Family Educational Rights and Privacy Act (FERPA) & Reporting Obligations

Family Educational Rights and Privacy Act (FERPA) 

Family Educational Rights and Privacy Act (FERPA) is the federal law that governs release of and access to student educational records. FERPA defines student record to include all records maintained by the institution that directly relate to a current or former student. FERPA’s broad definition of student record includes grades, academic standing, enrollment status, etc, and covers almost any medium you can think of, including written, electronic, video, audio, and photos. Student record information cannot be shared outside the university (including to a student's parents) without the student's consent.

Internally, a student's information cannot be shared unless there is a legitimate educational interest or need to know for one's job at the university. As a case in point, faculty and GSIs should avoid sending emails that include student grades unless all parties receiving the email have a specific business need to know that information. Sharing information about grades with or from GSIs or graders is best done via Canvas/MBox. When email is used for grading or other student information, it is important to verify each address and members of any email lists used to ensure the information does not inadvertently get sent to unintended or unnecessary recipients, which would be a breach of FERPA.

If a breach in privacy of student educational records does occur, it should be reported to Laura Elgas, Executive Director of the Office of Academic and Student Affairs, to assess for appropriate follow up. If you are contacted by an employer requesting information about a student's academic record, please refer them to Joanna Kroll, Director of the Career Development Office. 

There are a few exceptions that are not considered student records for FERPA purposes that include:

• An administrator’s or faculty member’s own notes that are used only by that individual and are not shared with anyone else;

• records that relate to the student as an employee;

• medical, psychiatric or psychological treatment records not shared with the U-M outside of a treatment context;

• records containing only information about a student after graduation, such as development or alumni records; and

• records maintained by the institution’s law enforcement unit that were created by that unit for the purpose of law enforcement.

For more information see the U-M Registrar page on FERPA at http://www.ro.umich.edu/ferpa/.

Balancing Student Privacy with Information Sharing

Beyond FERPA, we should be vigilant in the protection of student privacy through careful discretion in sharing information between faculty, GSIs, and staff about student performance, disability or health concerns, etc. However, faculty and GSIs are encouraged to share information about students when there is a concern about their personal welfare or academic performance with relevant staff in the Office of Academic Student Affairs so that patterns can be identified and follow up can take place. Please submit the UMSI Student Care Report if you are aware of a UMSI student that needs additional support for a non-urgent concern, including but not limited to academic difficulty, well-being concerns, tutoring support, and/or connection to university resources. This form is monitored during normal business hours and can be used by faculty, instructors, GSIs, and staff.

Required Reporting & Individuals with Reporting Obligations

The University of Michigan encourages all members of its community to report any concerns, crimes, or prohibited conduct. Additionally, many members of the university community are Individuals with Reporting Obligations (IROs). Details about this policy can be found at https://sexualmisconduct.umich.edu/ and the SPG policy on Sexual and Gender Based Misconduct. Many members of the university community also have reporting obligations under the Clery Act and are Campus Security Authorities (CSAs). Details of CSA requirements are found here. 

Who are Individuals with Reporting Obligations and Campus Security Authorities at UMSI

At UMSI, Individuals with Reporting Obligations (IRO) include all faculty including faculty administrators; all supervisors; all HR staff who are responsible for handling employment issues; all faculty and staff members who provide direct oversight of University-related travel abroad experiences for students including University-sponsored study abroad, research, fieldwork, or internship programs; all faculty and staff members who accompany students on University-related travel abroad; official student group advisors, all student life staff members including student staff; and any others listed in the above policy. 

At UMSI, Campus Security Authorities (CSAs) include all faculty administrators including the dean, associate and assistant deans, directors, and department heads/chairs; any UM faculty or staff who travel with students, all school officials with significant responsibility for student activities, or responsibility for faculty, staff, or student discipline; student life staff, HR staff with employee relations responsibility; advisors to student organizations; and any others listed in the above policy. 

Scope of Reporting and Annual Training

The scope of reporting responsibility and additional details about reporting are covered in annual required training.

IRO Annual Training: https://ecrt.umich.edu/file-a-report/individuals-with-reporting-obligations-iro/

CSA Annual Training: https://www.dpss.umich.edu/content/crime-safety-data/clery-compliance/csa-training/ 

How to Report

The report form for IRO and CSA reporting can be found on the DPSS website. Filling out this form will meet the reporting obligations for both IROs and CSAs.

Additional information about mandatory reporting at the University of Michigan for both IRO and CSA reporting can be found at https://portal.dpss.umich.edu/public/reporting/.

FOR ALL EMERGENCIES, CALL 911