Two or more examples of unauthorized disclosures of student information include:
- Sharing a student’s grades or other protected information with someone who is not authorized to access the records (for example, emailing a class’s grade list to all parents or discussing a student’s disciplinary record with a non-authorized third party).
- Publicly posting or leaving visible student identifiers (names, student IDs, or other PII) in a location accessible to the public or to individuals who should not have access (such as posting grades outside an office or in a shared public space).
- Including personally identifiable information in letters of recommendation without obtaining explicit written consent from the student (or failing to secure consent for disclosing such data to third parties).
Notes:
- These situations are commonly cited as FERPA-related violations because they involve disclosing education records or PII to individuals or groups not authorized to view them.
- Other frequent examples include discussing a student’s performance with unaffiliated staff, sharing rosters that contain Social Security numbers, or using unsecured channels (like non-secure email) to transmit student information.
