The regulations governing the Family Educational Rights and Privacy Act (FERPA), 34 CFR 99 articulate obligations and responsibilities specifically pertaining to the institution of higher education generally, as well as the financial aid practitioner specifically. The regulations attempt to provide guidance for the institution of higher education regarding student information and records and their confidentiality. The regulations cover the rights of students and parents to inspect and review records, the procedures for amending records, when an educational institution may disclose personally identifiable records and the enforcement procedures when an institution violates the aforementioned regulations.

34 CFR 99.31 (a) and (b) provide that an institution may disclose personally identifiable information without the consent of the student if the disclosure meets certain conditions. For example, an institution may disclose, under certain limitations, personally identifiable information to other school officials including teachers who have a legitimate educational interest in the information, to officials of another school in which the student wants to enroll, to certain authorized representatives of the United States government, to authorized state and local officials, to accrediting organizations, to parents of a dependent student as defined by the IRS, in response to a lawful subpoena, and in certain other circumstances.

The above is not a comprehensive listing of all circumstances wherein an institution may disclose personally identifiable information of a student. Rather it is presented to give the reader a sense of the exceptions to the typical student consent required prior to disclosure.

As is evident, disclosure of student information without student consent carries with it complex responsibilities and obligations. For example, the college or university must have a policy and definition for when faculty members or college officials have “legitimate educational interests” in requested student information.

A similar challenge is involved with the current trend of colleges and universities to implement integrated data management computer systems. Typically, when presented with an integr ated system, faculty and staff have access to multiple data bases within the system. It is important to have a procedure in place to determine which faculty or staff have a legitimate educational interest in a specific data base or application before giving that faculty or staff member computer access to the data base.

The FERPA regulations create a significant challenge for the financial aid practitioner in terms of what individuals, both internal and external to the office, should have access to student information controlled by financial aid. Of particular importance are 34 CFR 99.31 (a)(4)(i), (a)(4)(ii), (a)(8) and (a)(12) which specifically govern the release of financial aid related information.

The above is offered as generalized legal information pertaining to FERPA. You may not and should not rely on its content in determining specific FERPA policy or procedure. You should read the applicable regulations and meet with college counsel should any FERPA issues arise on your campus.