Brent Warner
This is the higher ed tech podcast season three episode 10, understanding FERPA with Ruben Guzman.

Tim Van Norman
Welcome to today’s higher ed tech podcast. I am Tim Van Norman, the instructional technologist here at Irvine Valley College.

Brent Warner
And I’m Brent Warner professor of ESL here at IVC. We both enjoy integrating technology into the classroom, which is what this show is all about.

Tim Van Norman
Welcome. We’re glad you’re here with us. So anything new Brent is we’re starting finals and getting ready, I you’re going to get out of here, or you’re going to at least take a break.

Brent Warner
I’m leaving I am I’m out the door and I’m closing the computer. I’m not going to be checking any emails. It’ll be really nice. It’s the first time I’ve done that for quite a while. So you know, usually I’m checking email a little bit, but I think I’m, I’m completely 100% signing off. So I will not be back. Well, we’re going to have to pre record our, our episode 11 For the beginning of January, because I’m not even going to be back by that time. By the time that episode goes.

Tim Van Norman
Nice. And in that time I’ll be doing five different eight hour days of training. So yes, I’m looking forward. No. Hey, I volunteered for that. That’s it. I find that a good thing.

Brent Warner
No, it’ll be great. I actually like that. That’s one of the things I am a little bummed about missing out on but, but I need some time off. So that’s okay. Good. I’m

Tim Van Norman
glad you’re gonna get it. Alright,

Brent Warner
so today, we have with us Ruben Guzman. Ruben, How are you?

Ruben Guzman
I’m doing great. Thank you.

Brent Warner
Thank you so much for joining us. We are here to talk with you. We’ve actually like we’ve talked about this for a while I getting you on the show and trying to talk about FERPA Yeah, well, and like I know, like, there’s gonna be people like, do I really want to listen to the people talk about FERPA? So, I think we’re gonna do our best to kind of make it interesting and make it useful, useful information. But Ruben, can you introduce yourself a little bit so people know, like, why are we talking to you about FERPA?

Ruben Guzman
Sure, sure. Um, by the way, I love nerding out about FERPA when I have the chance, which doesn’t happen too often

Brent Warner
Talk about FERPA over a drink or two? Really get into the weeds. (laughter)

Ruben Guzman
So, so I am the registrar at Irvine Valley College. I’ve been in that role since 2002. So I am in my 20th year there. Prior to that I had some experience in the public sector with secondary education, as well as the private sector, at the university level. And so in combination, it’s about 32 years of my work in in this kind of a role and with my familiarity with the topic. It’s it’s always an an interesting one in my arena, because we oversee student records, of course. And so the the situations are always new and fresh. So it’s it’s something I certainly enjoy speaking to others about and to help so

Tim Van Norman
excellent. Well, we’re, we’re appreciative that you agreed to come join us in this and and let’s start with the first thing. What is FERPA? What does it stand for? And, and what does it mean to us?

Ruben Guzman
Well, it’s it’s the acronym for the Family Educational Rights and Privacy Act, which came about 1972. And it’s been around since not, in the sense that it’s changed a lot, quite honestly. It’s it’s really, it really hasn’t. But we do see some nuances over, you know, a few years with updates to some of the policies that exist. But it’s it’s a federal law that really ensures that students who attend any public institutions are guaranteed their privacy rights, and to make sure that that information is not disclosed without the students consent. What it also encompasses is the student’s rights to review records upon requests and to amend any records if they see that there’s something there that’s incorrect, and needs to be changed. So, so those that’s really the gist of it. It’s a huge umbrella, though, when it comes to records because there’s all kinds of aspects when you’re looking at educational institutions and handling records. As we’ll talk about, you know, it’s not just my role in maintaining records that come to my office, but it’s also happening in the classroom. It’s happening in conversations that are happening in public arenas, with Other students around, it’s in the library. It’s, you know, in any services office. So you know, it’s really present for everybody. And so it’s really a good thing to have at least some, some general understanding of how it works in order to ensure those privacy rights.

Tim Van Norman
Along those lines. Whenever I hear FERPA, I also think of HIPAA. Are they analogous? Are they completely different? I know they’re not the same buds. You know, I’m not asking you to get into HIPAA, but just for those people who hear HIPAA and FERPA and go away, what’s that? Yeah, you

Brent Warner
always hear FERPA and HIPAA, FERPA and HIPAA like the the words go together. Right?

Ruben Guzman
You know, it’s funny to say that because I actually had a HIPAA conversation with one of my staff today, so, so it’s present in my conversations. However, I don’t deal with with HIPAA because it is an entirely separate privacy rights, lead regulation that our Health Center Health and Wellness Center really works with. And so the only occasions where I am engaged in something that’s HIPAA related, is usually with subpoena requests that come to the college. And by that, you know, we get subpoenaed requests all the time for records. It’s not litigious stuff against the college. What it is, is it’s really third parties asking for student information, by way of us illegal subpoena. And so, in a lot of those cases, you’ll see those subpoenas requesting not only educational records, but also health related records. And that’s where I usually have to reach out to the health and wellness center for their authorization to release certain HIPAA records where it’s where it’s permissible.

