FERPA and educational technology
When using online systems and services to support instruction, it's important to understand the connection between FERPA and educational technology. The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. Using educational technology exposes the teacher and student to several FERPA risks and potential pitfalls, but good solutions are available.
Emailing and texting grade information
Although emailing student grades and graded assignments is permissible under FERPA, the Department of Education will hold Winona State University responsible for any unauthorized access to this communication. Unless you take specific precautions, your email and text messaging conversations with students are not secure. Private and confidential information can be intercepted and you might send the message to the wrong person.
Sharing coded grade sheets online
Although it's easy to post a coded grade sheet (e.g., in an Excel spreadsheet or Word document) that does not identify students by name to your Brightspace course, a student's identity might be uncovered. StarID usernames and Winona State University Tech ID numbers are not private information and email messages that include students' secret codes can be intercepted.
Discussing grades in Zoom
When discussing grades or student progress in a Zoom meeting, someone else might join and see what you are screen sharing, read what was posted to the Chat tool, or overhear what you are saying. Recordings of these meetings might also be opened and copied.
Discussing grades on the phone
You may not know your students by voice and may be talking to the wrong person. These conversations can also be overheard.
Although sharing common directory information (e.g., mailing address, email address, major) might seem safe, some students may have submitted a confidentiality request to Winona State University that extends to this type of information.
When providing individual grades to students working on collaborative or group projects, there is a risk of revealing that information to the rest of the group.
Directory versus private information
Make sure you understand what student information is considered directory information versus private information.
Identify your students
Before sharing private and confidential information with any student online, make absolutely sure you are communicating with the right person. Ask questions about your course content or other identifiable information that only the student and you would both know. Consider using video (e.g., Zoom) to verify students are who they say they are and not a parent, sibling or other family member. You may also request to see a photo ID held up to their camera, which is especially important during online meetings with students you are meeting for the first time.
Identify confidentiality requests
Even common directory information about a student cannot be shared if that student has requested confidentiality. Make sure you know which students have made such requests.
Use your Brightspace grade book
Use your Brightspace grade book to provide students with online access to their grades. Brightspace grade books are already created for every class section. Just add your grade book columns and enter your grades as you would in an Excel spreadsheet. Your students select Grades from the Assessment menu in your Brightspace course to review them.
Encrypt your email messages
Use email to share grade, DARS reports, or grade lists only when absolutely necessary. Always encrypt such email messages and ensure that you are sending the message to the right person. Encrypting your email message helps protect message content from being accessed inappropriately or forwarded without approval. This is appropriate to use when sending any private data that can’t be shared more securely through the Brightspace grade book or other secure online portal. This includes messages with student work attached.
Things you should never do
- Never share grade information in text messages.
- Never post grade sheets (e.g., Word or Excel docs) online that list all your students' grades on a specific test or assignment.
- Never engage in online conversation with any third party about a student's progress without that student's consent
- Never store a recording of a meeting with a student (e.g., in Zoom) in an unprotected, online location
- Never share any information about a student who has requested confidentiality before reviewing that request.
- Never share any information about a student with a third party without authorization
- Never include personally identifiable information about a student in another student (e.g., project team) without the first student's permission
- Never share grades or other FERPA-protected information over the phone without ensuring that you are speaking with the right person.
- Never snail mail grades to students unless consent is received and a self-addressed envelope (no post cards) is supplied by the student.
Contact Lori Mikl (Legal Affairs), Tobias Schmidt (CISO), Tania Schmidt (Registrar's Office), or Jami Kovisto (Registrar's Office) if you have questions about FERPA and appropriate data handling. Contact TLT (email@example.com) for assistance with using encrypted email or Brightspace tools.