FERPA: 20 Tips for Professors

Important privacy considerations for educators
See also: FERPA: Key Terms and FERPA Toolkit

Communication
  1. Always use your university-supplied email for corresponding with students.
  2. While you may email students through their personal email addresses relating to general course questions, anything related to grades or personal information can only be sent to a students institution-provided email.
  3. When sending mass emails to a class, there are two main ways to keep email addresses hidden from other students: the BCC feature (blind copy), or by creating a distribution list for a class.
  4. Instant messaging sites are not considered secure under FERPA for communicating with a student about their education record.
  5. Unlike IM'ing, video-chatting services (like Skype), where the student can be visually identified, are considered secure for discussing things like graded assignments with students.
  6. With online or blended courses, use the communication built into the LMS (Canvas) whenever possible.
  7. You can place a statement like "Under FERPA, this email is intended only for _______" to notify the recipient and any unauthorized individuals about the privacy of the email.
Online-specific
  1. Make sure that any third-party programs (e.g., wiki, social media, etc.) you choose to use in a course are FERPA-compliant.
  2. While you can require a student to use a specific program or application, if a student chooses to opt out due the Terms of Service, you'll need to provide an alternative method for that student to access the information.
  3. If your class has an online component, include a statement in your syllabus that material posted on the open web may be viewed by others both in and out of the class.
  4. Never require that students post any personally identifiable information on the internet - allow them to use an alias if they so choose.
  5. Never post instructor comments or grades on a public site, or anywhere they may be publically viewable.
  6. If your course requirements include editing a wiki, it is recommended to explain the inherent open nature of them, and provide a consent form for students to sign.
General Tips
  1. When writing a syllabus, it is advantageous to add a blanket statement like "In this class, our use of technology will sometimes make students' names and Internet IDs visible within the course website, but only to other students in the same class. Since we are using a secure, password-protected course website, this will not increase the risk of identity theft or spamming for anyone in the class. If you have concerns about the visibility of your Internet ID, please contact me for further information."
  2. Grade books should be secured both physically and digitally - password-protect them whenever possible, and try to keep the device they're on (like a laptop or PC) in a safe place like a locked office.
  3. Memory sticks are risky to save grade books on - avoid doing so whenever possible.
  4. When in doubt about whether or not you should share a piece of information about a student, err on the side of caution and do not share it.
  5. When posting student work, even if the name and any identifying information is removed, you must receive written consent before sharing (due to copyright).
  6. FERPA does not prevent an instructor from requiring assignments that have public content, such as creating a Google Site or posting a video onto Youtube or Vimeo. Feel free to do so if it adds to the course.
  7. A non-disclosure/confidential block does not include information within the course. Students with a confidential block are still required to do the work that the faculty member defines as the requirement of the course, including things like posting to a message board on Canvas.