Tim Van Norman
That makes sense. Thanks.

Brent Warner
The short and sweet is FERPA is academic and HIPAA is health and medical, I guess, right?

Ruben Guzman
Yeah, that’s a good way to look at it. Yeah.

Tim Van Norman
Excellent. So personally identifiable information. What is that? Is that like my home address? Is that like, my name?

Ruben Guzman
Yeah, I couldn’t be and so what HIPAA, or I’m sorry, we’re talking about HIPAA. What FERPA really touches on is ensuring that in cases where we release information about a student, it’s regarded as directory information are stuff that’s like okay to release, that’s not going to really compromise a student’s you know, identifiable information. When we talk about PII or personally identifiable information. That’s the stuff if you want to think about it, that’s hackable. And it’s stuff that you don’t want a third party to know about. For the purposes of, you know, something malicious, social security number could be that date of birth could even be that email address could even be that so, so. So FERPA is very clear about making sure that if a college is releasing information through what’s considered public, or directory information, and I’ll explain that in a sec, that is not personally identifiable that could compromise the student’s security. So So yeah, it’s, it’s very, we’re very deliberate about what we regard as directory information. All schools are in the same situation they have to identify for the students and the public. What’s considered directory information. And directory information is fairly benign information that can be released to a third party without the student’s consent. And so at Irvine Valley College, for example, some of the things that we consider directory information includes the things like the terms that a students enrolled in their enrollment status, if they’re full or part time, declared major. Things like officially recognized activities, sports activities, and even within the sports. There’s things like weight, height, those kinds of things. And the school that they perhaps graduated from in high school, as well as the degrees and awards that we give to students, including honors and scholarships, and things like that, things that you would likely see in an events program that’s often you know, available or given to the public or spectators. So so those are things generally that most schools will consider directory information that is okay to release. And you’ll see that within the list of things that I mentioned, the, the bulk of the directory information that we are asked to release really is related to enrollment status for students. So our office really works with lots of requests regularly from third parties to just verify that a student perhaps ever attended the college or the term They attended, or if they ever completed or got a got an award. And so because those things are so common, it’s really nice that we have those items listed as directory information to be released to third parties without the students consent. And again, most schools have those same kinds of things available as directory information with some slight variances depending on the college. So what kind of,

Tim Van Norman
Like –

Brent Warner
I’m sorry, yeah, sorry Tim. I’m interested to know what kind of variations they might be. And why because, you know, it sounds like sounds like it’s fairly universal, but also it’s like, oh, this school, for some reason has its own policies or a different take on things?

Ruben Guzman
Yeah, yeah. There’s, there may be some instances in universities, where it is a little different. To have other things like, gosh, let me sink here. Maybe sorority or fraternity information? Or, you know, I would hesitate to say something like email, because I wouldn’t know of an instance where an email could be considered directory information. But you know, there’s that possibility, perhaps, or, or social media contact, or, you know, I don’t know, I would just wander out there with the new with, with new social media outlets, you know, if those things are being considered now, at universities or other schools,

Brent Warner
I’m actually really interested to talk about social media, because these days, students especially are very open to giving out tons of private information about themselves publicly, right? And so I always get a little bit like, confused, I’m like, Well, I can’t say this thing. But anybody could go on Instagram and find it out for themselves in a matter of seconds, right, or whatever, whatever that is. So how do how do we deal with like, recognizing that some private information might be totally public, but we still have to kind of put on blinders? I don’t know, like, you must have these conversations, I guess. Right?

Ruben Guzman
Absolutely. And you are so right, in the same concern I have about students giving too much information about themselves. And social media, what we what we used to see a bit more, particularly when Facebook and Instagram were our big outlets for students to relay information to them, is we would get posts on occasion, where marketing would have to get in touch with our office and and relay to us the the post from a student giving their personal situation and asking about more information, or where can I get more information about my specific situation. And so what we would have to do is take those kinds of questions offline. So we don’t want to respond in social media to not only verify what the student is saying, as their information, but to give additional information. So so we we typically move those things offline. And marketing was will know from us usually the standard responses, please have the student contact us directly. So that we don’t continue this conversation in a public forum. So yeah, it’s a really good question. And I think it’s something that really has to be in the conscious conscience of the student, because they’re the one that’s disclosing the information and not a third party. So they’re, they’re more or less consenting to releasing the information themselves, which is problematic, because then the person that’s blind will really is the student in those cases.

