Federal Privacy Guidelines
The Family Educational Rights and Privacy Act (FERPA) is a federal law designed to protect the privacy of education records; to establish the right of students to inspect and review their education records; and to provide guidelines for the correction of inaccurate and misleading data through informal and formal hearings. What this means is that, in general, no one may release information from the student record to a third party, including parents, without written permission from the student.
FERPA was established by the federal government in 1974 and applies to all institutions receiving federal funding. It applies to both K-12 and post-secondary institutions, but students have different rights in K-12 than when in college.
The same laws that give parents and students access to and control over a child’s educational records during elementary and high school transfer ownership of the records to the student at the college level.
According to FERPA (Family Educational Rights and Privacy Act, also known as the Buckley Amendment), college students are considered responsible adults and are allowed to determine who will receive information about them. Under this law, parents who want to receive a copy of their student’s academic or financial records can do so if their student signs a release form. FERPA, along with the State of Minnesota Data Privacy Act, forms the backdrop for the university policy on student records.
Possible Federal and State Data Collection and Use
As of January 3, 2012, the U.S. Department of Education's FERPA regulations expanded the circumstances under which education records and personally identifiable information (PII) contained in such records — including Social Security Number, grades, or other private information — may be accessed without consent.
First, the U.S. Comptroller General, the U.S. Attorney General, the U.S. Secretary of Education, or state and local education authorities ("Federal and State Authorities") may allow access to records and PII without consent to any third party designated by a Federal or State Authority to evaluate a federal- or state-supported education program. The evaluation may relate to any program that is "principally engaged in the provision of education," such as early childhood education and job training, as well as any program that is administered by an education agency or institution.
Second, Federal and State Authorities may allow access to education records and PII without consent to researchers performing certain types of studies, in certain cases even when we object to or do not request such research. Federal and State Authorities must obtain certain use-restriction and data security promises from the entities that they authorize to receive your PII, but the Authorities need not maintain direct control over such entities. In addition, in connection with Statewide Longitudinal Data Systems, State Authorities may collect, compile, permanently retain, and share without consent PII from education records, and they may track participation in education and other programs by linking such PII to other personal information that they obtain from other Federal or State data sources, including workforce development, unemployment insurance, child welfare, juvenile justice, military service, and migrant student records systems