FERPA (The Family Educational Rights and Privacy Act)

The Family Educational Rights and Privacy Act (FERPA)

The Family Educational Rights and Privacy Act of 1974 (FERPA) is a federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA deals specifically with the education records of students, affording them certain rights with respect to those records. For purposes of definition, education records are those records which are:

  • Directly related to a student and maintained by an institution or a party acting for the institution.

FERPA gives students who reach the age of 18 or who attend a post-secondary institution the right to inspect and review their own education records. Furthermore, the right to request amendment of records and to have some control over the disclosure of personally identifiable information from these records shifts from the parent to the student at this time.

FERPA applies to the education records of persons who are or have been in attendance in post-secondary institutions, including students in cooperative and correspondence study programs, video conference, satellite, internet or other electronic forms. FERPA does not apply to records of applicants for admission who are denied acceptance or, if accepted, do not attend an institution.

For more information regarding FERPA, contact the UCCS Office of the Registrar (registrar@uccs.edu or 719-255-3361). Additional information can also be found on the U.S. Department of Education website.

Those records directly related to a student and maintained by the institution or by a party acting for the institution are considered education records. The term "education records" does not include the following:

  • Records of instructional, supervisory, administrative, and certain educational information that is in the sole possession of the maker thereof, and are not accessible or revealed to any other individual except a substitute who performs on a temporary basis (as defined in the institutional personnel policy) the duties of the individual who made the records.
  • Records maintained by a law enforcement unit of the educational agency or institution that were created by that law enforcement unit for the purpose of law enforcement.
  • Records relating to individuals who are employed by the institution, which are made and maintained in the normal course of business, relate exclusively to individuals in their capacity as employees, and are not available for use for any other purpose. Records of individuals who are employed as a result of their status as students (for example, work study students) are education records.
  • Records relating to a student which are:
    • Created or maintained by a physician, psychiatrist, psychologist, or other recognized professional or paraprofessional, acting in his/her professional capacity or assisting in a paraprofessional capacity.
    • Used solely in connection with the provision of treatment to the student.
    • Not disclosed to anyone other than individuals providing such treatment.

Faculty, administration, UCCS police officials, student employees, clerical and professional employees, and other persons who manage student records information may access a student’s record if there is a legitimate educational concern or interest. Only relevant student information will be released.

This includes contractors, consultants, volunteers and other outside providers used by the University of Colorado Colorado Springs. These include the University of Colorado Foundation and the National Student Clearinghouse.

Legitimate educational interest means the demonstrated need to know by those officials of an institution who act in the student's educational interest. Any school official who needs information about a student in the course of performing instructional, advisory, or administrative duties for the University of Colorado Colorado Springs has a legitimate educational interest.

What is “legitimate educational interest? 
Under FERPA, a school official has a legitimate educational interest if the official needs to review an education record in order to fulfill his/her university responsibility. This includes such purposes as:

  • performing appropriate tasks that are specified in her/his job description or by a contract agreement
  • performing a task related to a student's education
  • performing a task related to the discipline of a student
  • providing services for the student or the student's family, such as health care, counseling, job placement, or financial aid

What is NOT "legitimate educational interest"? 
Legitimate educational interest does not convey inherent rights to any and all student information. The law distinguishes between educational interest, and personal or private interest; educational records are not to be accessed or used for personal reasons. Educational interest does not constitute authority to disclose information to a third party without the student's written permission.