Brent Warner
Yeah, I, I, you know, I just think about how and Tim and I talk about this sometimes too, right? Like this idea that, like, we kind of pretend that there’s privacy, but there’s not really that much privacy out there in the world, you know, like people could hack and all of these things. And so it’s always kind of a you know, it’s it’s an interesting line to walk right to kind of say, like, hey, we we still are trying to do the right thing and to follow all of these rules. But you know, that it’s like some student going out there and blowing it up, like they’re throwing a grenade right in the middle. And usually, in

Ruben Guzman
that context, you know, you want to reach out and help them right away. And so the last thing you want to do is to disengage and say, Hey, let’s take this somewhere else and chat, but really, that’s the in terms of FERPA, that’s the that’s the best way to go. So that we’re not caught in this trap of, of having a public conversation with that really should be private.

Tim Van Norman
Along those lines and staying with the social media part. What about some of that information going to students personal emails, not their college emails, but their personal emails? I’ve always been told that within the college email system is one thing, but the moment you send an email directly to their Gmail account, basically, it’s as if you were putting it on social media, you have to think about it that way. So therefore, you can’t send emails to somebody that has any personally identifiable information, which can be grades. I’ve had, I’ve had people in the past, and I remember when I was in school, my teacher would post the grades on the wall, or on their door, okay. And they might use the last four of your social security number. And, and everybody knew what everybody’s grades were. And theoretically, it was protected. Now, this was years ago, but it was protected. Because you didn’t know whose last four it was. To me. What do you think is that that’s questionable at best, but I think it’s wrong. It’s hard to

Ruben Guzman
justify the and and you’re absolutely right, Tim, that the current interpretations of FERPA would not permit something like that to happen in the classroom. In fact, while well, it’s okay to to have a way to display that information to students in the classroom, it has to be through an encrypted identification, one that only the student themselves would know, and not other students. So student ID number wouldn’t work Date of Birth wouldn’t work, you notice those are personally identifiable information, data elements. So So yes, it has to be maybe you know, that instructor if they wish to do that, who knows why they would want to even do that these days. But if they chose to, has to make the effort to make sure that the particular four digit PIN that they choose to use is something that’s, that’s only something that the instructor and the student, the specific student knows, and not possibly every other student is exposed to PII, in those cases, we use the similar way we used to get, you know, back in the days when we had to take paper grade rosters, you know, we’d come into the office after a weekend and see some envelopes taped to the door and saying, Here’s my grades. That’s a big FERPA No, no. And so, so thankfully, with electronic grading, now, you know, those things are gone. But, but yeah, those are other examples too, of exposing that kind of information in a public forum, where, you know, it’s, it’s good intentions, but, but really, the, the, the risk to security of student information is too great.

Brent Warner
Yeah, that’s, you know, I was thinking about that, of course, it’s so easy with, you know, an LMS, like Canvas or something, it’s like, you’re just in there, you, you only have access to your own thing, right, we have access to ours. But it’s also interesting. So you’re saying technically, let’s say you have a teacher who’s just like, I don’t want to get involved with the technology stuff. And I, I don’t know why we’re talking about this, because they would not be listening to this show. But, but in theory, they could, they could go and generate some sort of code for each student, send, give it directly to that student or send it to them. And then they could say, hey, you know, x three, one, z is your number and your number alone. And whenever you see that, then you’re going to see information about yourself with the rest of the class. So if somebody was stuck with an old fashioned way,

Ruben Guzman
Right, and the interesting thing about that is, it’s not a violation of FERPA, if it’s done that way, in an encrypted and secured kind of way like that. But it’s not necessarily the best way to do it. And so, you know, what we find a lot in questions about FERPA is, you know, yeah, it can’t be permitted. But should we be doing it that way? And clearly, in this kind of a case, I would, I would definitely sway the Instructor No matter how old school they are. To not not do it that way.

Brent Warner
Can I I want to follow up with another I mean, just isn’t for on the social media part of this. The there are teachers who love like supporting their students and like pumping them up and getting on to Instagram and saying, Here’s my class presentation, right? Like, they did this cool thing. And I like doing that type of stuff, too, sometimes. And then, but then I’m like, wait a second, like, do I have to get all of the students permission to post a picture online? Or do I have to, like, am I violating anything by showing, you know, is their face personally identifiable information, you know, like, they’re just parts of those things where it’s like, you want to like your intention is fully positive, right to like bring up and to be connected to them in the way that they are living in their world, right. But at the same time, there are concerns about like, how much information I know with kids like with, you know, college, I don’t know if it’s different college and like, you know, younger kids But like, you’re not supposed to post a lot, a lot of teachers I see posting kids faces, like they’ll put on like stickers over their faces or like, you know, they’ll emoji or like so that you don’t see their faces. What are are? Are there any expectations or settings around this for us as teachers at the college level?

