FERPA Identify Verification
Policy:
FERPA regulations (34 CFR §99.30-31) require institutions of higher education to use reasonable methods to authenticate the identity of students, parents/family members, school officials, and other requesting third parties before disclosing information from a student's education record. To ensure that only appropriate individuals have access to a student’s information, FERPA requires the College to implement various forms of authentication to verify the identity of the requester.
Regardless of whether the information requested is considered less sensitive (directory information) or highly sensitive (educational records), it is best practice to use an identity management tool or, at a minimum, two types of Personally Identifiable Information (PII) to authenticate identity before student information is released. PII refers to any information that can be used to identify, contact, or locate an individual, either alone or combined with other easily accessible sources. When requesting PII, it is best practice to use the student’s directory information (which is less sensitive) to authenticate identity.
Procedure:
Account Look Up
When a caller contacts Clarkson College for assistance, the first step is to gather basic identifying information, such as name and date of birth, and locate the student account in the SIS system. This is NOT considered verifying the individual's identity. Do not share information about the student’s record at this point.
Student and Third-Party Verification Process – The process outlined below is used to verify the identity of the student or a third party who has been given prior authorization to access the student’s record from an Information Release Form signed by the student.
- Verify (Tandem Phone Verification System – identity management tool) – This is a two-factor authentication system that sends a verification code to the student or third party’s registered mobile number and asks them to confirm it during the call. Individuals with access to Verify include the Enrollment & Advising Team, the Registrar’s Office, Financial Aid, Student Accounts, and the Compliance Team.
- Ask the student for their phone number and verify this is a phone number listed in Anthology Student.
- Enter the phone number in Verify (Tandem website).
- Ask the student to verify the code that is texted to them. Enter the verification code in Verify (Tandem website).
- If the phone number on file is not current, encourage the student to update their phone number in MyCC “My Records” tab, or at the Registrar’s Office, who will need to choose another form of verification from the list below.
- Knowledge-based Authentication (KBA) - Per FERPA guidelines, Social Security Numbers (SSN) and date of birth (DOB) are not reasonable methods to verify identity. Use at least two questions from below in which the answer would only be known to the student or a third party.
- Previous course history of the student.
- Previous addresses on file for the student.
- Previous phone numbers on file for the student.
- Previous schools attended by the student (college or high school).
- If working with a parent/guardian, confirm email from parent email/emergency contact information if listed in the CRM (Reach), SIS (Student), or the student portal (MyCC).
- Callback Verification - If there is still doubt about the caller's identity, offer to call them back on their registered phone number. This ensures that the caller is contacting the College from a legitimate number associated with their account.
- Teams/Zoom Video Call - Send a Teams/Zoom link to the student or third party via email. Ask the person to join the call and show their photo ID. This option is reserved for those scenarios where there is doubt about the answers provided to the KBA questions, OR when students/third parties cannot verify any other way. Notably, this may need to be used for third parties on an older version of a Release of Information form that did not include the third-party phone number to confirm identity (e.g., parent whose cell phone number is not known).
- Documentation - If a third party (parent/guardian/other) is given information from a student’s record, it must be documented in our student information system what was disclosed and the legitimate interest the third party had in obtaining the information. Legitimate interest refers to an educational reason to know about the student’s record. If the third party identifies personal reasons for wanting this information, we need to consider if it is in the best interest of student privacy to share that information (e.g., a parent contacts the school because the student will not call them or to secretly discuss advising or enrollment decisions without the student’s knowledge/involvement). Students are entitled to this information if requested.