UCCS Use Practices for Sending Student Data through Email and Fax

  1. Any directory-level student information may be sent via email or fax.
  2. Emails sent from a @uccs.edu address to another @uccs.edu address are, in general, encrypted. However, many UCCS employees and students have opted to have their email forwarded to another email service provider. Thus, the campus allows the sending of Level 3 data (see CIW CU-SIS: Reporting Security Levels) via campus email, including to other University of Colorado campuses, but continues to restrict the sending of Level 4 and Level 5 data via email (restricted to certain Bursar's Office or Office of Financial Aid functions). The use of fax and the campus Large File Transfer (File Locker) service is allowed for Level 4 and Level 5 data. Sending password-protected files via email is discouraged, because the password is often also sent via email, thus removing the security, and also because passwords can be lost.
  3. Large amounts of non-directory student data (i.e., greater than 24 students) and data reports containing Level 2 or higher data should always be sent via the Large File Transfer (File Locker) service or other protected means, and not via email.
  4. Grade rosters must never be submitted by email. Grades must be submitted via the campus Web Grading system. Corrections to entire grade rosters (e.g., due to a roster-wide calculation error) also may not be submitted via email, even for rosters with fewer than 25 students.
  5. IN REVIEW: UCCS allows the sending of student name and SID, as well as student name/SID/Level 3 data (including grades), via email only when the email is sent from an @uccs.edu address to another @uccs.edu (or other University of Colorado) email account, with the exception of grade roster submissions. Only directory information may be sent to non-CU email addresses.
  6. Note that any time student data is sent via email, some amount of risk is incurred, so use discretion whenever sending student data via email.

Reporting Security Levels

Current students may release their academic records to their parents, a prospective employer, insurance companies, etc., by submitting a written or electronic release request to the Office of the Registrar.

Option 1: Current students may submit an electronic request through the myUCCS Portal. Within the myUCCS Portal, under the Records and Registration drop-down, select FERPA Consent to Release .

Option 2: Students can submit a written request to the Office of the Registrar using the FERPA Authorization Form.  Mailing FERPA Authorization forms to the Office of the Registrar is strongly discouraged to protect your privacy. The written request must include the following information:

  • It must specify the records to be released (transcripts, etc.)
  • State the purpose of the disclosure
  • Identify the party or class of parties to whom disclosure may be made
  • Request must be signed and dated by the student
  • Return (in-person) to:

University of Colorado Colorado Springs 
Office of the Registrar 
Main Hall 108 
1420 Austin Bluffs Parkway 
Colorado Springs, CO 80918

FERPA directory information is information contained in your education record that generally would not be considered harmful or an invasion of privacy if disclosed. Under current UCCS policy, the following information is designated as directory information:

  1. Student name. If provided, a preferred name will be used when there is not a documented business or legal reason to provide a student's primary name. Students may select a diploma name for graduation and commencement materials.
  2. Campus email address, subject to the limitation described below.
  3. Dates of attendance
  4. Previous educational institutions attended
  5. School/college or division of enrollment
  6. Majors, minors and field of study
  7. Classification level (e.g., freshman, sophomore, graduate student)
  8. University-recognized honors and awards
  9. Degree status (e.g., expected graduation date and/or conferral dates/terms)
  10. Enrollment status
  11. Employment related to student status (e.g., teaching assistant, resident assistant or work-study) and dates positions held.
  12. Participation in officially recognized activities/sports, including height and weight of athletes
  13. Photos and videos taken or maintained by the university

Although these items are designated by UCCS as directory information, only a limited amount of this information is routinely disclosed by UCCS officials, and the University retains the discretion to refuse to disclose directory information if it believes such disclosure would be an infringement of your privacy rights.  Disclosure of campus email addresses is limited to requestors who agree not to use the campus email addresses for solicitation.

FERPA directory information as used in this policy should not be confused with the directory information UCCS lists in online or printed student directories. In an effort to protect student privacy, UCCS Student Directories contain only a student's name and email address. 

Currently enrolled students may withhold disclosure of directory information under FERPA by completing a Directory Privacy Request form with Office of the Registrar (Main Hall 108).

UCCS may change the designation of directory information from time to time. You will be notified of changes through email publication.

Students may ask the university not to publicly disclose directory information. Students wishing to place limited or full privacy on their educational record must contact the Office of the Registrar with photo identification to complete the written request.

Full Privacy Status

If you elect full privacy status, no information about you will be released to the general public unless one of the FERPA exceptions applies. This means that the university:

  • Will not include information about you in the printed or online campus directory(s) or telephone directory assistance
  • Will not release your UCCS Lion One Card picture to any requestor (however, your picture is included in photo class rosters).
  • Will not include your name in lists or labels requested by off-campus requestors.
  • Will not acknowledge to any third party that you are or were in attendance at the university. University officials, employees or others who receive external inquiries about you will respond, "We have no information about that individual."
  • Will not list you in commencement materials, including but not limited to commencement ceremony programs, press releases or other graduation-related materials.