Ruben Guzman
Well, you know, FERPA doesn’t get that descriptive. But it does give us some, some guidelines on how we should should possibly navigate these kinds of situations. And so the mantra in my office really is erring on the side of caution. It’s always better to to withhold. Now disclose later than disclosed now. And wish we withheld later. And so. So we always want to make sure that the student has the the knowledge of the release of information, and of course, gives that consent. So, you know, if there’s a situation where you’re, you’re kind of questioning, should I or shouldn’t I, you know, I’d encourage just getting the consent anyway, just so that it’s covered in the event, there’s any issue later. Again, FERPA doesn’t really specify that in terms of things like the situations you mentioned, with social media and sharing projects or information like that, but do know that in instances where something is already graded, if it’s an essay or something like that, we should get the students consent first, before sharing something like that, if it was a, if it was a peer grading kind of exercise, or just a discussion about things that students create on the spot or on the fly before they get graded. Those don’t necessarily, those aren’t necessarily considered educational records. Once they’re graded, though, and recorded, then they become educational records. And that’s where FERPA says, Hold on, you got to make sure that the student gives their consent.

Brent Warner
Okay, interesting.

Tim Van Norman
And I, it kind of feels a little bit like a rabbit trail, since we haven’t gotten to the next thing on here. But we’re this is the social media component actually fits exactly what you know, this show is about is that technology in the classroom and stuff like that. Let’s take it another step. And, by the way, now,

Ruben Guzman
let me get back to your email question. And so we don’t have to do it now. But make sure that we cover that.

Tim Van Norman
Okay, we’ll definitely get there. But along these same lines, specially social media, take it back out of social media. What about things like, I do a lecture, I record the lecture, and I’ve done it over zoom, a lot of people have recorded lectures over zoom, especially through COVID. Now they want to give it to the next semesters class. As long as no students have spoken up, there’s no student information in it. It’s not a problem. Okay. Now, let’s talk about a student asks a question. And it’s not in a chat, because the chat would be would not be recorded in zoom. A student speaks, that maybe they they are on screen, stuff like that. Is that something that is permissible to go to the next semester? Or is that not? Assuming the student hasn’t signed a waiver? Obviously, if they’ve signed a waiver, they’ve given the permission to do that. But is that just like an incidental thing? And not a big deal? Or is that oh, timeout? You need to not have that you need to edit that out?

Ruben Guzman
It’s a good question. And, and I apologize for giving such a generic answer as it depends. But really, in this case, it depends. And so what you what you want to think about is, and I don’t know what the protocols necessarily are for Canvas. But if a if a class is utilizing something like zoom, is there is there a college policy on ensuring that the student is aware that this zoom discussion could be used, you know, for future purposes, or things like that, we talk about release in the sense that the student can can sign a form and give their permission that certainly could be implemented as well, just to cover ourselves, you know, just because we don’t know what all what all the scenarios would be down the road. But at least having the consent on file is something that that could serve, you know, best in these kinds of situations. Now, the other thing to talk about is what’s being exposed in the conversation. If it’s, if it’s staying true to whatever the topic is, in the course, we’re not compromising personally identifiable information. But if it’s a student, let’s say in a counseling class on stress strategies, and someone in one of the students chooses to relay a personal situation that they’re struggling with, then I’d be really careful about about, you know, probably not having that information usable for future purposes. So, so yeah, it really it really would depend. There’s no real one answer for that kind of a situation.

Tim Van Norman
Well, thank you. And this is exactly why we’re having this conversation. Because a lot of times we’re looking for a black and white. And maybe maybe there are different things that might factor in to whether it is black or white, or whatever type of situation.

Ruben Guzman
Yeah, it’s yeah, I can appreciate your comment. Because it’s, it’s always such a fluid situation, you really kind of have to take the context at the time to really weigh what FERPA would say about it. Absolutely.

Brent Warner
So I have another zoom question. And I think I already know the answer to this. But I think that what happens here is, let’s say I am showing some Canvas stuff, right? I’m going here’s my canvas, here’s what we’re going to walk through. And then I click into an assignment. And I I’m, I guess I’ll admit, this has happened to me on accident, but I’m sure I’ve violated FERPA in this moment, which is, I’ve got a Google assignment in there, the and the grades show up right inside of there, right. And so I’m trying to show the students Hey, remember, we came back to this thing, and then they can see for, you know, two or three seconds like the the their classmates names and the grade that they might have gotten on that assignment before I kind of realize I’m like, Oh, my I can’t, you know, I can’t be showing that. Right. And so that that right, there is a violation, right? I mean, I would say like, it’s not intentional, I’m not trying to go out there and show everything. But I’m also breaking this rule, because for for a second, and also potentially recorded on any number of the students screens, or my or my own recording of it, there is information going on there. So we have to be quite careful about when we’re screen sharing, and what information when we’re screen sharing as well.

