Dear students, faculty and staff:
Here are a few of the unintentional ways we may be violating FERPA (Family Educational Rights and Privacy Act).
The most common and innocent violation is the throwing away of any and all documents that contain protected student information into an open trash can. Protected information includes addresses, grades or accommodation information. Use a shredder or an American Document Services secured shred bin every time student information is disposed of to prevent these documents from ending up in the wrong hands.
Vendors – Under FERPA, BCOM is responsible for what vendors do with our data. If a vendor intentionally or accidentally misuses students’ education records, the school is still at fault. Careful screening of our vendors to insure they are FERPA compliant is a best practice. Always ask how the vendor is prepared to prevent unauthorized people from accessing student information.
Online vendors such as apps and websites that offer free services are almost always being paid for the information within the student record, even if it is just an email address. Many times, companies data mine to later sell products to our students. This is a clear violation of FERPA as well.
Parents – At the post-secondary level we DO NOT have the right to speak with moms and dads just because they are a student’s parents. If a parent calls, always make sure to verify you may speak with them by asking the registrar if the student has signed a release form to do so. This form includes a disclaimer regarding parents who are claiming the student as a dependent for tax purposes. In this case, BCOM can choose to release the students’ educational record.
Social Media – Faculty and staff should be cautious on social media. Any disclosure of student information (which can be as simple as a photo of students in lecture) on social media to one person can potentially be seen by thousands. Not all students have signed a photo release. Always ask before posting.
Email – Students’ grades, mental and physical health or accommodations can be shared via email with faculty or staff who have an educational interest or are on a need-to-know basis. However, proceed with caution. NEVER put the student name within the subject line but do use the term CONFIDENTIAL. Use caution with BCC-ing and/or reply alls. Although not illegal, this is not the most secure method of communication.
If there is ever a question, ask.
Vanessa Richardson, MEd
BCOM Compliance Officer