Watercolor World Map

Retired and Former AACRAO Members

Connect to the world of higher education

With AACRAO membership you'll be connected to more than 11,000 members from institutions around the world. Facilitate your professional development by attending discounted meetings, gaining complimentary subscriptions to our College & University journal and more.

Why should you join? Development never ends, retired or not. Keep current on trends in the field by collaborating with our members and lending your voice to discussions about practices in the field. 

Annual Membership Price: $142


Develop Professionally

Retired Members - Professional Development

Professional Competencies

Keep up to date on skills areas like technical knowledge and professional development and contributions to the field. We have the tools for you.

Online Learning

From free webinars to self-paced on-demand learning, AACRAO's online learning covers a variety of subjects—technology, strategic enrollment management, admissions, FERPA, transfer, credential evaluation, and international education—and allow you to engage with the presenters and instructors.

Take the next step in your career

Maybe you want to reenter the workforce or change the trajectory of your career--AACRAO's Career Navigator is a wealth of job postings and resources for you. 

Gain Recognition

Retired Members - Gain Recognition

Get Published

AACRAO's professional journals College & University and SEM Quarterly are always accepting articles and have a wide circulation base.

Research Opportunities

Leverage the expertise of our over 11,000 members and contribute to one of the premier sources of practice related research within the global higher education community. 

Join a committee

Do work you're passionate about, with support and mentoring from fellow members. From Caucuses to specialized topics, it's all one community. 


AACRAO's bi-weekly professional development e-newsletter

Ask the FERPA Professor

May 16, 2022, 09:09 AM
legacy id :
Summary : The FERPA Professor answers questions regarding outsourcing and third-party contractors.
Url :

Dear FERPA Professor, 

We’ve run into a situation that I’m sure is common but isn’t thought about much by schools. 

We have made Company A a school official for student advising software. We pass along education record information to Company A, and they provide web software that our advisors use. Everything there is good from a FERPA perspective. We were approached to turn on a function in the advising software that essentially “tracks” messages/emails that are sent through that system to see if a student opens the message/email. Company A has contracted with Company B for them to provide this service. Company A provides access to email subject, sender email, and recipient email, which would be classified as education data because it is collected/maintained by Company A and is identifiable to a student.

We do not have any school official contract with Company B, and Company A does not collect consent from students to release this information to Company B (and we do not collect consent either).

It appears that they are essentially redisclosing information to Company B without the written consent of the student and Company B doesn’t appear to meet the school's official requirement either since we don’t have a contract with them. When asked about this, the company responded with:

Company B operates as a sub-processor for Company A to provide the Company A service and only has access to the minimum amount of information required to provide the Services. As such, the same disclosure given to students about their data in Company A’s Software would cover to Company B.

Is such a disclosure by Company A to Company B permissible? If so, it seems like a contract school official could delegate duties to as many sub-contractors as they’d like without the institution ever knowing and therefore losing control of the data?

Mr. Teal

Dear Mr. Teal,

Educational institutions are required, under the outsourcing provisions in the "school official" exception in FERPA, to exercise “direct control” with respect to the use and maintenance of those outsourced education records. See § 99.31(a)(1)(i)(B) of the FERPA regulations. This should be done at the time the contract is entered into with Company A, rather than after the fact. However, at this point, the appropriate course of action would be for the University to go back and add language to the contract with Company A that sets out the limits on Company B's maintenance and use of the records.

I hope this is helpful in answering your questions. You can find the above-cited regulation on page 159 of the 2012 AACRAO FERPA Guide.

The FERPA Professor

Categories :
  • FERPA Training & Review
Tags :
  • FERPA Professor
cartoon figure reminiscent of Einstein stands in front of a chalkboard with the board "FERPA" written on it
Related people

Build Connections

Retired Members - Build Connections

Attend a event

Our meetings, workshops, and international institutes are designed instruct, educate and foster collaboration between professionals and institutions. Connect with old friends and register for one today.

Learn More

Member Only Benefits


AACRAO's weekly e-newsletter delivering policy and industry news

Member Login Required

Questions? Contact us at membership@aacrao.org or (202) 355-1040