Student Privacy/FERPA Guidelines for Faculty & Staff
The Board of Trustees of the California State University recognizes that the right of privacy is an inalienable right protected by Article 1, Section 1 of the California State Constitution. Under the authority delegated to the Chancellor in Title 5, California Code of Regulations, Section 42396.5, Executive Order 796 (January, 2002), was issued for the implementation of the policy for the administration of student records consistent with the federal Family Education Rights and Privacy Act of 1974 (FERPA, 20 U.S.C. 1232g) and the regulations adopted there under (34 C.F.R.99).
Executive Order 796 states: "Each campus shall adopt a written policy statement establishing procedures by which the campus intends to comply with FERPA and this executive order. These procedures shall include a requirement to periodically review campus information management practices concerning student records at least every two years or more often as the need arises."
As required by EO 796, the Registrar is responsible for the biannual review of this document. The document establishes the language and procedures by which the campus guarantees student education record privacy rights and complies with FERPA, California state law and EO 796.
A. Definitions
For the purposes of these procedures, San Diego State University is using the following definitions of terms:
Student - any person who attends or has attended San Diego State University.
Education records - any records (in handwriting, print, tapes, film, computer, or other medium) maintained by San Diego State University or an agent of the university that is directly related to a student, except:
- A personal record kept by a staff member if it is kept in the sole possession of the maker of the record and is not accessible or revealed to any other person except a temporary substitute for the maker of the record.
- Records created and maintained by the San Diego State University Police Department for law enforcement purposes.
- An employment record of an individual whose employment is not contingent on the fact that he or she is a student, provided the record is used only in relation to the individual's employment.
- Records made or maintained by a physician, psychiatrist, psychologist, or other recognized professional or paraprofessional if the records are used only for treatment of a student and made available only to those persons providing the treatment.
- Alumni records that contain information about a student after he or she is no longer in attendance at the university and that do not relate to the person as a student.
B. Ensuring Privacy while Managing Records in Classes
- Maintain the privacy of all student academic work (paper and electronic) at all times.
- Never allow students to pick up their academic work by sorting through materials that include classmates' work.
- Do not use or circulate printed class lists/rosters that include student names, IDs, etc. for attendance purposes.
- Do not use student personal information, including name, student ID and/or SSN, for the public posting of grades or for any other use.
- Students who participate in a course that uses a course management system (e.g., Blackboard) may have access to personal information and academic work produced by other students and faculty members. FERPA and SDSU policy require that students and faculty not reveal any information about classmates, course work content, or its authors to anyone unauthorized outside of the class.
Student Safety & FERPA
While FERPA requires that SDSU protect the privacy of student educational records, it does not bar university officials from sharing critical information about troubled students with appropriate parties. University officials, including faculty and instructional staff, are permitted and encouraged to share information about a student who is or might be considered to be an articulable and significant threat to him or herself or to other individuals. Instructors who see students on a regular basis are often the first to observe serious personal problems or troubling behavior.
Changes in a student's behavior could provide warning signs of distress. Changes in behavior may include:
- Physical or verbal aggression
- Withdrawn and shy behavior
- Uncontrollable crying
- Bizarre emails
- Talking to oneself
- Disheveled appearance
- Academic performance (drop in grades, not showing up for class, etc.)
University officials who become concerned about the welfare or behavior of a student are encouraged to contact:
- Division of Student Affairs at (619) 594-5211; or
- Counseling & Psychological Services at (619) 594-5220; or
- Student Health Services at (619) 594-5281.
D. Accessing & Retaining Records
- Access to student records by faculty and staff can only be approved when there is a legitimate educational interest.
- Keep only the student records needed for the fulfillment of professional responsibilities. Contact the Office of the Registrar with questions regarding the records and retention policy.
E. Directory Information
Although federal law allows for the release of address, telephone listing, email address, photograph, place and date of birth, grade level, enrollment status, previous educational institution attended, and information related to participation in athletics, San Diego State University designates only the following items as Directory Information:
- student name
- major field of study
- dates of attendance
- degrees, honors and awards received
SDSU designates the following items as Directory Information for Academic Student Employees only:
- name
- address
- enrollment status
- department employed
- telephone number
- email address
- status as student employee (i.e., TA, GA, ISA)
The university may disclose any of those items without prior written consent, unless the student requests "Confidential Directory Information" via the SDSU WebPortal. Students may change their "confidentiality" status at any time through the SDSU WebPortal. Requests for Directory Information, or access to non-directory information, from academic or administrative offices of the university, or offices allied to the university, such as the Alumni Association, who have a legitimate educational interest in utilizing the information, will be directed to Enrollment Services for consideration.
F. Releasing and Sharing Information
- Student directory information should never be released to a third party before verifying the FERPA "Confidentiality" status on the student's account in the Student Information System (SIS). If there is a FERPA "Confidentiality" flag on the student's record, do not release any information about the student.
- Do not share private or withheld student information with others who do not have a legitimate educational interest without first having the student's written consent. Written consent must: (1) specify the records to be released, (2) identify the party or class of parties to whom the records should be released, (3) indicate the reason for the release, and (4) all written consents must be retained as long as the educational record pertaining to the request is retained.
- Do not release or discuss student information to parents or guardians without written consent by the student. Parents and guardians do not have a legal right to his/her child's post-secondary educational records, even if that child is a minor. Exceptions do apply in certain circumstances. Please contact the Office of the Registrar at 619-594-6871 with any questions.
- Obtain the student's written consent prior to writing a letter of recommendation.
- When in doubt do not release student information; instead contact the Office of the Registrar at (619) 594-6871.
G. Technology Best Practices to Ensure Privacy
- Always place student email addresses in blind copy when sending email to groups of students.
- Avoid using personally identifiable information about students in email subject lines and in the bodies of emails.
- Use encrypted software when sharing private information via wireless technology (cell phones, wireless Internet, etc.).
- Advise students to take caution in the use of Web sites, electronic communication, and social technology software (Facebook, Twitter, blogs, etc.).
- Follow CSU and SDSU IT Security Policies, Standards, and Procedures.
H. CSU Web-based FERPA Training
- Faculty and staff with access to student records are required to complete FERPA training.
- Contact the Registrar's Office for training registration.
- Access to all CSU web-based training is at:
- CSULearn - Log in to CSULearn using your SDSUid and password.
- CSULearn Quick Start Guide
Revised January 29, 2019