Limited Privacy Status

If you elect limited privacy status, only limited directory information will be released to the general public unless one of the FERPA exceptions applies. Compared to a student who has not elected any privacy status, a designation of limited privacy status:

  • Will prevent the release of your name to off-campus requestors who desire lists or labels.
  • Will prevent the release of your UCCS Lion One Card picture to any requestor (however, your picture is included in photo class rosters).

As of January 3, 2012, the U.S. Department of Education's FERPA regulations expand the circumstances under which your education records and personally identifiable information (PII) contained in such records—including your Social Security Number, grades or other private information—may be accessed without your consent.

First, the U.S. Comptroller General, the U.S. Attorney General, the U.S. Secretary of Education or state and local education authorities ("Federal and State Authorities") may allow access to your records and PII without your consent to any third party designated by a Federal or State Authority to evaluate a federal- or state-supported education program. The evaluation may relate to any program that is "principally engaged in the provision of education," such as early childhood education and job training, as well as any program that is administered by an education agency or institution.

Second, Federal and State Authorities may allow access to your education records and PII without your consent to researchers performing certain types of studies, in certain cases even when we object to or do not request such research. Federal and State Authorities must obtain certain use-restriction and data security promises from the entities that they authorize to receive your PII, but the Authorities need not maintain direct control over such entities.

In addition, in connection with Statewide Longitudinal Data Systems, State Authorities may collect, compile, permanently retain, and share without your consent PII from your education records, and they may track your participation in education and other programs by linking such PII to other personal information about you that they obtain from other Federal or State data sources, including workforce development, unemployment insurance, child welfare, juvenile justice, military service and migrant student records systems.

FERPA allows the institution the right to disclose student records or identifiable information without the student's consent under the following circumstances:

  • To authorized representatives for audit of Federal or State supported programs and local authorities conducting an audit, evaluation, or enforcement of education programs.
  • To university employees who are in the process of carrying out their specifically assigned educational or administrative responsibilities acting in the student's educational interest, including contractors, consultants, volunteers and other outside providers used by the University of Colorado Colorado Springs, including the University of Colorado Foundation and the National Student Clearinghouse.
  • Veteran's Administration officials.
  • Officials of other institutions in which a student seeks or intends to enroll, after transfer enrollment or admission, disability and other health records may be released in the event of an emergency in the need to protect the health and safety of a student or other persons under FERPA.
  • Persons or organizations providing financial aid to students.
  • Organizations conducting studies for, or on behalf of, educational agencies or institutions to develop, validate, and administer predictive tests, to administer student aid programs or to improve instruction, provided that individual identity of students is not made.
  • Accrediting organizations carrying out their accrediting functions.
  • Parents of a student who have established that student's status as a dependent according to Internal Revenue Code of 1954, Section 152; in connection with a health and safety emergency in connection with § 99.36; or the student is under 21 and has violated a federal, state or local law or a policy of the university related to the use or possession of alcohol or a controlled substance.
  • Persons in compliance with a judicial order or a lawfully issued subpoena, provided that the institution makes a reasonable attempt to notify the student in advance of compliance. NOTE: The institution is not required to notify the student if a federal grand jury subpoena, or any other subpoena issued for a law enforcement purpose, orders the institution not to disclose the existence or contents of the subpoena.
  • Persons in an emergency, if the knowledge of information, in fact, is necessary to protect the health or safety of students or other persons.
  • An alleged victim of any crime of violence of the results of any institutional disciplinary proceeding against the alleged perpetrator. The information may only be given in respect to the crime committed.
  • Schools may disclose personally identifiable information from education records to an outside contractor without prior written student consent if the outside contractor is a "party acting for" the institution and is performing a service which the institution would otherwise have to perform for itself (as in the case of the National Student Loan Clearinghouse for loan verification).
  • Representatives of the Department of Homeland Security or Immigration and Customs Enforcement, for purposes of the coordinated interagency partnership regulating the Student and Exchange Visitor Information System (SEVIS).
  • FERPA has been amended to permit educational agencies and institutions to disclose personally identifiable information from the student's records to the Attorney General of the United States or to his designee in response to an ex parte order in connection with the investigation or prosecution of terrorism crimes, under the US Patriot Act.
  • Allows the return of an educational record, or information from an educational record, to the party identified as the provider or creator of the record.
  • Information regarding a registered sex offender's enrollment or employment status, or any changes of such If the school determines that there is an articulable and significant threat to the health and safety to a student or other individuals, it may disclose information from educational records to appropriate parties.

