FERPA for Staff

FERPA for Staff and Student Assistants


What are the Responsibilities Regarding Student Records?

All university employees (including student employees) who have contact with education records are required by law to maintain the confidentiality of these records. Employees are required to complete the online FERPA Training before they can access student records.  


Take the online FERPA Training



What Are Education Records?

An education record is any record directly related to a student that is maintained by an educational agency or institution, or by a party acting for the agency or institution.
The release of any non-directory information about a student to any person outside the university community, with the exception of those specifically exempted by Part 99 of Title 34 of the Code of Federal Regulations, or to any university personnel without a legitimate educational interest violates the federal law as well as UC and UCSB regulations.

Education records do not include:
  • Sole possession records that are used only as memory aids and not shared with others
  • Law enforcement unit records
  • Employment records, unless the employment is dependent on the employee’s status as a student (such as graduate assistants)
  • Medical records
  • Records that only contain information about an individual after he or she is no longer a student at that agency or institution

At UCSB, the following offices have been designated as custodians of specific education records. 
TYPE
LOCATION CUSTODIAN
 Academic records
 Office of the Registrar
 University Registrar
 Academic advising records
 Colleges and major departments
 College Deans and academic department Chairs
 Financial Aid records
 Office of Financial Aid and Scholarships
 Financial Aid Director
 Financial records
 Billing/Accounts Receivable (BARC) Office
 BARC Manager


What can be Disclosed Without a Student’s Consent?

In certain instances, the law does not require the university to obtain student consent before disclosing information from an academic record. The most common examples of disclosure that do not require your consent include:
  • Disclosures to school officials with a legitimate educational interest
  • Disclosures to other institutions where student is seeking to enroll
  • Disclosures in connection with the receipt of financial aid (validating eligibility)
  • Disclosures to UCOP or to state/local officials in conjunction with legislative requirements
  • Disclosures to organizations under university contract, or to accrediting organizations
  • Disclosures to parents of dependent students who have had drug and alcohol violations 
  • Disclosures in compliance with a judicial order or lawfully issued subpoena or court order
  • Disclosures for a health/safety emergency
  • Disclosures of information from disciplinary proceedings to the alleged victims of violent crimes or sexual offenses
  • Disclosures of name, sanction and outcome of disciplinary proceedings (public information), when a student has been found in violation of a crime of violence

Are Electronic Records and Data Protected by FERPA?
FERPA protects the privacy of all educational records, regardless of the medium in which those records are maintained.
The increasing use of computerized record-keeping systems, and the resulting replacement of paper documents with electronic data, is likely to increase the volume of electronic educational records. Therefore, it is important to remember that the same principles of confidentiality apply to paper records and to electronic data.


Do Student Employees Have to Maintain the Confidentiality of Student Records?
Student employees have the same obligations to maintain the confidentiality of student records as any other employee. Student employees are required to complete the online FERPA Training before they can access student records. When working with student records, a student assistant should work directly with the supervisor to ensure FERPA compliance. It is always best for students to ask questions and err on the side of caution when dealing with the release of any information.


Can Parents Access Their Son's or Daughter’s Education Record?
When a student reaches 18 years of age or enrolls in a post-secondary institution (regardless of age), the rights afforded to the parents of a student automatically transfer to the student. Students who wish to provide consent to a third party, including parents and guardians, will need to provide, to the custodial office that maintains the information to be released, a written and signed consent stating the information to be released and the name and relationship of the person to whom the university is authorized to release information. Such written consents will be honored as a one-time request. UCSB does not offer a campus-wide consent to release form. If a UCSB department chooses to offer a department-specific consent form, the consent may only cover the information maintained by that department. The release of non-departmental information is restricted and may not be disclosed without a separate consent to the appropriate custodial department.



What can be Released if a Student has Requested Non-disclosure?
According to FERPA, a student can request, while still enrolled, that the institution not release any directory information about him/her. University employees must comply with this request and may not release any information without first consulting with the Office of the Registrar.


What Standard Security Practices Must I Follow?
All staff must utilize reasonable measures to preserve the confidentiality, security and integrity of UCSB information systems and the information contained therein. All UCSB staff should practice appropriate security measures:
  • Never disclose, share or loan your username(s) and password(s) to anyone (e.g., another employee, faculty member, supervisor, student assistant, etc.).
  • Never disclose confidential student information to university personnel unless they have a legitimate educational interest. Disclosure without such need violates the federal law as well as UC and UCSB regulations.

In addition, staff should take reasonable measures to restrict unauthorized persons from viewing confidential academic record information. For example, you should:
  • Never leave your computer workstation unattended while signed on without appropriate screen locking (e.g., a password-protected screen saver).
  • Never leave personal log-on information (e.g., username, password, network mapping, etc.) in view of unauthorized persons. 
  • Never program (or hot-key) automatic access to confidential academic record systems.
  • Never download student data to a flash drive, send files to a personal email account, or store student data on an unencrypted, unsecured server.

What are the Consequences for Violating FERPA?
Under federal law, FERPA violations may result in the loss of federal funding for UCSB. Any breach of confidentiality could lead to disciplinary action, including the possibility of termination of employment.


Additional FERPA resources can be found at:
UCSB’s Student Education Records – Disclosure of Information Policy
UCSB's Student Educational Records - FAQ
UCSB’s Disclosure of Information from Student Records - Quick Reference
University of California FERPA Policy
U. S. Department of Education - Family Compliance Office
UCSB Release Matrix


Who to contact with questions/concerns
Questions or comments may be directed to the Office of the Registrar, 1101 SAASB, RegVIP@sa.ucsb.edu.

Please note: These pages have been developed by the Office of the Registrar to provide general information about the law and procedures related to accessing confidential student information and to provide guidance on commonly asked questions or situations faced by faculty, staff, students and parents. These pages are for information purposes only; this information is not university policy nor is it intended as legal advice.

Additional Information
FERPA for Students
FERPA for Parents
FERPA for Faculty
FERPA Training
Definitions