Ruben Guzman
You are absolutely right. One thing that I’ve had to to learn more as a registrar over the years, is is making sure that I’m redacting information where I need to, so that even if it is exposed, the redacted pieces are in place to make sure that I’m not compromising anything. And, you know, let’s be real, those things are gonna happen by accident. And that’s why we can call them accidents. But, you know, the best way to resolve those kinds of things is just in prevention, and to, to just have an awareness so that, you know, that the, the next time you at least know that you can redact that information and still show the same thing you want to show, and everything is good. So, so yeah, there’s no, there’s no verbal police at the college, I don’t have a, you know, a gun in a holster or anything that I’ll come and find you. But, you know, the, the what, what the Department of Education really wants us to be sure of is that we’re just making efforts to either avoid those situations, or to fix them once they’re discovered. And so so that’s really where, where, where we can kind of take these approaches to improve things to avoid burnout and to minimize the risk.

Tim Van Norman
And for those people listening, if you do record, something like that Screencast O Matic is a great way to go in and blur that off so that you can still have the verb, the audio, still have the video, everything else, but you have just that one section blurred and nobody can see what what is there. So just, you know, a plug for one of those tools that we’ve plugged in the past, but, but honestly, that’s something that I do all the time as I’m recording lots and lots of videos. And I go back and I look at them, even as I’m recording on my noting, okay, what do I need to make sure I cover so anytime I’m in our SIS my site, I, if I go in from a student perspective, even from my own perspective, I wind up blurring almost the whole thing because I want to make sure that nothing that anybody could see that’s meaningful is being shown. But that means you got to go back and you got to do that extra work.

Ruben Guzman
Yeah, it’s really making sure that you have that awareness at all times. And as long as that’s the case, you’re going to be fine. Yeah.

Tim Van Norman
Excellent. So we’ve, this has been a part here where we’re talking about social media. And you mentioned email. So let’s get into this next section of comma FERPA situations and I think email might be might fit under that. When email sent to the student If it’s through our system, meaning IVC, Saddleback, the college system, and you know, for other colleges, it would be that same way their college system, is that typically considered FERPA. Okay? Meaning if I’m, if I was an instructor and I sent a student, Hey, your grade on this assignment was an A, that’s okay. Because it’s within that system. Versus if I sent it directly to their personal email, their Gmail account or something like that. My understanding is that’s not okay.

Ruben Guzman
Yes, it’s an it’s an interesting question. Because you have to throw into there, this this other layer where students choose to have their email from the College Board. That’s exactly what

Brent Warner
I was thinking I

Tim Van Norman
was the one I was gonna get to.

Ruben Guzman
So, here’s, here’s the thing, I think that, again, FERPA is not going to be really prescriptive about how to handle email. But there’s some common sense to consider. In doing so. What what, what you want to do is, email, of course, is a convenient way of relaying information to students when necessary. And so you the best practice, I think, for most colleges, is it’s gonna go to your college design address, okay, we’re not going to send it to your personal email address. So if the student wishes to have that, that kind of email forwarded to them at a personal email address, well, guess what, that’s their consent, they’re giving their consent to have that information relate to them, indirectly through the college’s email address that gets forwarded them to their personal email address. Now, what we also have to look at in terms of what’s what makes common sense, is what we put in those emails. And so whether it’s a college email address, or a personal email address, you know, they could be compromised in some way. So you, you really want to be careful about things like grades, or other personally identifiable information that’s being released, I’m going to give you a little story that I actually encountered just the other day by email, I received a request for information from a third party, who happened to disclose in the long email thread, at some point, part of the student’s social security number. When I responded back by just simply hitting reply, what I got back from our own district security was, hey, heads up, you just responded to an email that had social security information in it, please be sure to avoid responding with that kind of content in your email. So I mean, as the registrar I’ve even, you know, stumbled on this. And I’m actually quite delighted to know that the district has something like that set up.

Brent Warner
Wait, sorry, Ruben, can you clarify that? So you’re saying you wrote an email, you hit reply on an email? And somehow it was? I mean, is there big brother what’s new in terms of when you’re sending emails, I don’t what’s what?

Ruben Guzman
What it was, is that there must be an algorithm that looks for things like patterns of numbers, like social security numbers. And when this email was sent to me, the the third party included the Social Security Parsh, part of the social security number, I think the other parts of it were axed out, or xx x dash x x, stash whatever the number was. And so there must be an algorithm, at least in whatever the district program has to find that kind of thing and say, Hey, heads up, by the way, did you know that there’s this personally identifiable information in your email, please be careful about, you know, releasing it or, or, or responding to it. And so, so that, to me, is really encouraging to see that the technology is there, to kind of help us out and remind us that, hey, yes, we should be careful about what we include in our emails. And, you know, we talked about the LMS. There’s, there’s certainly better avenues to relay that information that could be more secure than email. So that’s the nice thing about these technologies now. So

Tim Van Norman
add to that story, Ben ruin, I had almost the same thing. Not that happened to me. Somebody called me and said I was filling out a form and when I hit reply on, send it back. It was a PDF document or something, sent it back through my email, the same thing happened and rejected it saying, this has a social security number in it, so I won’t do it. And that was the first time I had heard of it. That was just this week. I don’t know if something’s new or if maybe I just hadn’t done that before or nobody told me so I just

Brent Warner
learned that our emails are being scanned from the to

Tim Van Norman
if you didn’t know that you haven’t been paying attention to Mimecast for the last

Brent Warner
half. been seeing the Mimecast? I know. Yeah, that no that is there. I just didn’t think of it in that way. So that’s really? Yeah. I mean, obviously, I’m only sending emails for work related things. So I’m not particularly concerned. But it’s, it’s also Oh, yeah, that’s what, that’s what’s going on when that’s happening.