FERPA governs access to a student's disciplinary file. The student and/or those university officials who demonstrate a legitimate educational need for disciplinary information may have access to the student's disciplinary file.

In addition, parent(s) may be notified if a student under 21 years of age is found responsible for a violation involving use or possession of alcohol and drugs.

The Campus Security Act permits higher education institutions to disclose to alleged victims of any crime of violence (murder, robbery, aggravated assault, burglary, motor vehicle theft) the results of the conduct proceedings conducted by the institution against an alleged perpetrator with respect to such crime. The Campus Security Act also requires that both accused and the accuser be informed of campus conduct proceedings involving a sexual assault.

Additionally, the Higher Education Amendments of 1998 permit disclosure of the final results of disciplinary cases in which a student has been found responsible for a violation involving violence or for a sex offense.

Students have the right to access, amend and control release of their education records as described below.

A student should submit a request to review his or her education records in writing to the registrar, dean, chairperson of an academic department, or other official who maintains the records he or she wishes to inspect. The request should identify, to the extent possible, the specific records the student desires to review by type, topic, date or other criteria.

The university official who has custody of the records will assemble the requested records and review them to determine whether they are eligible for access.

  • If an education record includes information about more than one student, the student may review only his or her own information in that record. In this situation, the record custodian must redact the record before allowing the student to review it.
  • Any questions about whether a record is eligible for review or how to properly redact an education record should be addressed with the Office of the Registrar.
  • Before denying a student access to an education record, record custodians must consult with the Registrar, and should document in writing the reason for the denial.

The record custodian must respond to a request for access to education records within a reasonable period of time, but in no case more than forty-five (45) days after the request has been submitted to the appropriate custodian. If the records are not maintained by the record custodian to whom the request was submitted, the custodian should assist the student in identifying the custodian to whom the request should be addressed.

The record custodian will make arrangements for access and notify the student of the time and place where the records may be inspected.

If not personally known to the record custodian, the record custodian must verify the student’s identity by inspection of photo identification or other appropriate documentation.

At the post-secondary level, the right to inspect a student's education records is limited solely to the student. Records may be released to a parent or other third party only under the following circumstances:

  • Through the written consent of the student
  • In compliance with a subpoena
  • By submission of evidence that the parents declare the student as a dependent on their most recent Federal Income Tax form (IRS Code, Section 152) Parent Affidavit can be found in the UCCS Office of the Registrar in Main Hall 108
  • Under the alcohol and controlled substance exception or in connection with a health and safety emergency under the circumstances set forth in § 99.36 (if the student is under 21 years of age)

If a student believes information contained in his or her record(s) is inaccurate, misleading or violates privacy rights, a student may ask the university to amend the record(s). If the problem stems from a clerical or other error in processing, the student should contact the record custodian and follow the established process to effect the necessary corrections. Similarly, a student should pursue the grievance and/or appeal process if he or she has a concern about the appropriateness of a grade awarded or other academic determination. This procedure does not apply to students who desire to challenge a grade. Students who wish to challenge a grade should follow the academic grievance policy in their school or college. If the desired correction of processing errors is not accomplished through normal channels, or the requested amendment is not to correct processing errors or address substantive academic decisions, the student should follow the following procedure:

