🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
Compliance Coming Soon

CT FERPA Compliance

The FERPA Compliance Training teaches employees the definition of education records, directory information, student rights, legitimate educational interest, and consent requirements, enabling institutions to protect privacy and avoid violations.

Who Should Take This

School administrators, teachers, staff, and postsecondary faculty who handle student data should enroll. Ideal learners are frontline personnel with basic knowledge of privacy policies, seeking to recognize FERPA‑protected information, apply proper disclosure procedures, and determine when consent is required to maintain compliance.

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

63 learning goals
1 FERPA Overview and Scope
2 topics

Legislative purpose and coverage

  • State the purpose of the Family Educational Rights and Privacy Act (FERPA) and identify that it applies to all educational institutions receiving federal funding from the U.S. Department of Education.
  • Describe the two main rights FERPA provides: the right of students/parents to access education records and the right to control disclosure of personally identifiable information (PII) from education records.
  • Identify the Department of Education's Family Policy Compliance Office (FPCO) as the enforcement body for FERPA and describe the complaint investigation process.

Education records definition

  • Define education records under FERPA as records directly related to a student that are maintained by the institution or by a party acting for the institution, in any format.
  • Identify the categories of records excluded from the FERPA definition of education records: sole possession notes, law enforcement unit records, employment records, medical/treatment records, and post-attendance alumni records.
  • Explain the criteria for sole possession notes (made by a single person as a personal memory aid, not shared with anyone else) and describe when notes lose their exempt status.
  • Analyze a set of school-maintained documents to determine which qualify as FERPA-protected education records and which fall under an exclusion category.
2 Directory Information
1 topic

Directory information categories and opt-out

  • Define directory information under FERPA and list common examples including student name, address, telephone number, email address, date and place of birth, dates of attendance, degree awarded, and honors received.
  • Explain the institution's obligation to provide annual public notice of its directory information policy and describe the student's right to opt out of directory information disclosure.
  • Describe the distinction between directory information and non-directory PII (such as Social Security numbers, grades, GPA, and student ID numbers used for authentication) that requires consent for disclosure.
  • Analyze a disclosure request to determine whether the information qualifies as directory information, whether the student has opted out, and whether the disclosure is permissible.
3 Student Rights Under FERPA
3 topics

Right to inspect and review

  • Explain the student's right to inspect and review their education records, including the 45-day response timeframe for institutions to comply with access requests.
  • Describe legitimate reasons an institution may limit but not deny access to education records, such as records containing information about other students.

Right to request amendment

  • Describe the student's right to request amendment of education records believed to be inaccurate, misleading, or in violation of privacy rights, and the institution's obligation to respond.
  • Explain the hearing process available to students when an institution refuses an amendment request, and clarify that this right does not apply to challenging grades.

Right to consent before disclosure

  • Explain the general requirement for written consent before disclosing PII from education records, including what must be included in a valid consent (purpose, parties, records, signature, date).
  • Describe the institution's obligation to maintain a record of each disclosure of PII from education records (except directory information and disclosures to the student), including the parties and legitimate interests.
4 Legitimate Educational Interest and Exceptions
2 topics

School officials and legitimate educational interest

  • Define who qualifies as a school official under FERPA, including teachers, administrators, board members, contractors, volunteers, and other parties performing institutional functions.
  • Explain what constitutes a legitimate educational interest and describe how institutions must define this criteria in their annual FERPA notification.
  • Analyze a request for student information to determine whether the requestor qualifies as a school official with a legitimate educational interest and whether disclosure is appropriate.