Tim Van Norman
And, and to be honest, I don’t know if that’s district or if that’s Microsoft, because our server now is housed with Microsoft for email. And Microsoft does a lot of that stuff directly. So it may have apps, it may not have anything to do with our district, it may truly be Microsoft doing the same thing. And that for years, they’ve been blocking, if you sent an executable file in Outlook, it won’t let it go through if you you know, certain types of files, it was blocking. So that could be what’s going on there. But so as it comes to emails and stuff like that, one of the things that our department, the IT department, we’re constantly asked to change people’s passwords. Hey, I forgot my password, can you change it? One of the things that we’ve done is said we cannot do that across email, we can’t do it across chat, we have to talk to you or there needs to be a voice involved. Or you know, something, we can’t just do this over email, because they’re specific questions that we ask. And first of all, is that appropriate, and to force people to be in person show an ID, something like that. And then the other part is, if we’re going to change your password over the phone, we need to ask some information that is personally identifiable. Being that we don’t want to change Ruben Guzman’s password to four, and you not know about it. So is that does that fit and granted, if I’m doing this for you, that’s not FERPA, because that’s not a student, but it relates in the same way. We try to have the same standard for everybody in that case. Does that make sense?

Ruben Guzman
Absolutely. And I, you know, I do know from our board policy perspective that, you know, our, our IT folks have beefed up our security policies and regulations to include two factor authentication in whatever technologies we set up. And so this is working in a very similar way, when you’re saying, asking that student to, you know, call the office to validate information, absolutely nothing wrong with that. Again, FERPA is not going to say you shall do this in but I think it does, in terms of two factor authentication for technologies. So it’s just an extra safeguard. And it’s a good I think, best practice to follow that, if you’re, and we tell this to our staff all the time, because we’re constantly asked about giving student information is if, if you’re not comfortable in that students, validating who they are, ask additional questions until you feel comfortable. And if you never get to that point, then simply just don’t get the information and ask them to come in, and just do it in person instead. So we can validate that way. So, so yeah, there’s there’s certainly nothing wrong with that.

Brent Warner
Can I follow up? One of the things that I learned, actually, when I got hired at IVC, I didn’t know much about the college rules around parents and our student population, you know, the community college student, right? Oftentimes, coming right out of high school and not really feeling that life is that different, or, you know, this parents maybe aren’t, haven’t quite let go of their kids, all of these types of things. And I was like, really happy to hear that, you know, personally, cuz I’m like, oh, there’s so much other stuff I would have to deal with if I had to figure this out. But, but I think actually, Ruben, it was you that first did like a flexi presentation that I saw, and you talked about, like, what these things are and what we’re responsible for and what we shouldn’t do. Can you talk a little bit about how to deal with communication with parents or guardians? Yes.

Ruben Guzman
The nice thing about college level FERPA requirements is that we have to regard the student as the the holder of the record and not the parent. And that’s a shift from from high school where the parent is allowed to access their their child’s information. So it is a switch that that happens, and is particularly challenging with our high school students who are in dual enrollment programs, or simply take classes at the college. And we have to work to educate them at the point that they’re enrolling that, hey, once you’ve become a college student here, your records are yours, and we will not release that information to your parents without your consent. And so we We do hold to that. Yeah.

Brent Warner
So even a, even a 15 year old, the dual enrollment is when students in high school and in the college at the same time taking a college class, even if they’re 15 years old, our responsibilities to the student not to their parents,

Ruben Guzman
right? That’s correct. Now, there’s common situations for faculty, where a parent shows up, let’s say, or is on the phone with with you, and is attempting to talk with you about the students information. And in those kinds of cases, it can easily be solved by simply taking a second to either look in the direction of the student, or to get the student on the phone to say, your parent would like to find out this information about you. Do you authorize me discussing it with your parents? Chances are that students gonna have that mean, look for mom or dad, if they say no. But nonetheless, we’re getting the consent from the student in those cases. And so that’s a really easy way to to cover ourselves. If that situation comes up where the both the parent and the student are together, we would get that oftentimes in my office when I’d get parents coming in with their student. And the first thing I’d say before we even started the conversation is we’re about to talk about these topics. Student Do you mind me, sharing that information with your parents who are here as well. And even in that conversation, I was always speaking directly to the students so so that they were aware that this is their conversation. So. So I would hope that that kind of helps a lot of faculty in those kinds of situations.