  1. The record custodian (Registrar) will review the amendment request and any related documentation submitted by the student. The record custodian may request additional information from the student if deemed necessary to make a determination.
  2. Within a reasonable time after receipt of the written request, the record custodian will decide whether to amend the record as requested.
  3. If the record custodian grants the student's request, the custodian shall amend the education record and inform the student in writing of the action taken.
  4. If the record custodian denies the student's request, the custodian shall inform the student in writing of the decision and of his or her right to a hearing on the matter. Additional information about the hearing procedures will be provided to the student when notified of the right to a hearing.
  1. Within ninety (90) days of the date of the denial of his or her request by the record custodian, a student may request a hearing.
  2. The Registrar may serve as the hearing officer, or may appoint another individual to serve as hearing officer. The appointed hearing officer shall not have a direct interest in the outcome of the hearing. The hearing officer shall not review any matter regarding the appropriateness of official grades or other such academic determinations.
  3. The hearing shall be conducted according to the following procedures:
    • The hearing officer shall give notice to all concerned parties of the date, place and time of a hearing reasonably in advance. The hearing should be scheduled within a reasonable period of time following receipt of the petition.
    • The hearing officer shall give the student an opportunity to present evidence relevant to the contested part of the education record. The student may have a representative present at the hearing, but that person cannot participate in the hearing.
    • The hearing officer may receive any evidence and testimony, orally or in writing, relevant to the student’s challenge to the record content. The hearing officer shall not be bound by the rules of evidence applicable in courts of law, but may permit the introduction and receipt of evidence he or she determines is relevant.
    • Within a reasonable period of time, the hearing officer shall issue a written decision based solely upon the evidence presented at the hearing. A copy of the decision, which must include a summary of the pertinent evidence, shall be provided to the student, to the record custodian, and to the Registrar. The decision of the hearing officer shall be the university’s final decision.
    • If the Registrar acting as hearing officer or an individual appointed by the Registrar to act as hearing officer determines that the information is inaccurate, misleading or otherwise in violation of the student’s privacy rights, the Registrar should require the record custodian to make necessary amendments. The record custodian shall inform the student in writing when the amendment has been made.
    • If the hearing officer determines that the information is not inaccurate, misleading or otherwise in violation of the student’s privacy rights, he or she shall inform the student in writing of the right to place a statement in the record commenting on the contested information in the record and/or stating why he or she disagrees with the decision. The university must maintain the statement with the contested part of the record for as long as the record is maintained, and must disclose the statement whenever it discloses the portion of the record to which the statement relates.

Students who have ceased attendance or have graduated from an institution of higher education have essentially the same FERPA rights as students currently attending the University of Colorado Colorado Springs, including the right to:

  • Inspect their education records
  • Have a hearing to amend an education record
  • Have their education privacy protected by the institution
  • Have the institution honor the previously established opt-out request

Once students leave the university, they do not have the right to request that a privacy code (non-disclosure) be placed on their records.

All faculty or staff members who obtain CU-SIS access must agree to and abide by the FERPA certification.

Student data originated and stored on University computer equipment, through reports, or through the sharing of data files is University property. I understand that by virtue of my employment at the University of Colorado, I may have access to records that contain individually identifiable student data. I understand it becomes my responsibility to maintain the rights of students particularly as outlined in the Family Educational Rights and Privacy Act of 1974 (FERPA). I understand I do have the responsibility to maintain confidentiality. I will not exhibit or divulge the contents of any record or report to any person except in the conduct of my work assignment and in accordance with FERPA policies and procedures. I acknowledge that I fully understand that the intentional disclosure by me of this information to any unauthorized person, including another University employee, or the tampering of any data that resides on any data system, does violate university policy and could constitute just cause for disciplinary action, including but not limited to suspension of access privileges, a letter of reprimand, employment termination and/or accountability in a court of law. I understand that security dictates that I do not allow anyone to know or use my password and should I discover that my password is known (whether used or not), I will immediately change my password. Furthermore, I understand that should I allow another person to use my logon ID and password, all access to these systems granted as a registered user will be immediately terminated.

Across campuses nationwide, there continues to be a great deal of discussion related to the privacy of student records in relation to tragedies on college campuses.  FERPA does permit university employees to disclose information about students who they perceive to be disruptive to the safety, health, or well-being of the campus community.  FERPA also permits university employees to disclose information if they perceive the student to have a disturbing change in their normal behavior that generates concern for the safety of the student and campus community.

It is important for faculty and staff to understand that FERPA does not prohibit the disclosure of personal or classroom behavioral observations of students. FERPA allows us all the discretion to release this information under specified circumstances, and through proper channels, to appropriate personnel on campus.