FERPA exceptions to consent

  • List the key FERPA exceptions permitting disclosure without consent: school officials with legitimate interest, transfer to another school, financial aid, accrediting organizations, judicial order or subpoena, and health/safety emergency.
  • Explain the health or safety emergency exception, including the requirement for an articulable and significant threat, the limited scope of disclosure, and documentation requirements.
  • Describe the judicial order and subpoena exception, including the requirement to make a reasonable effort to notify the student before complying (unless the order specifically prohibits notification).
  • Explain the studies exception and the conditions under which institutions may disclose PII for research purposes, including the requirement for a written agreement specifying security measures and data destruction timelines.
  • Analyze a disclosure scenario to identify which FERPA exception (if any) applies, determine whether the disclosure conditions are met, and assess whether consent is required.
5 Parents' vs. Students' Rights
2 topics

Rights transfer and K-12 vs. postsecondary

  • Explain that FERPA rights transfer from parents to students when the student turns 18 or enrolls in a postsecondary institution at any age, and that such students are called eligible students.
  • Describe the tax dependency exception that allows postsecondary institutions to disclose education records to parents of students who are dependents for federal income tax purposes.
  • Explain the differences in FERPA application between K-12 and postsecondary settings, including who holds the rights, parental access, and the health/safety notification provision for alcohol and drug violations.
  • Analyze a parental request for student records to determine whether the institution may disclose the information based on the student's age, enrollment status, and applicable exceptions.

Special circumstances for parental access

  • Describe how divorce, separation, and custody arrangements affect FERPA parental rights, including the default that both parents have access unless a court order specifically restricts it.
  • Explain the health or safety emergency provision allowing institutions to notify parents of postsecondary students when there is an articulable and significant threat to the student's health or safety.
  • Describe the provision allowing postsecondary institutions to notify parents when a student under 21 has violated institutional alcohol or drug policies.
6 Technology and FERPA
2 topics

LMS data and cloud storage

  • Explain how data stored in learning management systems (LMS), student information systems (SIS), and cloud platforms constitutes education records subject to FERPA protection.
  • Describe the direct control requirement for outsourced services: third-party vendors must be under the direct control of the institution and subject to the same FERPA restrictions as school officials.
  • Explain the importance of data security measures for electronic education records including encryption, access controls, audit logging, and data breach notification procedures.

Third-party apps and vendor management

  • Describe the FERPA implications of using third-party educational applications, including the requirement for institutional approval, vendor agreements, and data use limitations.
  • Explain why individual teachers and staff should not independently adopt technology tools that collect student data without institutional vetting and approval.
  • Analyze a scenario involving a new educational technology tool to identify FERPA compliance requirements, potential risks to student data, and necessary institutional safeguards.
7 Social Media and Student Information
2 topics

Social media risks and guidelines

  • Identify FERPA risks associated with posting student information on social media, institutional websites, and digital communication platforms including names, photos, grades, and behavioral information.
  • Describe guidelines for sharing student-related content on social media and institutional platforms, including obtaining appropriate consent and verifying directory information opt-out status.
  • Explain the FERPA considerations for classroom recordings, video conferences, and photographing student activities, including when these create education records.
  • Analyze a social media posting scenario involving student information to determine whether it violates FERPA, considering directory information status, opt-out records, and consent requirements.

Email, messaging, and digital communications

  • Describe FERPA-compliant practices for email communications about students, including verifying recipient identity, avoiding student PII in subject lines, and using secure channels for sensitive information.
  • Explain the risks of using personal email accounts, text messages, and consumer messaging apps for communications containing student education records.
8 Penalties and Enforcement
2 topics

Violation consequences and complaint process

  • Describe the potential consequences of FERPA violations for institutions, including the ultimate penalty of loss of federal funding, and explain that this penalty applies to systemic policy failures.
  • Explain the consequences for individual employees who violate FERPA, including disciplinary action, termination, and potential personal liability, even though FERPA itself does not provide a private right of action.
  • Describe the FPCO complaint investigation process including filing requirements, the 180-day filing window, investigation procedures, and potential resolution through corrective action agreements.
  • Analyze a FERPA violation scenario to assess the severity of the breach, identify the likely consequences for the institution and individual, and recommend corrective actions to prevent recurrence.