Tim Van Norman
Thank you. That is very clear as well, this is exactly the conversation that’s come up a couple of times recently for me, is making absolutely sure especially in that the K 12. Well, I would not even k 12. But you know, the 1314 year old student who’s taking classes with IVC, whether it’s dual enrollment, or they’re physically on campus, and the parent is used to being able to do whatever for the student to answer questions to fill out forms, anything like that. And I have to say, timeout, you know, no, I can’t change your students password. No, student has to call and ask questions. A number of times when come somebody is calling for support, and oh, we’ve got to send them to admissions and records, I’ll flat out tell the parent, by the way, admissions and records cannot talk to you, they must talk to the students. So please make sure the student is there to have this conversation with them. for exactly that reason, so I’m glad that I’m not doing it wrong in saying hey, you know, parent of a 13 year old, you got to the student has to talk.

Ruben Guzman
Yeah, right. Exactly. And to your point earlier, regarding the the verification of personally identifiable information with a student, as long as you’re, you’re sure that you’re speaking directly with that student, and they’ve provided enough information for you to, to feel that they are in fact, the student, you’re certainly able to exchange that personally identifiable information, if it’s for what’s considered in FERPA terms, a legitimate educational interest. So if you’re helping that student to access their account, or things like that, that could be considered because you’re a school official, in that capacity, you serve to have this legitimate educational interest in helping the student. And so FERPA would would would allow those kinds of things to

Brent Warner
yeah, that’s, that’s super interesting. And I was also in my head drawing parallels between overbearing, or supportive spouse, same type of situation, I would say. And then also, in our case, you know, we deal a lot with, you know, being an ESL, right, we’ve got the beginning English learners, right, like they, they can barely get a few words out there. And it’s like, here’s all this complicated information for you. And like all these types of things. Now, we’re lucky to have a really strong multilingual support staff. Yeah, but not every single language is covered and not every situation is, is dealt with. I guess, do you have any any thoughts on like, that type of situation cuz we got a big population of language learners? Right. And so how do we ensure that we’re also doing you know their service correctly?

Ruben Guzman
Well, I yours is particularly challenging, and I can appreciate you bringing that up, Brent, what we what we would still want to ensure is that the student at least has an understanding of releasing the authorization to release information. And so in whatever effective ways you can relay that to the student, that’s really kind of the groundwork for being able to have these conversations with a third party or a translator. And so as long as you feel comfortable that the student understands that they’re authorizing us to have this conversation with the additional translator with us, then then you’ll be okay. Yeah, if it’s just, if it’s a pickup conversation where where you haven’t checked with a student, then that might be a little bit questionable thing, because you don’t have consent at that point. So,

Tim Van Norman
along those lines, and along those lines, when we were talking about the younger, younger student, I found out recently, I saw recently, the actual text that the parent has to agree to, in order for the student to become a student at IVC. And in that, it specifically states that the student gets the students information that the student has access to it, and the parent doesn’t. So yeah, it’s in there. But I know, there’s a lot of forms that get signed, and people forget a lot of things if they’ve even read it. But we do try to cover that in that forum. So

Ruben Guzman
you know, there’s also like, for universities, for example, they have policies in place that allow for an a release form to be signed for the student annually, that they put on file, where they can give permission to the parent to to ask about their information or their records, under whatever specific circumstances are on the form. And so that’s one way colleges can address dealing with parents, universities tend to do that, because parents are the ones who typically will pay for the student to the university. Most community colleges don’t do that. But they may have some kind of intermediate way, have a one time release or a sign of a release form for this particular this particular kind of content in my student record to give to my parent, we have such a form, but it’s for a one time use only. And so, so those are, those are other ways to look at being able to provide information to to a parent, again, through the authorization of the student.

Brent Warner
So one one last variation. Before we get on to our final topic. What about special needs students,

Ruben Guzman
we would still regard the student as the as the owner of their records. We do get cases, though that, that have to have legal documentation, where a parent is authorized to speak for the student. Those are very rare. I think in my 20 years, I’ve seen maybe two cases of that. But we do require and it’s also through the help of our disabled students support office, they usually will help facilitate that kind of thing with us. But it does exist, you’re right, where the student may not be able to speak on their own accord. So there’s a legal process that authorizes the parent to be the the speaker for that student. Yeah. Thank you. Uh huh.

Tim Van Norman
So, Ben, as you had 20 years, specifically at IVC, what types of mistakes do you see? Or do people admit to or not admit to, or whatever, with FERPA that maybe they wouldn’t necessarily think was a mistake? Or maybe they know it? And what do you see?

