Ask the FERPA Professor

Dear FERPA Professor,

We are intending to enter into a contract with a well-known vendor for services including degree and enrollment verifications. During the demonstration, the salesperson stated that they have agreements with entities that have an account with them that allow those account holders to verify enrollment using student SSN as an identifier. The salesperson assured us that this has been their process for some time and that this is the way this is handled for the numerous institutions they serve. I am writing to ask if we would be in compliance with FERPA if we were to implement these features.

Thank you,

Kay Oss


Dear Kay,

I am not sure where the vendor representative came up with the information given to you but, absent the signed consent of the student, institutions are prohibited from using student SSN to locate or identify the student for purposes of confirming directory information items.  This is because confirming the information also confirms the SSN as belonging to that student, and this is specifically prohibited under FERPA.  See §99.37(e) of the FERPA regulations for details. You can find this language on page 167 of the 2012 AACRAO FERPA GuideIt is also important to remember that when dealing with vendors, the institution is responsible for its vendor’s actions.  This is why it is important for those individuals at the institution with particular knowledge of FERPA (usually the registrar and general counsel) to review all contracts to ensure that the vendor's actions are not going to put the institution at risk of a FERPA violation.

I hope that this is helpful in responding to your vendor inquiry.


The FERPA Professor

Please check out our Ask the FERPA Professor archives for more insight from the professor.

Learn about AACRAO's new FERPA Online Training Compliance Program.

Want the Professor to come to your campus? Visit our FERPA compliance training page.

Send your questions for the FERPA Professor to