FERPA is probably the most widely misunderstood law relating to education. I consistently hear faculty and administrators make incorrect claims about FERPA. At one conference, a teacher proclaimed that using a student’s name in public is a violation, but that would mean I violate FERPA when I take attendance in a course. More important, nearly every college website has a public directory of student names.
Another administrator asserted that it violates FERPA to post a photo that can identify a student on a public website. But again, look at any college website and you will see a host of identifiable photos of students around campus and at sporting events. Another even said that it is illegal to allow a photo of someone younger than 18 online, meaning that Facebook is hosting millions of violations.
Many people are under the impression that FERPA views students as if they were in cages, separate from the public, but of course students are in fact far more integrated with the outside world through Facebook, Instagram, and the like than the average person is. FERPA was not designed to protect vulnerable students from the big, bad world but rather from their own snooping parents. The law came out of a 1960s and 1970s students’ movement demanding that students be treated as adults if they could be called to war. It was actually designed to recognize students’ adulthood. For instance, one of the hallmarks of FERPA is that grades are not automatically sent to students’ parents.
As such, FERPA covers only a narrow range of information, such as Social Security numbers, medical records, and credit card numbers. FERPA specifically exempts a wide range of “directory information” that can be released without the student’s permission, including “name, address, telephone listing, date and place of birth, participation in officially recognized activities and sports, and dates of attendance” (U.S. Department of Education). In fact, once you actually read the law, you will be surprised by what it does not cover.
The misunderstanding is largely because of faculty members’ and administrators’ being required to take periodic FERPA training that focuses on what cannot be released. The purpose of the training is to prevent violations, so of course the training focuses on violations and the threat of litigation and other outcomes to reinforce the message. The problem is that this training seldom mentions what can be released, leaving the participant under the impression that nothing can be released.
Most important, FERPA was not designed with student course work in mind. Some people assume that FERPA requires all student work to be done within the walled-off LMS, but that is just plain wrong. Faculty can assign students to write a letter to the editor or create a display for a public art exhibit. Similarly, students can be required to blog, post to VoiceThread, create webpages, make a video documentary, and the like—all of which is public.
Moreover, FERPA applies only to information in the possession of the institution. Thus, student work published to other sites does not fall under the guidelines (NC State FERPA Guidelines).
Online faculty members and administrators need to get the real story on FERPA so they understand what is and is not allowed. By far the best source of information is an institution’s registrar, who must understand the law to manage the student directory information. Your librarian is another good source of information.
Of course, there is nothing to say that you cannot simply read the law yourself. For some reason people assume they must go to lawyers to understand the law. But laws are written to be understood by the average person. If they were written to be understood by only lawyers, then the rest of us could not be held accountable to follow them. So if you want the real story, simply go to the source and see what is and is not in the law.
Although no FERPA reasons exist to shy away from using non-LMS websites for course purposes, there are a few practical considerations to keep in mind when doing so.
Put a notice in any assignment that uses an outside website to remind students that any content may be viewed by others. Students can easily forget that their work is outside of the LMS, and this notice can help them catch themselves before posting something that they might not want someone in the public to see. Students frequently post to public websites, so using one in class with this guidance can help students think about what they are posting.
- Legally, students who do not want directory information made public need to fill out a “FERPA Hold” and submit it to the institution. Remind students of this right so they can let you and others at the institution know to withhold information if they have some special circumstance that warrants it.
- Let students know that, if they wish, they can use pseudonyms and photos, such as a cat or cartoon character, for their images on an outside website to protect their identities.
- If there is a commenting feature on the site used to host student work, feel free to provide your commentary and encourage students to comment on each other’s work. This demonstrates your interest in their work and is not a FERPA violation. Just don’t post commentary directly related to the grade in public.
- U.S. Department of Education FERPA Frequently Asked Questions. (http://www2.ed.gov/policy/gen/guid/fpco/faq.html#q4).
- NC State University FERPA Guidelines. (https://policies.ncsu.edu/regulation/reg-11-00-01)
- Norwich University FERPA Guidelines. (http://www.norwich.edu/registrar/wp-content/uploads/sites/3/Data-Privacy-FERPA.pdf).
John Orlando is the editor of Online Classroom.