Ruben Guzman
You know, one of the most common things, I think that I would say I see is the assumption that any educational interest is a legitimate educational interest. And what I mean by that is, on occasion, we may get requests for information about students that say an advisor wants to release to a community organization that could offer scholarships, things like that. And so where the intent is really, you know, altruistic and really intended to benefit the student, we are still dealing with the release of student information. And so we could not in those cases, do this kind of thing without the consent consent of the student. And so, what we often have to do is advise faculty or advisors to, to get the consent of those students perhaps or if not, then provide the student with that information themselves and let them make the decision on whether they want to release that information to that community organization. So there’s ways to get around that you know, releasing information but doing it in a way that’s, that’s FERPA compliant.

Brent Warner
So, you know, not to end this all on the you know, this is super interesting but not ended all in the dark. cuz no, but you’ve actually said a lot of things that are like, Oh, it’s like spirit of the law, and we’re trying to do our best and all of those types of things. But what is the actual worst case scenario? Like what could what could be a really bad thing that could happen if we’re violating FERPA in a, you know, egregious way or like, you know, if you’re like, Well, that should not have happened. And these are the possible consequences.

Ruben Guzman
I think on a large scale, one thing that we all have to be aware of working at the college is that we don’t get a situation like having a bunch of student information on a laptop that gets stolen. Because then that becomes a really big situation where the students all have to be contacted in their IDs for it’s a requirement, and it’s even in our board policy. So So yeah, we want to avoid those kinds of situations where that information could be compromised. It could be stolen, because then it’s, it’s, it’s out of our hands at that point. And so we don’t ever want to get to that level of, of compromise of student information. So So yeah, that’s, that’s perhaps one of the worst, I would say. But it’s, of course, on a larger scale, on a local level, is, it’s just being sure that that I think for faculty and other employees, staff, we understand legitimate educational interest, because I’ll tell you, we had a situation at one point where a family member was accessing a student’s information, because they were employed at the college. And that’s athletic, legitimate educational interest, the the, the fact that you’re a relative of the student, is not legitimate, legitimate educational interest. And so it’s those little things like that, that I think could cause a lot of big problems later. If you’re not aware of FERPA, you know, pitfalls that could happen and doing that.

Tim Van Norman
I should say that if my son’s listening, that was not me, I- (laughter) didn’t look at your grades, or what classes you are in or anything else. That was not me! (laughter)

Ruben Guzman
Well, you know, we have we have staff in our office who from time to time, have their their children and the college students. And we just tell them look, if if, if your son or daughter, you know, need to if you need access to that information, or if there’s a reason to access that information. Let another staff member do it for you. Not you. Do not do it on your own. So…

Brent Warner
Makes some sense. And then just to kind of get that tail end question. Possible consequences like we could get sued, I would imagine that would be one possible thing. What about like accreditation with that? Is that affected by like, again, a group talking fully egregious neglect on something but but what are the concerns that we hold at that level?

Ruben Guzman
Well, in terms of that larger consequence, FERPA is really tied to the Department of Education. And so accreditation wouldn’t wouldn’t be compromised necessarily, forever, things like financial aid, and being able to provide financial aid to students at the college, that can be withheld if the college were to be in a situation so bad, and that they’ve refused or haven’t made efforts to, to resolve the situation. Those are really extreme cases. The Department of Ed really wants to work with the colleges, when situations like that arise to make sure that it’s rectified and preventable in the future.

Tim Van Norman
Ruben, thank you, you said you love to geek out and I can see that you’re gay and, and this has been great. I’d have to ask Brent, how long we’ve been on but we appreciate you coming on this has educated me like I didn’t even think it would, you know, it’s, it’s been a real pleasure having you on and talking about this. And already I can say that I’ll be passing this along to some people saying, Hey, listen to this, this will answer those questions that you had and stuff like that, because it really, you did a great job. Thank you so much for being with us.

Ruben Guzman
If those those others happen to be at other colleges, I would encourage them to check their policies with their school, as things may vary slightly from school to school. And then also, I appreciate the opportunity. Thank you for geeking out with me, and I wish your listeners a great Happy Holidays.

Brent Warner
Thank you. Thanks so much.

Tim Van Norman
Thank you for listening today. In this episode we talked about understanding FERPA with Ruben Guzman. For more information about this show, please visit our website at the higher ed tech podcast.com. There you’ll find our podcasts and links to the information we’ve covered.

Brent Warner
As always, we do want your feedback. So please go to the higher ed tech podcast.com and let us know your thoughts. If you have ideas for future shows, there’s a link over there where you can give us some of your topic ideas.

Tim Van Norman
For everyone at IVC that’s listening. If you need help with technology questions, please contact IVC tech support at extension 5696 or by emailing IVC tech@ivc.edu. If you have questions about technology in your classroom, please contact me Tim Van Norman AT T van norman@ivc.edu.

Brent Warner
And of course, if you want to reach out to me about the show, you can find me on Twitter or Instagram at @BrentGWarner.

Tim Van Norman
I’m Tim Van Norman,

Brent Warner
and I’m Brent Warner. And we hope this episode has helped you on the road from possibility to actuality. Happy New Year everybody. We’ll see you on the other side.

Tim Van Norman
Happy New Year.