Academic Policies and Procedures
- Academic Honors (Policy AA-16)
- Academic Integrity (Policy SW-25)
- Academic Probation (Policy AA-20)
- Academic Related Activities and Travel Release (Policy SW-40)
- Academic Travel Abroad Release (Policy SW-11)
- Academic Year
- Acceptable Use-Personal Device
- Access to Campus Facilities (Policy SW-28)
- Admissions (Policy AD-1, AD-2, and AD-11)
- Advanced Standing Credit (Policy AA-47)
- Application and Enrollment Fee Waivers (Policy AD-4)
- Articulation Agreements
- Assessment of Student Success Skills (Policy OG-23)
- Auditing a Course (Policy AA-35)
- Background Checks and Drug Screening for Students (Policy SW-23)
- Student in Crisis (Policy SW-24)
- Bookstore Voucher (Policy SA-2)
- Business Ethics (Policy EC-21)
- Cancellation of Course (Policy AA-36)
- Change of Personal Information
- Code of Conduct (Policy SW-18)
- Collection of Delinquent Student Accounts (Policy SA-9)
- Computing (Policy IT-2)
- Conditional Acceptance and Recitation Requirements (Policy AD-11)
- Copyright (Policy IT-4)
- Course Load Requirements (Policy FA-6)
- Coursework Categories for Undergraduate Degrees
- Credit Hour Definition (Policy AA-55)
- Crime Awareness & Campus Security (Policy SW-5)
- Crime Reporting and Disclosures
- Undergraduate Deans List (Policy AA-27)
- Degree Progress Audit (Policy AA-5)
- Disbursement of Financial Aid (Policy FA-2)
- Discontinuance of an Academic Program (EC-24)
- Dismissal (Policy AA-24)
- Drug and Alcohol (Policy SW-15)
- Computing Policy (Policy IT-2)
- Email (Policy IT-1)
- Emergency Notification, Response and Evacuation (Policy SW-30)
- Emotional Support Animal (Policy SW-38)
- Equal Opportunity and Non- Discrimination (Policy SW-1)
- Family Education Rights & Privacy Act (Policy SS-9)
- FERPA Identify Verification
- Financial Aid Award (Policy FA-19)
- Financial Aid Eligibility Requirements (Policy FA-20)
- Forms Submission
- Freedom of Expression (Policy EC-22)
- Grade Change (Policy AA-37)
- Grade Point Average (Policy AA-29)
- Grade Reports
- Graduation Eligibility (Policy AA-8)
- Health and Safety Requirements (Policy SW-7)
- Help Desk (Policy IT-7)
- Identification Badge (Policy SS-10)
- Incident Reporting (Policy OG-6)
- Incomplete Grades (Policy AA-10)
- Independent Study (Policy AA-41)
- Information Security (Policy IT-11)
- Institutional Repository (Policy OG-30)
- Institutional Review of Research Involving Human Subjects (Policy OG-8)
- International Admissions & Transcripts (Policy AD-2)
- Interprofessional Education, Intercultural Development Inventory (IDI), and Service (AA-54)
- Issuing Timely Warnings (Policy SW-32)
- Last Date of Attendance (Policy AA-63)
- Law Enforcement on Campus (Policy SW-33)
- Leave of Absence (Policy AA-30)
- Letter Grades and Quality Points (Policy AA-6)
- Liability Insurance (Policy SW-12)
- Library Collection Development (Policy OG-29)
- Media (Policy OG-12)
- Missing Student (Policy SW-34)
- Non-Smoking (Policy SW-16)
- Online Education
- Organizational Governance-Policy Guidelines (OG-15)
- Petition for a Course Offering
- Student Petition for Reconsideration (Policy SW-22)
- Privacy (Policy IT-3)
- Professional Judgment (Policy FA-17)
- Program Completion (Policy AA-17)
- Progression (Policy AA-2)
- Public Address System (Policy OG-3)
- Public Complaint (Policy EC-20)
- Readmission (Policy AD-10)
- Registration/Add a Course (Policy AA-32)
- Reporting Criminal Offenses (Policy SW-36)
- Credit Hour Residency Requirement (Policy AA-28)
- Records Retention (Policy EC-2)
- Satisfactory Academic Progress for Financial Aid Eligibility (FA-21)
- Security Awareness Programs (Policy SW-37)
- Service Animal (Policy SW-39)
- Sexual Misconduct (Policy SW-27)
- Social Media (Policy OG-28)
- State Authorization
- Statement of Financial Responsibility (Policy SA-12)
- Student Accommodations (Policy SW-2)
- Student Classifications & Status
- Student Emergency Fund
- Student Grievance (Policy SW-14)
- Student Location & Disclosures for Professional Licensure or Certification Disclosure (Policy OG-33)
- Student Parking (Policy SS-1)
- Teach-Out (Policy AA-64)
- Transcripts
- Transfer Credit (Policy AA-52)
- Tuition and Fees Payment Plan (Policy SA-10)
- Tuition Refund (Policy SA-6)
- Undergraduate Class Standing (Policy AA-38)
- Weather-Related School Closing (Policy OG-4)
- Withdrawal From Course Grade (Policy AA-3)
