Back To Blog

COVID-19, Higher Education, and FERPA

At the beginning of March 2020, SARS-CoV-2 or COVID-19 changed everyday life in more ways than one. Higher education institutions faced unique challenges with the onset of the pandemic, from transitioning to remote and hybrid classes to providing more support for students. In the past two years, institutions have instituted mitigation strategies, such as vaccine requirements, mask wearing, and testing, to continually deal with the ongoing pandemic.

Omicron and Return to Virtual and Hybrid Learning 

With the recent onset of the Omicron variant and recent spike in COVID-19 cases, many institutions responded with a transition to virtual classes, required vaccine boosters, and canceled extracurricular activities. The transition to virtual classes and hybrid course options requires administrators and faculty to consider student privacy in a virtual context. They should have a comprehensive understanding of laws that the Family Educational Rights and Privacy Act (FERPA) to protect student privacy and comply with this law.

What is FERPA?

FERPA is a federal law passed in 1974. It regulates access to educational information and related records and applies to institutions which receive federal funds from the U.S. Department of Education. Most higher education institutions receive such funding and are required to comply with FERPA. The overall aim of FERPA is to ensure that a student’s rights and privacy are protected. Generally speaking, the law protects academic records, financial information, and educational information. However, FERPA commonly does not apply to “directory” information such as a student’s name, address, telephone number, date of attendance, and other similar information. Institutions are required to notify students about the release of directory information and provide an appropriate amount of time for a student to request for their directory information not to be released.

FERPA and Online Learning

It can be challenging to know when FERPA applies and how to comply, especially for non-traditional classroom environments. As more online and hybrid educational options are offered to students as a modality of instruction, institutions and faculty need to consider specific aspects of FERPA and how the law applies to their course and management of educational information.

One main concern for higher education institutions is the use of technology in differing applications and the use of a student’s personal information. A few examples of educational technology include platforms such as Zoom, Canvas, SurveyMonkey, and Google Docs. Apps and this use of tech may inadvertently place students’ privacy at risk. Generally speaking, post-secondary institutions are able and allowed under FERPA to develop establish contracts regarding technology purposes as long as they protect a student’s privacy. Note: It is important to always consult with your institutional leaders for guidance on any questions you might have related to FERPA.

FERPA Training

The CITI Program offers FERPA training. Our Family Educational Rights and Privacy Act (FERPA) course includes an introduction module that covers the law’s different requirements and how it protects student educational records. It discusses how FERPA categorizes protected information, how FERPA is applied in various educational settings (public secondary and elementary schools, state and local school districts, and postsecondary institutions), and emerging issues with FERPA. Additionally, CITI Program offers webinars on FERPA. FERPA: A Quick Review of the Law for Researchers and IRBs webinar discusses strategies for researchers, Institutional Review Board (IRB) members and administrators, and educators to comply with FERPA. FERPA and Online Learning in the Time of COVID-19 webinar explores student privacy issues and discusses different approached aimed at safe learning and protecting student information in the time of COVID-19.