Main Nav

FERPA Resources and Compliance--Family Policy Compliance Office

The U.S. Department of Education's Family Policy Compliance Office (FPCO) oversees instituitonal compliance with the Family Educational Rights and Privacy Act (FERPA). In addition to fielding parent or student complaints about violations of the law and its implementing regulations, FPCO offers a number of resources for institutions, students, and parents to help them understand their respective rights and responsibilities under FERPA. Most recently, FPCO has conducted a series of webinars to provide college and university personnel with a better understanding of the law and how it applies to student records management and data-sharing:

Another resource institutions may find particularly useful is FPCO's Guidance for Reasonable Methods and Written Agreements , which details "requirements and best practices for data disclosures" under FERPA's studies and audit/evaluation exceptions. Those exceptions allow institutions to disclose personally identifiable information without a student or parent's written consent for certain types of research studies (e.g., studies to "improve instruction") or for the audit/evaluation of federal or state education programs.

The site also offers FERPA FAQs and model notifications for institutions to use in informing students and parents of their rights under FERPA ( as well as in informing them about what the institution has defined as "directory information" that can be disclosed without consent (

It's important to note that the current regulations reflect amendments the department finalized in December 2011 that expanded who a state education agency could designate as an authorized representative for the purpose of receiving disclosures of personally identifiable information. The goal of these changes is to empower the use of data from state longitudinal data systems to evaluate the effectiveness of programs and policies intended to boost educational performance and/or workforce outcomes. The revised regulations also include new potential penalites for the failure of such third-party "authorized representatives" to effectively safeguard students' personally identifiable information from unauthorized redisclosure, such as a possible five-year ban from access to student records from the relevant state.

However, the current regulations are being challenged in court by the Electronic Privacy Information Center (EPIC) ( on the grounds that the department exceeded its authority in expanding who could receive disclosures of individual student records under FERPA without Congress passing explicit legislation to that effect. (EPIC notes that its suit is further motivated by concerns that the expansion of authority to disclose or redisclose individual student records creates significant new risks to student privacy that the strengthened penalties in the regulations, such as the five-year ban, are inadequate in addressing.) The department has responded (, seeking dismissal of the suit on the grounds that EPIC lacks standing to bring it. Thus, users of FPCO resources should keep in mind that the ultimate settlement of the legal action in this case could affect the information and guidance provided in the current FPCO resources in the future.