What Are the "Specified Circumstances"?

FERPA allows the disclosure of information from the educational record, without the written consent of the student, under the following: "Persons in an emergency, if the knowledge of information, in fact, is necessary to protect the health or safety of the student or other persons." The Department of Education interprets FERPA to permit institutions to disclose information from education records to parents if a health or safety emergency involves their son or daughter.

Some concerns have been expressed by faculty and staff on campus that they are reluctant to share any information with the appropriate personnel on campus if the student advised them, verbally or in writing, that they were seeing a mental health or other medical professional. Note that anything expressed verbally by a student is not part of the "educational record," and can be shared. If the student has advised a staff or faculty member of this in writing, it can still be shared with someone with "an educational need to know" as described by FERPA regulations, which would include those listed as the "appropriate personnel on campus" below.

Again, the bottom line to recall: FERPA does not prohibit disclosure of personal observations to appropriate campus personnel about students of concern. You do not have to determine if this is an emergency that will be considered a threat of health or safety. You can consult with other appropriate personnel on campus for additional perspective, suggestions, resources, referral or assistance.

Who Are the "Appropriate Personnel on Campus"?

There are a variety of personnel on campus who can be of assistance depending on the situation. For example, the Dean of Students office is a central resource for assistance especially when you are unsure of who to contact.

The Counseling Center has licensed professional staff members who are available during business hours to consult with you about students of concern.

These two confidential offices are available for phone consultation to you or to meet with you if you want to bring a group of staff or faculty together to problem-solve about a particularly complex student situation. Or they can refer you to other appropriate resources.

Finally, in an urgent situation, never hesitate to call UCCS Police.

Some faculty members think they should not reveal the name of the student and should keep the consultation anonymous. However, this is key information for the consulting party, as that professional may already have some information about the student of concern that should be included to formulate the best way to proceed. Some of these professionals may already have had contact with the individual, and you may be providing key information that the professional would need to know to be effective. Licensed mental health professionals have strict confidentiality laws to follow that restrict their ability to inform you. However, FERPA allows you great discretion in informing the mental health professional of your own professional observations, as well as allows you to share information about a student with a person who has an "educational need to know."

In conclusion, it is important for all of us to understand that FERPA does not prevent you from contacting others on the UCCS Campus if you have concerns about the behaviors of a student on this campus. However, only those who are identified as the "appropriate personnel on campus" should be contacting the parents or other relatives of students. These trained individuals are most knowledgeable in human behavior, and can best determine if further concern is warranted.

Below are examples of how student data is used at the University of Colorado Colorado Springs:

  • Spreadsheets and other attachments that clearly identify a student—even if just by a last name or a student ID—and contains other protected student data (GPAs, courses, probation information, suspension information, etc.) MUST BE PASSWORD PROTECTED.  If there is any personally identifiable information (PII) that clearly links a student with non-directory FERPA data, and it falls into the hands of someone who does not have a legitimate educational interest in receiving this data, it is a FERPA violation. 
    NOTE: You might be very careful in addressing the email to a recipient who also has a legitimate educational interest in this data, but email is not a secured method of communication ( APS Use of Electronic Communications and Student Email Policy). Never send an unprotected file of protected data via email unless it is password protected. In addition, we have seen on occasion unsecured attachments that may have legitimately been sent to someone on campus, but then forwarded on to others who have no legitimate educational interest (as defined by FERPA) in having access to this data. Always password protect a file. You might now be wondering if it is okay to send a spreadsheet of names with directory information (college, major, etc.) This would be fine UNLESS it contains information about a student who has full privacy protection. Then you must password protect the file. The best practice is to always protect the file, even if it only contains student IDs.
  • What if the body of the email contains student ID, full name and protected data? Is this okay to send? Same problem as above, but we understand the need to communicate with others on campus about sensitive student matters. Best practice is to use the last four digits of the student ID if you are communicating about a small number of students. Not as good but acceptable is using the student ID with last name/initial only. But in the event that you are communicating about a number of students, put it in an attachment and password protect it.
  • Do you know that if you have documents that have FERPA-protected data about students, you need to dispose of them in confidential disposal? Just putting them in your desk-side trash or recycle can expose this data to individuals who do not have a legitimate educational interest in seeing this data. Always dispose of this in a confidential disposal bin or shred the document.
  • Never send SSNs via email. Identify theft is on the rise. "CBS This Morning" did a report on identity theft tax fraud "spreading like wildfire." This report cited employees of schools and hospitals with access to personal data were as primary sources for scammers to obtain data needed for perpetrating this fraud. As stewards of significant amounts of personal data on students, faculty and staff in our university community, we need to have a heightened awareness of this and the vulnerabilities it presents. Data breaches are costly for everyone. Protect data from our systems like you would your own personal data.

