Nov. 17, 2023

     I write to update you on an important privacy policy that affects how we hold and release student information.  This policy addresses undergraduate student files maintained by both Princeton’s residential colleges and its academic departments.  (For the purposes of this policy, the student file held in a student’s residential college during a student’s enrollment, and thereafter in the archives, is considered the student’s official file.)

     These personally identifiable education records must be handled in a secure, confidential, and consistent manner, one governed largely by the Family Educational Rights and Privacy Act (FERPA).  Please bear with me as I outline the University’s FERPA policy and the practices that allow us to conform to its dictates.  Do read carefully.

     FERPA is a federal statute enacted in 1974 that protects the privacy of personally identifiable education records and controls the circumstances under which such records may be disclosed.  It also provides students with a right to review their education records.

     “Education records” include files, documents, and other materials (whether in physical or electronic format) that contain information directly related to or personally identifying a student and that are maintained by the University, whether in the central administrative offices, residential colleges, or in a department.

     Certain types of information are not considered “education records” under FERPA, including:  (i) records made by University personnel, including administrators and faculty, which are in the sole possession of the person who made the records; (ii) records maintained by law enforcement that are used solely for law enforcement purposes; (iii) medical and counseling records that are used solely for treatment; and (iv) alumni records and records relating to students who did not enroll at Princeton University.

     Faculty members and University officials who have a legitimate educational interest in a student’s education record may be permitted to review it.  Access to student records through legitimate educational interest is defined as a necessary condition to conduct work for or to fulfill a professional responsibility on behalf of the University.  A University official is a person employed by the institution in an administrative, supervisory, academic, or research or support staff position; a person or company with whom the University has contracted (such as an attorney, auditor, or consultant); a person serving on the Board of Trustees; or a student serving on an official committee, such as a disciplinary or grievance committee, or assisting another University official in performing tasks.

     Any request—even from a University official—to use student information for administrative reporting, research, or to support business applications requires review and authorization beyond the standard “legitimate educational interest” policy.  Such requests should be directed to the Office of the Registrar.

     The disclosure of information to those outside the University regarding current and former students collected during their enrollment is generally prohibited.  But FERPA does allow for the public disclosure of certain “directory information,” provided that the student has not expressly requested that some or all directory information be restricted.  The Office of the Registrar maintains the official University record of undergraduate students who have submitted this type of request.

     The University considers the following to be information that may be shared with the general public unless the student requests a FERPA hold:

  • Name
  • Telephone number
  • E-mail address
  • Photo
  • Dates of attendance
  • Major field of study
  • Degrees and awards
  • Academic institution attended immediately prior to Princeton University
  • Participation in officially recognized activities, organizations and athletic teams
  • Weight and height of members of athletic teams

     The University has decided to keep confidential (or internal) additional data elements, although they are identified by FERPA as being available for public disclosure.  The following elements must be treated as confidential, consistent with the University’s Information Security Policy:

•    Date of birth

•    Place of birth

•    Addresses

•    Student identification numbers

•    Student job assignments and locations

     University policy dictates that student address information should not be disclosed to third parties in the absence of a compelling reason.

     If you are in doubt about whether a request for student address information from an individual, organization, or business outside the University is appropriate, please contact Claire Fowler, Senior Associate Dean of the College; Elizabeth Colagiuri, Deputy Dean of the College; or Emily Shandley, Registrar.

     Under certain conditions, you may disclose other personally identifiable information, beyond the items mentioned above, as “directory information.”  For instance, information concerning financial aid and other financial matters; evidence of academic or non-academic disciplinary matters; details of academic progress, grades, etc.—normally treated as confidential—may be revealed to certain third parties identified in the statute (for example, government officials), or be revealed when those third parties present a formal release signed by the student.  When such a release is presented, a copy should be placed in the student’s file to indicate that the disclosure of information was properly authorized.

     Additionally, an education record may be released to appropriate parties in connection with an emergency if the information is necessary to protect the health or safety of the student or others.  In all cases, the basis for the disclosure and the parties to whom the information was disclosed must be recorded in the student’s file.

     By law, the University is required to make student education records available to the student (or a properly authorized representative) for inspection within 45 days of the request.  These requests are managed by the Office of the Dean of the College.

     The student must submit a request to see their file in writing.  Prior to a student’s arrival, a staff member reviews the file to make sure that confidential material is removed (for instance, letters of recommendation to which the student has waived their right of inspection).

     While reviewing their education records, the College permits the student to take notes, request copies of documents (though normally not of the entire file), and place an explanatory note, letter, or memo into the file.  Students may not remove anything from the records.

     Staff members of academic departments should familiarize themselves with the University’s Information Security Policy, as well as the University’s FERPA Statement, published annually in Rights, Rules, Responsibilities under the heading “Student Privacy Rights under Federal Law” (Section 2.7).  Questions about FERPA should be directed to the Office of the General Counsel.

     I so appreciate your adherence to this complex but important set of policies and procedures.

     Don’t hesitate to reach out if you have questions or concerns.