FERPA protects the privacy of education records. As a staff member you have a responsibility to protect educational records in your possession. You may not disclose personally identifiable information about students or permit inspection of their records without written permission from the student, unless such action is covered by certain exceptions permitted by FERPA.
Information that is defined as directory information may be released without student consent unless the student has directed the university to withhold such information. If such a hold is in place (called a Buckley flag), then no information may be released about that student, including no verification whether or not the individual is a student at OSU. If a student has a Buckley flag, a screen will appear on SIS when that students record is accessed. This screen indicates that information release is restricted at the request of the student. The SIS web versions of class rolls (class lists) and advisee lists also include designations for students who have Buckley flags.
The OSU Communications Services Office handles most requests for directory information from entities outside of OSU.
University officials may request student record information through AIRS (Administrative Information Reporting System) (https://airs.okstate.edu/DW/AIRS/Login.aspx).
Protection of student privacy is crucial, and the consequences of mishandling of student information are significant. When in doubt, do not release student informationconsult your supervisor, your department head, college administrators, or the Registrars Office.
What is considered directory information?
Directory information may be released without the written consent of the student, unless the student has filed a Request to Withhold Directory Information. If such a hold is in place (called a Buckley flag), then no information may be released about that student, including no verification whether or not the individual is a student at OSU. If a student has a Buckley flag, a special screen will appear on SIS when that students record is accessed. This screen indicates that information release is restricted at the request of the student. The SIS web versions of class rolls (class lists) and advisee lists also include designations for students who have Buckley flags.
An institution may not disclose or confirm directory information without the students written consent if the students social security number or other non-directory information is used alone or combined with other data elements to identify the student.
The following items are considered directory information at OSU.
- student’s name
- local and permanent addresses or hometown
- institutional electronic mail address
- telephone number
- year of birth
- major field of study
- dates of attendance at Oklahoma State University
- degrees, honors, and awards granted or received and dates granted or received
- academic classification such as freshman, sophomore, junior, senior, etc.
- most recent educational institution previously attended
- dissertation or thesis title
- advisor or thesis/dissertation advisor
- participation in officially recognized organizations, activities, sports and weight and height of students participating in officially recognized sports
- parents’ names and addresses (city and state only)
How do I know if a student has restricted access to his/her directory information?
If a student has a Buckley flag, a special screen will appear on SIS when that students record is accessed. This screen indicates that information release is restricted at the request of the student. The SIS web versions of class rolls (class lists) and advisee lists also include designations for students who have Buckley flags. No information may be released about that student, including whether or not the individual is a student at OSU.
Am I required to verify the identity of the student or others to whom I disclose education records?
Yes. FERPA requires that institutions use “reasonable methods” to verify the identity of students, school officials, parents and others to whom information from education records is disclosed. The use of “widely available” information to verify identity, such as name, date of birth, social security number or student ID number, is not considered reasonable or sufficient.
Identity verification must include at least one element that is either known or possessed only by that person, for example:
- Photo ID
- Random PIN or token
- Password
- Biometric factors (ex: fingerprint scan, voice or facial recognition, etc.)
How does FERPA apply to student workers?
Students who perform work for the university may be designated as school officials with a legitimate educational interest for specific purposes. The same requirements and responsibilities for full-time faculty and staff exist for student workers. Student workers must be trained on FERPA just as if they were faculty or staff.
What are the limits in working with parents?
At the elementary and secondary school level, FERPA gives parents the right to access education records. When a student reaches 18 years of age or is attending an institution of post-secondary education, FERPA rights transfer from parent to student. Therefore, at the postsecondary level, parents have no inherent rights to access their sons or daughters education records.
Information such as a students enrollment in a course, class attendance, or progress/grades in a course is personally identifiable information that constitutes part of the students education record that is protected under FERPA. Parents may not have access unless the student has provided written authorization. If a student has filed a consent form to give parents access to student records, this would be indicated on the students record with a note on SIS screen 148. With this form on file, staff members may release information to parents, provided the identity of the parents has been authenticated.
Parents of a dependent student may challenge denial of access to educational records by providing to the Registrars Office evidence that they declare the student as a dependent on their most recent Federal Income Tax form (Form 1040). If such a form has been filed, this would be indicated on the students record with a note on SIS screen 148. In this case, staff members may release information to parents, provided the identity of the parents has been authenticated.
Even if no specific information can be released about a student, staff members can often assist parents by providing general information that does not violate FERPA. Enrollment procedures, academic calendar information, policy information, and other similar information may be helpful.
How should I handle letters of recommendation?
As a staff member, you may be asked to write a letter of recommendation on behalf of a student. If the letter includes information that falls within FERPAs definition of educational records, such as grade point average or other non-directory indicators, the students written consent to disclose this information would be necessary. Unless the student has waived the right of access to the letter, he or she would have the right to read it, because it is part of the student’s educational record.
The written release from the student should: (1) specify the records that may be disclosed; (2) state the purpose of the disclosure; and (3) identify the party or class of parties to whom disclosure may be made (FERPA § 99.30). Statements in a recommendation that are based on the staff member’s personal observations about a student do not require a written release from the student.
Click here for a sample permission form to write a single letter of recommendation.
Click here for a sample consent form that may be used for multiple recommendations.
May I release information to fraternities and sororities?
Many fraternities and sororities maintain scholarship committees, academic excellence awards, and related types of activities that are based upon personally identifiable information. However, fraternity and sorority members in charge of these activities are not university officials and may not have access to student record information, unless the student has provided written authorization.
At OSU, subpoenas for student education records are generally directed to the Registrar, Bursar, Office of Student Affairs, or other office responsible for maintaining the specific records that are requested. Legal Counsel is consulted when a subpoena is received.
What happens during crisis situations and emergencies?
If non-directory information is needed to resolve a crisis or emergency situation, an education institution may release that information if the institution determines that the information is necessary to protect the health or safety of the student or other individuals. Factors considered in making this assessment are: the severity of the threat to the health or safety of those involved; the need for the information; the time required to deal with the emergency; and the ability of the parties to whom the information is to be given to deal with the emergency. If information is released in this type of situation, a record must be placed in the students file describing the articulable and significant threat that formed the basis for the disclosure (the circumstances of the emergency).
Where are FERPA-related forms?
Please see “Access to Student Records” in the Forms section of the Registrar website.
If you encounter a situation where you are uncertain on how to respond to a request for protected student information, please ask your supervisor for assistance. General questions may be directed to the Office of the Registrar or any other office that serves as an official custodian of student records. Comments or suggestions about this website should be addressed to the Office of the Registrar, 700 College Road , Warner, OK 74469, 918-463-6241 or email: cscregistrar@connorsstate.edu.