Re: FERPA and Student Computing Accounts

[Bob Bayn <bob.bayn () USU EDU>]

Our policy is "Nope".  Passwords are a credential identifying an individual, not a part of the student's academic 
record.  Nobody gets passwords except the password owner.  With an authorization, we'll tell a parent what's in their 
student's record, even show it to them, but we don't facilitate parents impersonating students on our system.  On the 
other hand, we have lots of students who interrupt their studies for a two year stint of religious volunteer work and I 
wouldn't bet against the possibility that some of those students give their passwords to their parents to facilitate 
registration in advance of their return to school.


Bob Bayn     (435)797-2396     Security Team coordinator
"IT will NEVER ask for your password via email, honest!"
Office of Information Technology at Utah State University
________________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Plesco, Todd 
[tplesco () CHAPMAN EDU]
Sent: Thursday, April 30, 2009 5:12 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] FERPA and Student Computing Accounts

If a student has signed an “Authorization to Release Student Information” to a parent, what are your policies 
concerning the disclosure of a student’s login & password to allow that parent access to that student’s electronic 
student records or other accounts?

Todd A. Plesco  CISM, CBCP
Chapman University, Director of Information Security
One University Drive, Orange, CA 92866
Phone: (714) 744-7979/Fax: (714) 744-7041