The Family Educational Rights and Privacy Act (FERPA)

What is FERPA?

FERPA is the Family Education Right and Privacy Act.  It is a federal law that protects and affords the student’s right to their education records.  Under FERPA, student’s education records can only be released to individuals outside of the university with the student’s explicit consent.  This includes providing student information to parents. 

Students have the following rights and guarantees under FERPA, except where pertinent laws apply. The forms for requests to access these rights are located on the Registrar’s Office website, under the Academic Forms.

  • Right to Consent to Disclosure to control release of their student records, excluding specific exceptions under FERPA.
  • Right to Restrict Directory Information to control the release of student records, excluding specific exceptions under FERPA
  • Right to Inspect and Review their education record, except where relevant laws or regulations apply.
  • Right to Request Amendment for correction to their student records
  • Right to Request a Hearing when the request to amend the record is denied
  • To be notified of their rights under FERPA annually *
  • To file a complaint with the FERPA office in Washington, D.C.

*FERPA Student Privacy Rights Annual Notification (PDF)

 

CPP students may grant their parents and/or other individuals' access to their education records by completing the FERPA Authorize to Release via their BroncoDirect Student Center and indicating the type of records that may be released to them within the indicated ed timeframe.  Click here to view the How to Complete a FERPA Authorize to Release (PDF) for instructions.

 

For purposes of compliance with FERPA, CPP considers all students independent. Questions about FERPA and student records may be directed to the Registrar's Office at registrar@cpp.edu or contact 909-869-3000.

FERPA for Students


FERPA protects students who are currently attending or who have attended the institution; it does not extend those rights to applicants who apply for admission, but who never actually enroll in the institution. Upon enrollment, however, the application for admission and related materials, are automatically protected by FERPA. FERPA rights continue after a student has graduated or otherwise left the institution.

The educational records is any student information that is maintain by the University, which can be in paper or digital format, or system file.  The education record includes but is not limited to:

  • Personal information such as a student's identification number, picture, or other information that would make it easy to identify or locate a student
  • Parent(s) and/or guardian contact information
  • Grades, test scores, courses taken, academic specializations and activities, and official letters regarding a student's status in school
  • Special education records
  • Disciplinary records
  • Documentation of attendance, schools attended, courses taken, awards conferred, and degrees earned.

 

Education records do not include alumni records, medical/psychological records, non-student employment records, law enforcement records, and sole possession records.

FERPA defines "directory information" as information contained in the education records of a student that would not generally be considered harmful or an invasion of privacy if disclosed.  Typically, "directory information" includes information such as name, address, telephone listing, date and place of birth, participation in officially recognized activities and sports, and dates of attendance. As a FERPA exception, the University may disclose "directory information" to third parties without student consent.             

Cal Poly ÐÇ¿Õ´«Ã½ has designated the following to be classified as Directory Information:

  • Student's Name
  • Major field of study
  • Participation in officially recognized sports/activities
  • Weight and height of athletic team members
  • Dates of attendance
  • Full or part time status
  • Degrees and awards received
  • E-mail address
  • Most recent or previous college/university/agency attended
  • CPP will not disclose any personally identifiable educational records without the student’s consent, unless the records are directory information.  However, there are certain circumstances that the student’s education record may be required to disclose without student’s consent.  Please visit the Registrar’s Office website for more information.

 

For more information on FERPA, please view  the policy on the catalog, contact the Registrar’s office at registrar@cpp.edu or call us at (909) 869-3000.

FERPA for Parents


FERPA protects students who are currently attending or who have attended the institution; it does not extend those rights to applicants who apply for admission, but who never actually enroll in the institution. Upon enrollment, however, the application for admission and related materials, are automatically protected by FERPA. FERPA rights continue after a student has graduated or otherwise left the institution.

Parents involvement is important to a student’s education success. Many parents are accustomed to having unencumbered access to over your student’s education records. However, when your student turns 18 and/or enters college, rights related to those education records transfer to students. This means that parents will not be able to access education records on students including grade reports, transcripts, class and/ or academic performance, etc. Student must provide explicit consent for a parent to have access to their educational records. Parents should discuss with their student on granting access to the students information, before calling the University on behalf of the student. The University may also disclose some information to the parents in specific cases, such as if there’s an imminent danger of harm to self or others, or if a student under the age of 21 violates a university policy as in the case of underage drinking or drug abuse.

Education records is any student information that is maintain by the University, which can be in paper or digital format, or system file.  The education record includes but is not limited to:

  • Personal information such as a student's identification number, picture, or other information that would make it easy to identify or locate a student.
  • Parent(s) and/or guardian contact information;
  • Grades, test scores, courses taken, academic specializations and activities, and official letters regarding a student's status in school;
  • Special education records;
  • Disciplinary records;
  • Documentation of attendance, schools attended, courses taken, awards conferred, and degrees earned.

 

Education records do not include alumni records, medical/psychological records, non-student employment records, law enforcement records, and sole possession records.

FERPA defines "directory information" as information contained in the education records of a student that would not generally be considered harmful or an invasion of privacy if disclosed.  Typically, "directory information" includes information such as name, address, telephone listing, date and place of birth, participation in officially recognized activities and sports, and dates of attendance. As a FERPA exception, the University may disclose "directory information" to third parties without student consent.             

Cal Poly ÐÇ¿Õ´«Ã½ has designated the following to be classified as Directory Information:

  • Student's Name
  • Major field of study
  • Participation in officially recognized sports/activities
  • Weight and height of athletic team members
  • Dates of attendance
  • Full or part time status
  • Degrees and awards received
  • E-mail address
  • Most recent or previous college/university/agency attended
  • CPP will not disclose any personally identifiable educational records without the student’s consent, unless the records are directory information.  However, there are certain circumstances that the student’s education record may be required to disclose without student’s consent.  Please visit the Registrar’s Office website for more information.

 

For more information on FERPA, please view  the policy on the catalog, contact the Registrar’s office at registrar@cpp.edu or call us at (909) 869-3000.

FERPA FAQs


1. Who can access my academic records?

Generally, only:

  • You (the student)
  • University officials with a legitimate educational interest
  • Individuals you authorize in writing
  • Certain parties allowed under specific FERPA exceptions

Parents, guardians, spouses, or others do not automatically have access.

2. Can my parents see my grades if they pay tuition?

No.

Payment of tuition does not grant access to your academic records. Under federal FERPA law (34 CFR Part 99) and CPP policy, access requires either:

  • Your written FERPA authorization, or
  • Verification of a FERPA-permitted exception (such as documented dependency under IRS rules, as determined by the university).

3. Does my age matter?

No.

Once you attend a postsecondary institution like CPP, FERPA rights transfer to you — even if you are under 18 years old.

4. Can I just give verbal permission for someone to access my records?

No.

FERPA requires written, signed, and dated consent that specifies:

  • What information may be released
  • To whom
  • For what purpose

University employees cannot rely on verbal permission.  Click here to view the How to Complete a FERPA Authorize to Release (PDF) for instructions.

5. Is it okay to share my CPP login with my parents?

No.

You should not share access to:

  • MyCPP or BroncoDirect
  • Canvas
  • CPP email
  • Any university system requiring authentication

Sharing credentials may:

  • Violate university IT security policies
  • Create academic integrity concerns
  • Result in student conduct review
  • Compromise your personal and financial information

You are responsible for activity conducted under your account.

6. Can faculty or staff “make an exception” for my family?

No.

CPP employees are legally required to follow:

  • Federal FERPA regulations
  • CSU policy
  • CPP institutional privacy standards

They cannot override federal privacy law.

7. What happens if I accidentally share someone else’s student information?

Sharing another student’s protected information (such as grades or student ID numbers) may:

  • Violate FERPA
  • Violate the Student Code of Conduct
  • Trigger review under CPP’s Data Incident Response Procedure

If you believe a privacy issue occurred, contact the Registrar’s Office at registrar@cpp.edu immediately.

1. Can I access my student’s grades or academic records?

No — not without your student’s written consent.

Under the Family Educational Rights and Privacy Act (FERPA) (34 CFR Part 99), once a student enrolls in a postsecondary institution, the rights to access education records transfer to the student — regardless of age.

At Cal Poly ÐÇ¿Õ´«Ã½, this means:

  • Parents do not automatically have access to:
    • Grades
    • Transcripts
    • Class schedules
    • Academic standing
    • Financial or enrollment records

If your student would like you to have access, they must provide written FERPA consent through the appropriate university process.

2. My student is under 18. Does that make a difference?

No. Age does not determine FERPA rights at the college level.

Once a student attends a postsecondary institution (like CPP), FERPA rights transfer to the student — even if the student is under 18.

3. Can I log in using my student’s username and password?

No. Parents should not use a student’s login credentials.

This includes accessing:

  • MyCPP or BroncoDirect (student portal)
  • Canvas (learning management system)
  • CPP student email
  • Any university system requiring student login

Using a student’s credentials may:

  • Violate university IT security policies
  • Create academic integrity concerns
  • Result in student conduct or security review

Even if your student shares their password with you, university systems are intended for student use only.

4. If my student gives me permission verbally, is that enough?

No. Consent must meet FERPA requirements.

FERPA requires written, signed, and dated consent that clearly specifies:

  • What information may be disclosed
  • The purpose of disclosure
  • Who may receive the information

Without proper documentation, university employees cannot release protected information.

5. Can I ask faculty or staff to “make an exception”?

No. University employees are legally required to follow FERPA.

Faculty and staff:

  • Cannot override federal privacy law
  • Cannot “bend the rules”
  • Cannot disclose protected student information without proper authorization

CPP employees are required to comply with:

  • Federal FERPA regulations
  • CSU policy
  • CPP institutional privacy standards

6. What if I am paying for tuition?

FERPA protections apply regardless of who pays tuition. Payment responsibility does not automatically grant access to academic records.

7. How can I stay involved in my student’s success?

We encourage families to:

  • Communicate regularly with your student
  • Encourage your student to contact faculty, advisors, or support services directly
  • Discuss whether your student would like to complete a FERPA authorization form
Supporting students in managing their own academic responsibilities is an important part of their transition to college.

1. Can a parent who is not listed as a FERPA-authorized individual be part of a conversation with a student?

Answer: Yes, as long as the student is present and actively participating in the conversation, a parent may be included—such as on speakerphone during a call, CC’d on an email the student sends, or accompanying the student in person. However, FERPA-protected information should not be shared directly with the parent unless the student has submitted written consent or the parent is officially designated as a FERPA-authorized contact.

2. Is it a FERPA violation to use candid student photos on social media?

Answer: It can be. FERPA protects identifiable student information, which may include photos if a student can be recognized and the image is linked to their student records (e.g., tagging a student name, referencing academic performance, or a class context). To remain compliant, obtain student consent before posting identifiable photos on social media, or ensure the image does not reveal any educational context.

3. What kinds of third parties might receive a student’s 'directory information' without consent?

Answer: Under FERPA, the University may release directory information without student consent to certain third parties, including:

  • to comply with a judicial order or a lawfully issued subpoena
  • to appropriate parties in a health or safety emergency
  • to officials of another school, upon request, in which a student seeks or intends to enroll
  • in connection with a student’s request for or receipt of financial aid, as necessary to determine the eligibility, amount, or conditions of the financial aid, or to enforce the terms and conditions of the aid
  • to certain officials of the U.S. Department of Education, the Comptroller General, to state and local educational authorities in connection with certain state or federally supported education programs
  • to accrediting organizations to carry out their functions
  • to parents of an eligible student if the student is a dependent for IRS tax purposes.
  • to organizations conducting certain studies for or on behalf of CPP
  • the results of an institutional disciplinary proceeding against the alleged perpetrator of a crime of violence may be released to the alleged victim of that crime with respect to that crime

* Students may opt out of directory information sharing by submitting a formal request.

4. Why is a student's name and email considered 'directory information' if it could be used to identify or locate someone?

Answer: FERPA allows institutions to define certain information—like a student’s name and email address—as directory information, which can be shared without consent unless the student has opted out. This classification supports basic campus communication, academic recognition, and operational needs. However, students who are concerned about privacy may request to restrict the release of their directory information through the Registrar’s Office.

Additional Information


Campus employees may only access information for which they have a "legitimate educational interest". These individuals have responsibilities with campus academic, administrative, or service areas whose functions depend on accessing students' education records. Faculty and staff who do not have a legitimate educational need are entitled only to directory information. Before providing any non-directory information to any individual, all employees have an absolute duty to ensure that the nature and/or purpose for obtaining information fall within the scope of legitimate educational interest. When in doubt, deny access to the information and refer the individual to the Registrar's Office.