FERPA Do's and Don'ts

This list is a subset of the full "FERPA Basics:  What Faculty and Staff Need to Know" page.  A printable (.pdf) copy of this list is available here.

 DO

    DON’T

  • Do use the University’s Learning Management System, Isidore system or self-service Banner (via Porches) to post grades
  • Do use a sealed envelope if you need to send out student information
  • Do obtain a signed release form from a student before releasing records to someone who’s requested that student’s records
  • If you have a good-faith belief that a health or safety emergency exists, then do release records necessary to deal with that emergency situation
  • Do use a student’s udayton.edu email address for correspondence you need to send to that student
  • Do use your udayton.edu email address for correspondence you need to send out in your role for the University (other systems may not be as secure as ours)
  • Do protect your log-in password
  • If someone calls you requesting educational record information, do go through steps to verify that the person on the phone is who the person claims to be (i.e., the student him/herself, or someone the student has authorized to have access to such information)
  • Do keep your computer locked when you’re not in your office
  • Do set your handheld devices (including smartphones and tablets) to automatically lock when not in use for a period of time
  • Don’t use systems other than the University’s Learning Management System, Isidore or self-service Banner to post students’ grades
  • Don’t post grades by SSN or student ID number either physically (e.g., printed sheet on office door) or electronically (e.g., website that you maintain)
  • Don’t send out student information on a postcard
  • Don’t discuss a student’s information in such a way that others might overhear
  • Don’t send grade information or other student details to a student at an email address you don’t recognize to be theirs (the safest way is to use a student’s udayton.edu address)
  • Don’t release information about a student by phone or email without first confirming the identity of the recipient
  • Don’t leave student information where it could be seen or accessed by others
  • Don’t leave student papers or tests in a pile for students to sort through to pick theirs up
  • Don’t dispose of student records in ordinary trash
  • Don’t access Banner to find out information about a student for reasons unrelated to your University duties
  • Don’t share your UD password (not even with student employees)
  • If your child is a student at UD, don’t use your University resources/access to look up your child’s records unless you have your child’s consent
  • Don’t leave your computer or handheld device unlocked when you’re away from them


This list is meant to assist you in dealing with the most common issues that arise under FERPA. If you have questions that this guidance does not answer, please feel free to contact the Registrar’s Office (9-4141) or the Office of Legal Affairs (9-4333) for further assistance.