Skip Navigation

FERPA Best Practices

FERPA Best Practices

Long, crimson divider

Accessing Information

Before accessing or collecting information from a student’s educational record, consider:

  • Why do I want this information?
  • Do I need it to carry out my job duties?
  • Can I fulfill my job duties without it?
  • What is my plan for protecting the information once I access it?

Retaining Information

If you need to retain information from a student’s educational record, consider:

  • Is it absolutely necessary for me to retain a local copy of the information?
  • Does the university store the same information elsewhere?
  • Can you access the information from the university’s storage location rather than creating a local copy requiring additional protection?

Storing Information

If you need to store the information you collected, consider:

  • Is the information in an electronic format, properly secured?
    • NEVER store information on personal storage areas such as personal flash drives, home computers, external email, or external online storage services.
  • Are you using a secure file server?
  • Do you log off or lock your workstation when you step away?

Sharing Information

Before you share information from a student’s educational record, consider:  

  • Is it directory information? If yes, does the student have a directory hold?  

  • If it is not directory person or the student has a directory hold, do you have the student’s express, written permission to share the information, or is there a release on file with Academic Records?  

  • Did you verify the identity of the person you’re sharing information with, even if you think it’s the student?  

  • If you’re sending an email including education information, are you sending it from your OU email account? Have you double-checked that the persons you’re sending the information to are the persons you intend to email?  

Additionally, when electronically transmitting information from a student’s educational record, remember: 

  • Never send FERPA-protected data via non-encrypted email, text, or instant message. 

  • Do not forward or reply to emails including information from a student’s educational record without removing the information prior to transmission. 

  • Do not include the student’s ID number on the subject line of the email. 

See OU Information Technology's article for further information on sending encrypted emails.

Office of the Registrar
1000 Asp Avenue, Room 230
Norman, OK 73019

Updated 4/28/2023 by Office of the Registrar: enroll@ou.edu