Data breach response

  • Describe the institution's obligations when a data breach involving education records occurs, including incident assessment, notification procedures, and mitigation steps.
  • Explain employee responsibilities upon discovering a potential data breach involving student records, including immediate notification, preserving evidence, and cooperating with the investigation.
9 Interaction with Other Privacy Laws
1 topic

FERPA, COPPA, and state law interactions

  • Explain the relationship between FERPA and COPPA, including that COPPA applies to commercial operators collecting data from children under 13, and how schools can consent on behalf of parents for educational technology.
  • Describe the FERPA-HIPAA intersection: education records maintained by a school are excluded from HIPAA's definition of protected health information, but records maintained by a non-school health provider may be subject to HIPAA.
  • Identify that state student privacy laws may impose additional requirements beyond FERPA, including data breach notification obligations, vendor transparency requirements, and restrictions on data use for marketing.
  • Synthesize knowledge of FERPA requirements, technology safeguards, and related privacy laws to evaluate an educational institution's overall student data privacy program and recommend improvements.
  • Synthesize FERPA consent requirements, exception applicability, and directory information rules to develop a decision framework for responding to common disclosure requests from parents, law enforcement, and external parties.
  • Explain the relationship between FERPA and the Individuals with Disabilities Education Act (IDEA), including how IDEA's confidentiality requirements apply to special education records.
10 Annual Notification and Institutional Compliance
2 topics

Annual FERPA notification

  • Describe the institutional requirement to provide annual FERPA notification to eligible students and parents, including the required content: rights to inspect, amend, consent, and file complaints.
  • Explain the requirement to include in the annual notification the institution's definition of school official, legitimate educational interest, and directory information categories.
  • Identify acceptable methods for providing annual FERPA notification, including student handbooks, course catalogs, institutional websites, and direct communication.

Employee FERPA training and best practices

  • Describe best practices for handling student information in daily work, including minimizing the display of student identifiers, using secure storage, and limiting verbal discussions of student records in public spaces.
  • Explain the importance of role-based access to student information systems and describe how the principle of minimum necessary access applies to FERPA-protected records.
  • Describe the importance of regular FERPA training for all employees who access education records, including faculty, staff, student workers, and contracted personnel.
  • Analyze a series of common workplace scenarios involving student data to identify FERPA-compliant and non-compliant actions, and recommend corrective measures for each violation.

Scope

Included Topics

  • Family Educational Rights and Privacy Act (FERPA) overview: legislative purpose, covered institutions (those receiving federal funding), and the Department of Education's enforcement role.
  • Education records definition: what constitutes an education record, what is excluded (sole possession notes, law enforcement records, employment records, medical/treatment records, alumni records).
  • Directory information: definition, typical directory information categories (name, address, phone, email, dates of attendance, degree, honors), and the institution's obligation to provide opt-out notice.
  • Student rights under FERPA: right to inspect and review records, right to request amendment of inaccurate records, right to consent before disclosure, and right to file complaints with the Department of Education.
  • Legitimate educational interest: defining who qualifies as a school official, what constitutes a legitimate educational interest, and how institutions establish these criteria in their annual FERPA notice.
  • FERPA exceptions to consent: health or safety emergency, judicial order or subpoena, financial aid determination, accrediting organizations, studies on behalf of the institution, and transfer to other schools.
  • Parents' rights versus students' rights: transfer of rights at age 18 or enrollment in postsecondary education, parents' limited access to postsecondary records, tax dependency exception.
  • Technology and FERPA: learning management system (LMS) data protection, cloud storage of student records, third-party educational applications, outsourced services, and the direct control requirement.
  • Social media and student information: risks of posting student information on social media, classroom recordings and photos, student work display, and digital communication platforms.
  • Penalties for FERPA violations: potential loss of federal funding, individual employee consequences, and the complaint investigation process through the Family Policy Compliance Office (FPCO).
  • Interaction with other privacy laws: relationship with COPPA for students under 13, state student privacy laws, IDEA confidentiality requirements, and HIPAA exclusion for education records.

Not Covered

  • Detailed COPPA compliance requirements beyond its interaction with FERPA in K-12 settings.
  • HIPAA compliance for healthcare providers within educational institutions beyond the FERPA-HIPAA intersection.
  • State-specific student privacy laws (e.g., California SOPIPA, New York Education Law 2-d) beyond general awareness of their existence.
  • Institutional FERPA officer certification or detailed compliance audit procedures for compliance professionals.
  • International student data protection regulations (GDPR, PIPEDA) beyond brief mention of their potential applicability.

CT FERPA Compliance is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified