EPIC logo

Privacy of Education Records[a]

David A. Banisar, esq.[1]

January 1994

In the United States, public opinion polls have shown a high level of concern about personal privacy since the early 1970s. Increased computerization has led to extensive collection and dissemination of sensitive personal information for a variety of reasons. The federal and state governments have responded by passing a variety of statutes and regulations in many areas to prevent dissemination of personal information. Education records are protected by a number of federal and state statutes and regulations. Generally, school records can not be released without the prior permission of the student.

The Federal Education Records and Privacy Act (FERPA)[2], commonly known as the Buckley Amendment, requires that any school or institution that receives federal funds for education may not release school records or any other personally identifiable information without the prior consent of the student[3], with a few specific exceptions. This law creates a minimum standard for the protection of records which may be increased by either state or local law or regulations.

Records may also be protected by the federal Privacy Act of 1974[4], and state implementations, the Freedom of Information Act[5] and state open records laws.


FERPA applies to any school or institution which receives federal funds for education.[6] This includes direct grants but schools whose students receive Pell grants or other types of assistance. It applies to student records, not the employment records of employees.

FOIA applies to federal government agencies. An entity is an agency if the government is involved in and/or has authority over decisions affecting its ongoing, daily operations. State open records acts usually apply to any state entity. These acts vary in their coverage.

The Federal Privacy Act also applies to all federal agencies. Section 7 of the Act, which governs the use of Social Security Numbers, covers all federal, state and local governments, including schools.

Many states also have provisions in their laws to protect the privacy of student records either as independent provisions or as exceptions to Open Records Laws. Courts have found in those states that do not have independent provisions that they may use the FERPA as the basis for regulations.[7]

Electronic vs Physical Files

The FERPA, FOIA and Privacy Acts do not differrentiate between the medium of storage or the method of transmission. There is no legal difference between the level of protection afforded to physical files over those that are stored or transmitted electronicly or any other form. Most state laws have similar open definations.


FERPA is enforced by the Secretary of Education and any school or institution that violates it may lose its federal funding. A student may file a complaint with the Secretary for a violation. FERPA does not create an independent right for a student to sue a school that has unlawfully disclosed personal information, however, several courts have ruled that students may sue in federal court as a violation of their civil rights under color of state law.[8] In addition, a recent Supreme Court case may increase the likelyhood of suits for monetary damages for violations of FERPA.[9]

The Privacy Act creates both criminal and civil penalties for violators. Individuals who willfully violate the disclosure provisions can be convicted of a misdemeanor and fined up to $5,000. Any party who knowingly or willfully obtains a person's record also faces criminal penalties. Civil liability for willful or intentional acts includes injunctions against further acts, damages of not less than $1,000, attorney fees and costs.

Accessing Records-Students

Any student can review their record and may request explanations of the contents. Indviduals who applied but did not attend a school are not covered by FERPA. There are several limitations to access.

1. Postsecondary institutions do not have to disclose the parent's financial records to the students.

2. The school does not have to disclose confidential letters unless the student has expressly waived, in writing and signed by the student, the right to see them. The waiver must not be required as a condition for admission and the letters can only used for the purpose for which they were intended. Generally these will be letters of recommendation for admission, employment applications, and recomendations for honors or awards. The student may revoke the waiver in writing.

A student should be able to access medical or other records created by professionals in the course of treatment at the school or institution. While the act does not mandate this and allows for a physician or other qualified professional to view the records, the modern trend since the act was passed is for individuals to be able to view their own medical records.[10]

A student may correct or amend a record that they feel is incorrect, misleading, or violates their right of privacy. Incorrect and irrelevant information should be removed from student records. A student has a right to a hearing before a neutral or impartial official to challenge the content of the record. The hearing must allow the student to have assistance or representation and allow him or her to present evidence. The decision must be written and be based solely on evidence presented at the hearing. If the student's request is denied, the student has the right to include a statement in his or her file stating why the information is incorrect, misleading or an invasion of privacy.

Schools may request a reasonable fee for a copy of a student's record. A practice currently being adopted by the credit industry is to provide every indvidual a free copy of their full record each year changes are made to allow them to ensure that the record is accurate. Schools should cosider implimenting this for school records.

Accessing Records-Third Parties

FERPA prohibits the dissemination of personal information to third parties in most circumstances, subject to several exceptions set out specifically in the act. These exceptions are narrowly interpreted. A notice of each request for access and each disclosure must be created and maintained with the student's record. Any disclosure must be made on the condition that the information will not be redisclosed unless it is authorized and will be used only for the purpose for which it was acquired.

Written Consent

A student may allow their record to be released to a third party. This request must be in writing and contain the signature of the student. It must specify the records to be released, state the reason for the release and must identify the party or class of parties who may receive the records.

Eligible Educators

A disclosure may be made without prior written consent for several different classes of officials in the education field:

1) Other officials within the school or institution who the institution determines have a legitimate institutional interest.

2) Officials of another school where the student intends to enroll. The student must be notified of the transfer unless they initiated the request. Students also must have an opportunity to a hearing to contest any of the information if they feel it is incorrect, misleading, or an invasion of their privacy (see section on student access).

3) Federal and state education officials including the Secretary of Education, state and local education authorities, and the U.S. Comptroller General for the purposes of auditing or evaluating and enforcing state or federal programs. The records are releasable on the condition that the personally identifiable information is not disclosed to anyone besides the officials, and the information is destroyed after the audit or evaluation is complete. The courts have ruled that this is narrow exception intended mainly for state and local education officials.[11]

4) Financial aid information related to determining eligibility, amount of aid, conditions for the aid, and enforcing the terms and conditions.

Directory Information

Directory information includes the name, address, telephone number, date place of birth, field of study, awards and degree awarded to students. There is no requirement that this information must be released and many schools do not. Many people prefer to keep their telephone numbers and other information private becuase of harassing calls and telemarketers. Direct marketing firms and telemarketers often collect this information for marketing purposes. Most students are unaware of these practices before they consent to the release of personal information.[12]

Courts have upheld the right of the schools not to release information against requests under FOIA or open records laws.[13]If a school still wishes to publish directory information, FERPA requires that notice be given before the directory information is released. Because of the often bewildering amount of information that a student receives and the many reasons for not disclosing it, schools should request the affirmative permission of a student before releasing this information. This is easly done by placing a box on an standard application, registration or other common form that student can check if they wish to have their directory information disclosed (in legal parlance, this is known as "opting-in"). Under an opt-in system, the default is set for the protection of privacy but the student can easily waive the right if they so choose. Schools that conduct telephone registration can offer an option in a voice menu to allow the student to opt-in.

Law Enforcement Records

In the Higher Education Act of 1992, FERPA was amended to create an exception for records collected by a law enforcement unit for "law enforcement purposes." Records falling under this provision are therefore not subject to the requirement provisions of FERPA. This applies for all levels of schools. Generally, law enforcement records are related to the investigation of a violation of a state or federal crime by a student. However, other state laws and regulations that cover the disclosure of criminal records may apply. A federal regulation defining this exception is currently under review.[14]

Records of Disciplinary Actions

Disciplinary actions for violations of school rules are considered school records and are covered under FERPA. The Student Right to Know and Campus Security Act of 1990, created two exceptions: 1) a victim of a crime of violence may find out the results of a postsecondary institution's disciplinary action against the alleged perpetrator of that crime. 2) An accuser of sexual assault may find out the results of any campus postsecondary institution's disciplinary action against a person accused of sexual assault.

Court Orders and Subpoenas

A school may disclose personal information without the prior consent of a student to respond to a lawfully issued court order or subpoena. The school must give the student notice of this request prior to the release and in many cases, the student has the right to oppose the disclosure. This disclose is not automatic, many courts have used a balancing test between the need for the disclosure and the privacy interests of the student.[15]

Emergency Situations

A school may release records if an emergency situation occurs that threatens the health or safety of the student or other individuals. The Department of Education has stated that this section is to be construed strictly.

Testing and Accreditation Institutions

Schools may release personal information to organizations that develop, validate, or administer predictive tests, administer student aid programs, and improve instruction. Information can also be provided to accreditation organizations to carry out their accrediting functions. Federal regulations require that the disclosure is allowable on the condition that only the representatives of the organization see the original records, the studies produced do not identify any particular student, and the information is destroyed after it is no longer used.

Statistical Information

Information that is not personally identifiable can be released. It should not be possible for anyone to associate the statistical information with a particular person. For a record to be considered statistical, all personally identifying information, including name, address, SSN, and individually distinguishing information should be removed.

Written Policy

Every school covered by FERPA must adopt a policy on its implementation of the law. This policy must include the procedures for notice, inspection, correction and hearings, a list of all types of records held and the officials responsible for them, a statement that it will not disclose personal information without the prior written consent of the student and educational officials that will have access, and a list of the information defined as directory information. The policy must be written and copies of it must be available to any student. The school should make this policy widely available in prominent locations.


Each year, every school must notify students of their rights under FERPA. The notice must include a statement of the students' rights to inspect, review, and correct records to ensure that they are not inaccurate, misleading or a violation of the student's right to privacy or other rights, that the student can consent to have their records disclosed and those exceptions where consent is not necessary, the right of the student to file a complaint with the Department of Education for a violation of FERPA, and the locations where students can obtain a written copy of the school policy on FERPA. The notice must also be disseminated in such a way to ensure that students are aware of their rights. Ideally, a copy of the notice should be disseminated to every student at the time of class registration or other times where materials are generally given to all students early in the year.