We have seen a number of CU-SIS screenshots sent via email lately that clearly identify the student (or the student is identified in the body of the email) and contains a great deal of sensitive data, or data the recipient may not have a legitimate educational interest in receiving. Please use your knowledge of FERPA and university policies before sending this much information about a student. If still needed, send the screenshot as a password-protected document.

Information about individuals should be retained only so long as it is valid and useful. Those responsible for academic information have an obligation to destroy information when conditions under which it was collected no longer prevail.

Any document containing personally identifiable information must be disposed of properly through some means of confidential disposal.

This policy establishes the principles and processes for the retention and disposal of university records, outlines the roles and responsibilities associated with this process, and provides records retention schedules for the university.

For more information, visit the Office of Policy and Efficiency. If you need information on confidential disposal, you can call the Office of the Registrar at 719-255-3361.

The Office of the Chief Privacy Officer of the Department of Education reviews and investigates complaints of violations of FERPA. If the Office finds that there has been a failure to comply with FERPA, it will notify the institution about the corrections that need to be made to bring the institution into compliance. The Office will establish a reasonable period of time for the institution to voluntarily accomplish the specified changes. If the Secretary of Education finds that, after this reasonable period of time, an institution has failed to comply with FERPA and determines that compliance cannot be secured by any means, he can, among other options direct that no federal funds under his administrative control (financial aid, education grants, etc.) be made available to that institution.

All such inquirers should be directed to Public Safety at 719-255-3111.

UCCS provides a secure web application by which faculty submit their grades to the registrar. Students are able to view their academic record, including grades, via a secure web application in their UCCS Portal.

The public posting of grades either by the student’s name or social security number or university ID is a violation of FERPA. This includes the posting of grades to a class web site and applies to any public posting of grades for students taking distance education courses.

Notification of grades via a postcard violates a student’s privacy rights.

Notification of grades via e-mail is not recommended. There is minimal guarantee of confidentiality on e-mail. The institution would be held responsible if an unauthorized third party gained access, in any manner, to a student’s educational record through any electronic transmission method. For additional online grading information, click here or visit www.uccs.edu/registrar.

Statements made by a person making a recommendation that are made from that person’s personal observation or knowledge do not require a written release from the student. However, if personally identifiable information obtained from a student’s educational record is included in the letter of recommendation (grades, GPA, etc.), the writer is required to obtain a signed release from the student which:

  1. Specifies the records that may be disclosed
  2. States the purpose of the disclosure
  3. Identifies the party or class of parties to whom the disclosure can be made

If this letter is kept on file by the person writing the recommendation, it would be part of the student’s education record and the student has the right to read it unless he or she has waived that right to access.

Sample letter of recommendation:

I give permission to Prof. Casey to write a letter of recommendation and send to: 

Clyde the Mountain Lion 
UCCS, CO 80918 

Prof. Casey has my permission to include my GPA and grades. 

I waive (or do not waive) my right to review a copy of this letter at any time in the future. 


To avoid violations of FERPA rules, DO NOT:

  • Publically post your grades
  • Ever link the name of a student with that student's social security number in any public manner
  • Leave graded tests in a stack for students to pick up by sorting through the papers of all students
  • Circulate a printed class list with student name and social security number, university ID or grades as an attendance roster
  • Discuss the progress of any student with anyone other than the student (including parents) without the consent of the student
  • Provide anyone with lists of students enrolled in your classes for any commercial purpose
  • Provide anyone with student schedules or assist anyone other than university employees in finding a student on campus