FERPA (Student Privacy)
The Family Educational Rights and Privacy Act (FERPA) is a Federal law designed to protect the privacy of a student’s education record and prohibits the university from disclosing information from those records without the written consent of the student.
Frequently Asked Questions
Under the terms of FERPA, the university is permitted to disclose “Directory Information” about a student without the student’s consent. Johns Hopkins University has established the following as directory information:
- Legal Name of a student who is in attendance or who has been in attendance
- Name pronunciation
- Local address of a present or former student
- Hopkins e-mail address of a present or former student
- Local telephone number of a present or former student
- Major field of study of a present or former student
- Participation in Johns Hopkins Athletics, limited to hometown, sport, height, and/or weight
- Dates of attendance
- Degrees and awards received and pertinent dates
- Classification (enrollment status) and level of study
FERPA permits students to inform JHU that the information above is not to be released. A student may restrict the release of directory information by submitting the Exclusion of Directory Information Form to the Office of the Registrar.
If the student restricts the release of directory information, a flag is checked in SIS, the student information system. No information can be released on that student without written consent of that student.
Can the university disclose non-directory personally identifiable information without the written consent of the student?
The university can disclose non-directory personally identifiable without written consent under the following conditions:
- University school officials, faculty, administrators, and staff members who have a legitimate educational
- Officials of another school or school system in which the student seeks or intends to enroll
- U.S. Comptroller General, Secretary of the U.S. Dept. of Education, U.S. Attorney General, state and local
- Third party contractors, specifically, the National Student Clearing House
- Financial Aid representatives
- Accrediting organizations
- A lawfully issued subpoena
- In a health or safety emergency
- To the parent of a student under the age of 21 -for the disclosure of the student’s violation of any federal,
state or local law
At the post-secondary level, parents are unable to inspect the education records of their children without written authorization from their son or daughter. The university may disclose education records to parents of students who are claimed as dependents for federal income tax purposes. For more information, visit the Blue Jay Families website.
The university may notify parents and/or legal guardians when there is a health or safety emergency involving their student if they claim the student as their dependent or if they are listed as the student’s emergency contact. For more information, visit the Blue Jay Families website.
At the university’s discretion, the parents and/or legal guardians of students under the age of twenty one (21) at the time of disclosure may be notified if their child is found responsible for violations of the university. These violations include alcohol and drug policies, as well as cases that result in suspension and expulsion.
No. The public posting of grades by the student’s name or social security number without the student’s written permission is a violation of FERPA. Additional violations include:
- Linking the name of a student with that student’s social security number in any public manner, such as requiring an SSN on submitted materials
- Leaving graded tests in a stack for students to pick up by sorting through the papers of all students
- Circulating a printed class list with names and social security numbers as an attendance roster
- Discussing the progress of any student with anyone other than the student (including parents) without the written consent of the student
- Providing lists of students enrolled in class to a third party for any commercial purpose
- Providing student schedules or assisting anyone other than University employees in finding a student on campus
As an employee of Johns Hopkins University, you may have access to student records. Their confidentiality, use, and release are governed by FERPA. You have a responsibility to protect all education records in your possession. These include records relating to students who have business with your department, any documents from the Office of the Registrar, computer printouts in your office, name lists, official course or grade rosters. Your job places you in a position of trust and you are an integral part in ensuring that student information is handled properly.
In general, all student information must be treated as confidential. Even public or “directory” information is subject to restriction on an individual basis. Examples of FERPA violations include:
- Releasing confidential student information (non-directory) to another student, University Organization, or outside entities
- Distributing transcripts of a student’s academic record. Transcript requests must be submitted to the Registrar’s Office
- Leaving reports or computer screens containing confidential student information in view of others or leaving your terminal unattended
- Sharing your computer access code with others
- Using an SSN to identify a student when disclosing or confirming directory information to a third party without consent
- Emailing an SSN
- Giving out directory information if the student has submitted an Exclusion of Directory Information Form
A Special Note to Student Employees
Safeguarding student privacy is a matter of concern to all offices within the University and to all persons who have access to office facilities. The Office of the Registrar is the official repository for student academic records, folders and other files, although records relating to students are maintained in many other offices on campus. As a student employee, you are placed in a unique position of trust since a major responsibility of offices is the security and confidentiality of student records and files. Examples of FERPA violations include:
- Making or permitting unauthorized use of any information in the files maintained, stored, or processed by the office in which you are employed. This includes copies of registration and add/drop forms.
- Discussing the contents of any record, report, or academic status with any person
- Removing any official record or report, or copy thereof, from the office where it is maintained
- Disclosing information about a student over the phone, directory or non-directory without consulting with your supervisor
- Any knowledge of a violation must be immediately reported to a supervisor
If the university does not comply with FERPA, the Department of Education may issue a notice to cease the practice complained of and ultimately could withhold student aid funding. Depending on the type of record and the nature of the disclosure, other penalties could be imposed.
If you have any questions concerning FERPA or questions concerning the type of information that can or cannot be released, please contact the Office of the Registrar at 410-516-8080 or the Office of the General Counsel at 410-516-8128.