Posting Student Information

Posting test scores or other personal information, except for directory information, that is identifiable by either a student's name or Social Security Number is a violation of FERPA. Schools should use a randomly generated identifier only known to the teacher and the individual student.


All theses are considered educational records under FERPA. Recently, the Department of Education determined that if becauses theses are submitted for publication any writing provides a sufficient waiver to FERPA for undergraduate and graduate theses. The Department found that current university policies were sufficient. This question arose when a school librarian wrote to the Department of Education to inquire about the issue, not in the context of a complaint, which may have a different result. An approach to clarify this and avoid future legal problems is to request that every student submit a standard written waiver as an attachment to the thesis at the time of its submission.

Social Security Numbers

Schools should minimize their collection and use of students' Social Security Numbers. SSNs are considered an education record under FERPA and its collection and disclosure by government agencies is generally prohibited by the Privacy Act of 1974. The use of the SSN also increases invasions of privacy and credit fraud.

Except for the purpose of processing student loans and other legal obligations, schools should not collect student SSNs. Schools should especially not use SSNs as a student identity number or place it on student ID cards.

The Social Security Number is considered personal information and its dissemination is prohibited by FERPA. In 1992, students at Rutgers University successfully obtained an injunction from a federal court to prevent the dissemination of their SSNs on class rosters and identity cards. The court found that the disclosure of the SSN was a violation of FERPA, unnecessary and not related to legitimate educational interests.[16]

Section 7 of the Federal Privacy of 1974 prohibits any federal, state or local government agency from denying any right, privilege, or benefit to any indvidual who refuses to disclose his or her Social Security Number. Under the Privacy Act, the disclosure of a SSN by an agency is illegal unless it is either authorized by a federal law or was adopted by a federal, state, or local law or regulation prior to January 1, 1975. A state or local government may require the disclosure of the SSN only to establish the identity of any person affected by any tax law or general public assistance law.[17]

When an agency requests the disclosure of the SSN, the agency must provide written notice to the indvidual:

Privacy Concerns on the use of the SSN

SSNs facilitate the matching of different databases about individuals and leads to invasions of privacy. The Senate Report for the 1974 Privacy Act noted that `the extensive use of Social Security Numbers as universal identifiers in both the private and public sectors is "one of the most serious manifestations of privacy concerns in the Nation."'[18]

In 1993, the Federal Court of Appeals for the 4th Circuit ordered the Commonwealth of Virginia to stop collecting and disclosing citizen's Social Security Numbers when they register to vote because of the dangers it presents to privacy and increased fraud infringes on a citizen's right to vote.[19]

Recently, Congress' Office of Technology Assessment reiterated these warnings about the threat to privacy from widespread dissemination of the SSN:

Concerns about the proliferation of the use of the Social Security number for purposes unrelated to the administration of the Social Security system, and the power of the number to act as a key to uncovering and linking a vast amount of information held by both the government and private companies, have been voiced in a number of contexts.... As a result of this increased use of the Social Security number, the number now facilitates the ability of large institutions to compare databases. It allows outsiders (including private detectives, hackers, or other strangers) to move from database to database, from credit bureau to insurance company to grocery store to publisher, to find out detailed marketing, financial, and medical information about an individual, so that a very detailed dossier on the individual can be created.[20]

Widespread Use of the SSN Increases Fraud

The widespread use of the SSN has also led to millions of dollars of fraud each year. Individuals fraudently obtain the SSNs of other individuals, use the SSN to retrieve their credit reports from credit bureaus, and use that information to obtain credit cards and loans in their names.[21] The widespread use of the SSN on campuses facilitates this by making the numbers easier to obtain.

The SSN As an Identifier

In addition the SSN is not a very accurate or reliable identifier. The SSN provides no "checksum" (an internal verification of the validity of the number). Thus, there is no way to ensure that the number is correct. Incorrect numbers can be entered intentionally, unintentionally or through forgetfulness. The Social Security Administration estimaated that there are over 10 million SSNS currently being used incorrectly. The creation of a new identity number for students is a trivial action, easily done on a computer. The school ID numbers can prove more useful, indicating information in the number relevant to the status of the student.

Using SSNs also may make it easier to obtain student's records. One of the facts that the court considered in the Greidinger case was that a friend of the plaintiff was able to call up the University of Maryland and obtain Greidinger's records by just giving his Social Security Number. The number was available as a public record as a condition to voting. Thus, the possession of a SSN should not be considered as evidence of a person's identity, especially over the telephone.


When dealing with student records, the safest route is to obtain prior consent from students before disseminating any information. Using or disseminating the SSN may subject the school or institution to civil liability under several different federal statutes and should be strictly limited. Schools should develop and implement codes of fair information practices for dealing with personal information.