Skip to content
Nov 13 / Kimberly Mason

What measures do universities take in order to secure the privacy and safety of their student records?

Written by Kim Wiljanen

The Family Educational Rights and Privacy Act of 1974 (FERPA) has become an established practice within educational facilities. It is concerned with maintaining the safety and privacy of students at every level and institution of learning throughout the United States. It is governed by very specific rules and regulations that may vary depending upon the educational level of the students involved. Part of the reason is the large amount of sensitive personal information that is collected within the student files. Educators need to be very careful in the way that they handle this information (Toglia, 2007).

The easy explanation is that the act affirms a student’s right to know what information has been collected about them and it includes parents until the child’s eighteenth birthday. The procedures reduce access to the information which helps maintain confidentiality. It affords the students a measure of personal control over access as well (Toglia, 2007). The law allows the individual to see what information exists, correct data and to restrict directory information (Wayne State University, Office of the Registrar, n.d.).

The university divides the student’s educational information into three different levels: directory, shared and private. “Directory” information includes data that describes the student: name, address, age, email, major, and honors that the student has received (Wayne State University Office of the Registrar, n.d) and does not include race or gender (Toglia, 2007). “Shared” records are files that are accessed by more than a single person, but on a need to know basis (Toglia, 2007). These are the academic records that are coupled with the public profile. The shared file reflects the student’s academic progress through-out his or her academic life. The information within this file may include such things as the academic files, grades, social security number, school identification number plus surveys and other data that is collected regarding that student. Academic records do not include medical or law enforcement information. The “private data” consists of privileged information and unshared notes that a single individual has taken in meetings, such as with an advisor.

Wayne State University takes every precaution to maintain the student’s privacy. They are vigilant and have strict confidentiality policies for staff members as well as penalties for failure to do so. Likewise, the Computer and Information Technology (C&IT) is charged with guarding all data on its servers against data breaches (Wayne State Policy Manual, 2010). The University has made privacy a priority for all faculty and staff to maintain.

Still, there are many reasons that may necessitate access to student records. This would include things such as health issues, emergencies, court orders, financial aid, legal requests and academic requests both from within Wayne State and from other institutions that can compel the University officials to grant outside agencies access to a student’s record without prior authorization. Governmental and legal agencies can also gain access without prior consent (Wayne State Office of the Registrar, n.d.). In cases like these, Wayne State University will notify the student when someone has accessed their data. Since the enactment of the Patriot Act in 2001, colleges and universities have had a lot more requests for undocumented record access (Toglia, 2007).

How can these measures affect students?

A student officially gains control of his or her personal information at age eighteen with ownership rights. This means that the student can determine how much data is visible to the public, challenge the contents of the records and try to correct them. Wayne State University carefully explains the individual’s rights, cites which external agencies may gain access and under what conditions. The University also provides a written release form, the ability for the student to view his or her records, and a way to lodge complaints if they feel that the University acted in error. These actions indicate that Wayne State is acting in good faith and that they are serious about protecting the student’s rights.

For many students, Wayne State’s efforts provide a measure of control and a sense of security because there is an honest effort by the University to ensure that the Family Educational Rights and Privacy Act (FERPA) is uniformly enforced throughout the University. The University is also forthright about the legal exceptions when they may release information. These efforts demonstrate the university’s commitment to privacy and student awareness and control of their personal records.

Provisions in the Family Educational Rights and Privacy Act (FERPA) allow necessary business transactions to be conducted, and permit Wayne State University to act on behalf of the student. Requests from other institutions can be processed regarding transfers and recommendations. The policy is well-defined as to what is permissible and what is not. This provides a reassurance that the information is well guarded and protected. Students are used to institutions that handle their money, their credit cards and their online purchasing. This is a familiar environment, which develops a measure of trust in the system.

Do you feel safe as a university student that your records are kept private?

The university provides a safe and secure environment for learning. The Family Educational Right and Privacy Act (FERPA) was established in 1974 (U. S. Department of Education, 2004). In almost forty years, it has become part of the institutional system, and as such, it is a general operating procedure for employees. This provides students a measure of confidence in the system. Knowing that the confidentiality and the information security policies are included within the Wayne State University Policy Manual (2010) is another favorable aspect.

Wayne State provides ample visibility to their privacy policies in many different areas. This is available from the administrative policy manual, advising centers, business offices, library and colleges. They promote the benefits afforded by the Family Educational Rights and Privacy Act (FERPA). They also acknowledge that there are agencies that can access student accounts without the student’s knowledge. The university is diligent to let students know that this policy exists and the possibility that outside agencies can access student records through requests for compliance.

While there is no recourse for the variety of authorized intelligence gathering, the institution has ensured that the students know their rights and the policies and caveats that back this act. They have built an atmosphere of trust. This is as much as they can promise.

Toglia, T. V. (2007). How does FERPA affect you? Tech Directions, 67(2), 32-35. Retrieved from

U. S. Department of Education. (2004). Legislative History of Major FERPA Provisions. Retrieved 11/9/13, from

Wayne State University. (2010). University policy manual. Retrieved 9/29/13, from

Wayne State University Office of the Registrar (n.d.). Family educational right and privacy act (FERPA) guidelines for Wayne State University faculty, students and staff. Retrieved 10/26/2013 from


  1. Isidoro Alastra / Nov 17 2013

    It’s definitely not perfect. I have received some things from Wayne State University Bookstore in my school email box that seem to have no relevance to my academic life and appear to be in association with a third party — Barnes and Noble. It’s possible I might have clicked something off hand or forgot to read the small ‘opt out’ print, but they keep sending me promotions to buy apparel at the college book store. To my knowledge I’ve never purchased books or done business with the book store and I’ve never sent them email so I’m led to believe they received my contact information through Wayne State.

    One other thing I’ve received through regular mail, like credit card payment options that seem to involve partnerships with third parties, seem a little more relevant. It’s reasonable to expect students would appreciate multiple payment options for their tuition and I only received one mail from them since I started classes over a year ago. I haven’t examined FERPA in great detail, but I would venture that this falls into the provisions of the act.

    I do agree with Joanna that the school could do a better job of highlighting circumstances in which private records could be accessed or released. I think I had to visit four different web pages within Wayne State’s control to find that information when I was working on one of the problems for this class. Rather than just stating “We take protecting your information seriously, go here for details” a few sentences on when the information can be accessed would be more telling. Making it prominently clear when this information can be accessed is probably the most relevant part of the law for students to know.

  2. Joanna Sturgeon / Nov 14 2013

    I feel that that universities do a very good job maintaining privacy. Most people share much more than basic personal information via web technologies, either because of lack of knowledge or because it is convenient to do so (personalized shopping recommendations). In addition, I don’t really care if more personal information, such as grades, etc. are shared with the public. Perhaps if I were a poor student I would feel differently. Most of the information collected by a university would not concern me, with the exception of financial records, SSN and the like. However, maintaining one standard for all personal records is certainly the appropriate response to privacy concerns. I do feel that the university could do a better job informing students about circumstances in which records could be released or accessed. Under post – 9/11 legislation, student records could potentially be accessed without a warrant, particularly in the case of library records. I was unable to find any reference to this threat in any university policies. I feel not informing students of this privacy issue is a missed opportunity to inform (mostly) young people and the public about legislation that may seriously infringe on privacy rights.

Comments are closed.