FERPA or the Buckley amendment is a federal law enacted to implement the privacy of student's educational records. All educational agencies or institutions that receive federal funding for any program administered by the Secretary of Education, are to comply with FERPA. The private institutions that contract to perform services for a University must also observe compliance with FERPA. FERPA grants the following rights to the adult students of 18 years of age and older:

1. The right to inspect and review their educational records
2. The right to seek the amendment of their educational records
3. The right to consent to the disclosure of their educational records
4. The right to obtain a copy of their school’s Student Records Policy
5. The right to file a complaint with the FERPA Office in Washington, D.C.

• Student educational records are considered confidential except only a few exceptions.
• Students records should not be released without written consent of the student.
• Eligible students and their parents must be duly informed of their rights under FERPA by the responsible educational agencies and institutions.
• The faculty, staff member or officials who have access to student information must take cognizance of their responsibilities under FERPA to protect that information and uphold the student’s right to privacy.
• The faculty, staff member or officials may only access the information on a need to know basis and not beyond what is required for legitimate completion of their duties.

The scope of education records is not limited to what is commonly thought of, such as enrollment number, grades, etc. The educational data may belong to either of the following categories:

• Personal information, e.g., student enrollment ID, attendance, student’s DoB, and information pertaining to student and family background.
• Biographical information such as gender, nationality, information about race and ethnicity, and identification marks or photographs.
• School participation and activities, e.g., course taken, grades, paper and exams conducted, class schedules.
• Non-school and post-school experience, e.g., planned college attendance, future course plans, post-school education plans.
• Assessment information and results, evaluations, official communications regarding student’s status., internship records.
• Student’s financial and financial aid records.
• Transportation.
• Health conditions.
• Special program participation and student support services received.
• Discipline/concentration information.

Education records encompass any information of data records, soft or hard, in any medium included but not limited to, handwritten records, print media, tapes, films, emails, microfilms, which can be directly related to a student and maintained by the University or by a person acting for the University.

Education records do not include:

• University law enforcement records.
• Employment records when employment is not connected to student.
• Medical and health records used only for the treatment of the student.
• Alumni records which do not relate to or contain information which can identify a person as student.
• Sole possession records ¹.

Providing access to student’s educational records to entities other than the student is out of the scope of our project. Although, this section would briefly explain about what can accessed from categorized as “personally identifiable information” from a student’s education records.

• Authorized employees and officials who have legitimate educational interest in student records for performing their duties.
• Schools or universities where student seeks to/is enroll.
• Accrediting organizations.
• Organizations doing certain studies for or on behalf of the University.
• Parents of the dependent student.
• Certain government officials of the U.S. Department of Education, Comptroller General, U.S. Attorney General.
• Information about a crime or violence or criminal information about the student to the appropriate university police or authorized government officials.
• In case the student has not requested that his or her information be withheld.
• Approved 3rd party contractors or service providers assisting University.

With the explosion of internet and the ease of storing, manipulating and retrieving data in this digital age, privacy concerns have risen as one of the big challenges of this digital era. When it is required to handle educational data, the accountability and responsibility for maintaining privacy emerges out as a priority.

Privacy forms a foundation of the intellectual freedom in education. The following factors may be considered towards critical to the growth of students:

• The ability to express their ideas freely and honestly in their expression.
• Conditions must allow them to thrive and explore without fear.
• The educational environment must be devoid of stigmatization so as to facilitate the aforementioned activities, without the student bothering about the consequences for participating and expressing his or her ideas.
• Our project concentrates at a phase where the student is undergoing transition, pressure and intellectual and emotional growth at the same time. Coming out of a protected environment might make them feel unfamiliar with the new territory.
• Although, this is the time for exploration and establishing an identity, both intellectually and independently.
• Privacy helps in establishing foundation for self-governance and autonomy.
• Empowered with the tools and utilities of privacy laws and policies, the students attain an ability to control and release their information at their will.
• Without these artifacts, students can become more vulnerable to the risks, assumptions, influence and power of others.
• Eventually, they may also get hurt economically, educationally, socially, or psychologically by the means of information theft or misrepresentation of information.

Hence, privacy becomes an important device for students until they attain autonomy and experience to make decisions about their actions and stand responsible for the consequences.

For the next phase of my study, I shall be reviewing on the following points:

• Study and discuss the design and operational requirements of VSA.
• Identify federal, state and local regulations affecting the maintenance of VSA.
• Select the data elements which can be kept, in transition and at rest, in the VSA.
• Identify the format for the data at rest and in transition.
• Design the procedures for providing access to the system.
• Plan ways to ensure integrity and confidentiality of the student data.

1. G. A. Strizek, Characteristics of schools, districts, teachers, principals, and school libraries in the United States: 2003-04 schools and staffing survey. US Department of Education, Institute of Education Sciences, National Center for Education Statistics, 2006.
2. “FERPA for School Officials.” Available Online.
   3 “Policy and Guidance | UA Information Security.” Available Online.
3. C. (Association), A. A. of C. Registrars, and A. Officers, Privacy and the handling of student information in the electronic networked environments of colleges and universities. CAUSE, 1997.
4. “Resolution on Student Educational Data Privacy and Security.” Available Online.
5. J. L. Grama, Understanding information security and privacy in postsecondary education data systems. Washington, DC: EDUCAUSE, 2016.

¹ The term “sole possession records” may refer to memory aids and reference tools as used by the students. Any information derived directly from the student or records that can be used to make decisions about a student cannot be categorized under the category of “sole possession records”.