Skip to main content

Information Technology

Family Educational Rights and Privacy Act (FERPA) Policy

  1. Overview and Purpose
  2. Applicability
  3. Definitions
  4. Administration and Implementation
  5. Exceptions
  6. Enforcement
  7. Policy Support Contact
  8. Approval and Revisions
  9. Supporting Documentation

1.0 Overview and Purpose

The Family Education Rights and Privacy Act of 1974, commonly known as FERPA, is a federal law that protects the privacy of student education records. Students have specific, protected rights regarding the release of such records and FERPA requires that institutions adhere strictly to these guidelines.

FERPA gives students the following rights regarding educational records:

  • The right to access educational records kept by the school;
  • The right to demand educational records be disclosed only with student consent;
  • The right to amend educational records;
  • The right to file complaints against the school for disclosing educational records in violation of FERPA.

2.0 Applicability

Students have a right to know about the purpose, content, and location of information kept as a part of their educational records. They also have a right to expect that information in their educational records will be kept confidential unless they give permission to the school to disclose such information. Therefore, it is imperative that the faculty and staff have a working knowledge of FERPA guidelines before releasing educational records.

3.0 Definitions

Educational records are defined by FERPA as: Records that directly relate to a student and that are maintained by an educational agency or institution or by a party acting for the agency or institution.

Such records may include:

  • Written documents (including student advising folders);
  • Computer media, student files, student system databases;
  • Microfilm and microfiche;
  • Video or audio tapes or CDs;
  • Film;
  • Photographs.

Records Not Considered As Educational Records

The following items are not considered educational records under FERPA:

  • Private notes of individual staff or faculty; (NOT kept in student advising folders)
  • Campus police records;
  • Medical records;
  • Statistical data compilations that contain no mention of personally identifiable information about any specific student.

Under FERPA guidelines, student information can be classified as either Directory Information or Non-Directory Information. Definitions for both are below.

Directory Information

Bentley may disclose Directory information without the written consent of the student. However, the student can exercise the option to restrict the release of directory information by notifying the Registrar’s Office in writing. Please note that students do not have the flexibility of choosing to release or not release particular items defined as directory information.

Directory information, as defined by the Family Educational Rights and Privacy Act, includes the following information relating to a student: name, address, email address, photograph, telephone number, date and place of birth, class, enrollment status, major field of study, participation in officially recognized activities and sports, weight and height of members of athletic teams, dates of attendance, academic honors, degrees and awards received, and the most recent previous educational agency or institution attended.

Non-directory Information

Non-directory information is any educational record not considered directory information. With certain limited exceptions, non-directory information must not be released to anyone, including parents of the student, without the prior written consent of the student. Further, faculty and staff can access non-directory information only if they have a legitimate academic need to do so. Non-directory information may include:

  • Social security numbers;
  • Student identification number;
  • Race, ethnicity, and/or nationality;
  • Gender ;
  • Transcripts or grade reports.

4.0 Administration and Implementation

Prior Written Consent

In general, a student's prior written consent is always required before Bentley can legitimately disclose non-directory information. Prior written consent is not required when disclosure is made directly to the student or to other school officials within the same institution where there is a legitimate educational interest. A legitimate educational interest may include enrollment or transfer matters, financial aid issues, or information requested by regional accrediting organizations.

However, the FERPA statute provides that under a number of circumstances, the university will disclose educational record information to other persons/entities without seeking prior consent or notice to a student or eligible parent. Such examples include but are not limited to: certain subpoenas and court order; accrediting organizations; requests in connection with a student’s application for financial aid; certain requests from federal, state or local authorities; and disclosure to other “university officials” who “have legitimate educational interests” in the information and records. “University officials” include the officers and directors of the university; all members of the administration, faculty, and staff; persons serving on judicial, promotion, and academic boards and committees; and any professional providing assistance to the university (such as lawyers, accountants, law enforcement personnel, and medical personnel).

5.0 Exceptions

Any exceptions to this policy are to be reviewed and approved by the Information Security and Privacy Administrator in consultation with the Information Privacy Council as needed.

6.0 Enforcement

As described in Bentley University’s Acceptable Use Policy, anyone found to have violated this policy may be subject to disciplinary action, up to and including immediate termination.

7.0 Policy Support Contact

8.0 Approval and Revisions

This policy is approved by the Information Privacy Committee. The policy is reviewed on an annual basis and updated as needed.

  • Revision v1: Approved by the Information Privacy Committee on 8/24/2010
  • Revision v2: Approved by the Information Privacy Committee on 9/30/2013

9.0 Supporting Documentation

This policy is supported by the following policies, rules, standards, and procedures:

Acceptable Use Policy