Privacy and FERPA
FERPA and Campus Privacy Practices
Confidentiality of information is a top priority at Augustana. This emphasis on protecting information is to comply with the Federal Educational Rights and Privacy Act (FERPA) and to protect student and employee privacy through our own institutional policies. Protected information addressed by law and our policies applies not only to currently enrolled students, but also to in-coming first-year and transfer students, former students, graduates, alumni and Augustana employees. The college-specific policies as they relate to the federal law (FERPA) and directory information is in the student handbook. At Augustana, a "student" is defined as a student on the first day of classes during their first term of enrollment.
Many employees will come into contact with protected and private information in the course of their job duties. Some of these records include grades, transcripts, test scores, evaluations, resumes, letters of recommendation, salary offers or ranges, financial information, billing records, as well as personal notes and messages to or about students or employees. Access to such records does not permit the employee to release that information to anyone else without written consent of the student (see below for release of records). Although every effort will be made to limit such contact, it is inevitable. While not prohibited, faculty are strongly discouraged from emailing grades to students or discussing grades via email. Faculty are encouraged to use the secure Moodle LMS platform to post and communicate graded work for students.
Files or other materials containing protected information may be accessed by an employee only when the duties of their job require it during the course of official college business. New employees will be trained within their office or department by a qualified staff member regarding what information may be accessed, what if any information may be provided to third parties and what information may not be shared. In addition, as a condition of employment, all employees are required to take an on-line privacy training at the time they are hired and then once every three years.
Each release of records to any third party requires an original written signature included in the request or secure login authentication through a college-provided Arches account. We do not accept electronic or proxy signatures.
Privacy Training for Employees
Employees are required to complete FERPA training on a periodic basis which is coordinated through the Office of Human Resources for both new and continuing employees. This training reviews both federal regulations as well as the Augustana policy. Questions about the training or complying with our policy should be directed to the Dean of Students.
Student employees should complete the training through CORE.
Privacy Waiver and Release of Records Information for Students
A privacy waiver is not a right to act on an individual's behalf. A privacy waiver never permits a third party direct access to Arches, Moodle, Starfish or other campus software programs and never permits the third party to request a release of records for the student or access or Parchment, our transcript vendor. The privacy waiver may be signed by a student with a wet signature at any time. E-signatures and proxy signatures are not accepted. Augustana requires our institutional form be completed and does not accept or honor any third party forms (e.g. Mama Bear, Jotform, LegalZoom, RocketLawyer, or any other vendors who supply online forms). Once a form is completed and submitted (hard copies only) by the student (a third party may not submit the form), the signature on the form requires validation which may take additional time. The signed form will be kept on file in the student's permanent record in the Office of the Registrar and the data collected on the form will be entered and stored in the Colleague database with the parameters of the release and the pass code. Validating a signature is authentic may take additional time if the form is not signed in the presence of a FERPA-trained employee and therefore may not be entered into the system until proper checks have been completed.
In most cases, when a third party (including parents) contact a campus office, even when a privacy waiver is on file, the student will be contacted directly about the communication first. This is a courtesy extended to our students and helps the student better understand how their privacy is protected under federal law, as well as be sure the student remains at the center of all communications about their educational record.
The Augustana privacy waiver does not grant a third party unlimited access to a student record and does not mean the college will send communications automatically to any third party. Communication of grade reports, transcripts and other protected information housed in our educational record systems (Arches, Starfish, Moodle, Handshake, Public Safety and Police, as well as Library, Housing and Dining software, etc.) remains the responsibility of the student. Further, it does not grant the third party the ability to release the student record. Third party access without a release is only granted under a power of attorney explicitly stating access to educational records or through a lawfully issued subpoena. College legal counsel will be involved in all subpoenas.
The waiver allows the designated college employee and/or office the ability to communicate with a third party if the college determines it is appropriate and in the best educational interests of the student. The FERPA law explicitly notes this waiver MAY provide access to records, it does not indicate the college MUST release or provide information about a student record. Under no circumstances does the college email individual student grade reports to third parties. A legal release of the student grade record (transcript) requires a legal release each time. At Augustana, this release may happen by a transcript request made through secure login to Arches by current students (no charge) or alumni (small fee) or by visiting the Office of the Registrar in Founders Hall to complete a form in person (hard copy forms require a fee). See Transcripts for fees, policies and procedures.
We discourage individual faculty from communicating directly with parents or third parties. The responsibility for communicating information about individual grades in Moodle or progress on assignments to third parties rests with the student. If a third party has a concern about a student and a privacy waiver has been completed, we encourage that individual to work with the Dean of Students Office and Academic Affairs to coordinate communication about the concern.
Any student who is represented by legal counsel must also complete a privacy waiver to authorize the College's general counsel to engage in conversation regarding the student with their legal counsel. Any communication related to pending litigation or other legal matters must involve the College's general counsel.
The privacy waiver may also be rescinded by the student at anytime. For more detailed information on the federal law please visit the governmental FERPA website, FERPA Guide for Parents and the Student Handbook for college policies on FERPA.
Release of Records for Former Students and Graduates
As a matter of routine practice, the college would not expect to continue to communicate with third parties, including parents of graduates and former students. Individuals who have earned a degree or left the college would be expected to communicate directly with campus to learn about their educational records and then share that information with others at their own discretion. A new privacy release form would be expected for adults after they leave the institution. A privacy waiver is not a right to act on an individual's behalf. A privacy waiver never permits a third party direct access to Arches, Moodle, Starfish or other campus software programs and never permits the third party to request a release of records for the student or access or Parchment, our transcript vendor. Illegal access to these platforms or records may result in a case of fraud being reported or a security breach being investigated.