FERPA for Students

CSULB complies with the Family Educational Rights and Privacy Act of 1974 (FERPA) which affords students certain rights with respect to their education records. The Family Educational Rights and Privacy Act (FERPA) also known as the “Buckley Amendment,” was established to protect the privacy of students. The primary rights of students under FERPA include:

  • The right to inspect and review educational records.
  • The right to seek to amend educational records.
  • The right to have some control over the disclosure of information from educational records.

The purpose of the Student Records Procedures is to ensure that the campus community is aware of, and complies with, the Family Educational Rights and Privacy regulations (FERPA), Statute: 20 U.S.C. 1232g; Regulations: 34 C.F.R. Part 99.

Last Updated:  May 25, 2018

Online Privacy Notice

California State University, Long Beach respects your privacy and is committed to protecting it to the extent possible, subject to applicable state and federal law, through our compliance with our privacy policies and this Privacy Notice.

This Notice applies to the information that we collect when you visit the CSULB main website and other websites that we own or control, and on which we have linked or referred to this Notice (together, the “Sites”).  This Notice describes how this information is collected, processed, maintained, protected, and disclosed.  Unless otherwise indicated on a specific Site, the California State University is the data controller for all information collected under this Notice.  Contact information for the CSU is listed at the end of this Notice.

This Notice does not apply to information collected from or about current or former employees, contractors, volunteers, and other workers at CSULB as part of their employment or working relationship with CSULB.

Except as specifically described, our Sites are operated in accordance with the laws of the United States.  Please read this Notice carefully to understand our policies and practices regarding your information and how we will treat it.  This Notice reflects the University’s current practices and may change from time to time, so please check the Notice periodically for updates.

Personal Information we collect and process:

In this Notice, “personal information” means any information that identifies or describes an individual user of the Sites, including, but not limited to, the user’s name, social security number, physical description, address, telephone number, education, financial matters, medical or employment history, password, email address, and information that reveals any network location or identity.   If you are located in the European Economic Area (EEA), “personal information” includes all personal data as defined under EEA laws (including “sensitive personal information” which is provided enhanced protections under those laws).

We collect personal information about users only as allowed by law and limit the collection of personal information to what is relevant and necessary to accomplish a lawful purpose of the University.  We collect personal information (and sensitive personal information) that you send to the CSU, or permit us to obtain from third parties, for purposes relevant to CSU operations in pursuit of our academic mission.  Examples include information needed for student admission (including financial aid information), employment, housing and dining services, online educational programs, research, health services, donor relations, visa application processing, event registration, parking services, IT usage and support services, library usage, bookstore operations, and website account registrations.  Our legal basis for processing most of this information is to perform a task in the public interest or in fulfillment of CSU official functions, including those set out in the California Education Code and/or Title V of the California Code of Regulations, or under applicable federal law.  Other legal bases for processing information include processing necessary for contract (e.g., to process parking permit payments), for legitimate interests (e.g., to send requested information) or consent (e.g., to process certain sensitive personal information). 

User-Provided Information:  You may be required to provide personal information to access or use certain parts of our Sites, or features of our Sites or services, including without limitation, when you apply for or enroll at one of our campuses or programs, subscribe to a newsletter or email list, make a purchase or donation, fill out a form, participate in any of our programs, special events or promotions, contact us with a comment, question or complaint, etc.  If you do not provide the requested personal information, you may not be able to access or use the features of our Sites or service where such information is requested. 

Depending upon the nature of the transaction, the personal information that you may provide may include: contact information (name, home or mailing address, telephone number, social media username/handle, mobile phone and/or email address, etc.); academic area or interest; financial information (financial aid application history, payment history, social security number, passport number, credit card number, donation attribution and amount, etc.);  health record information (medical record number), allergies, past medical history, family history, current medications, current medical conditions) demographic information (age, birthdate, marital status, income, etc.); and profile information (admissions date, graduation date, alumni status, student identification number, username, password, relationship to the University, etc.).

Emails and Social Media Sites:  If you correspond with us by email, mail or via social media, we may retain the content of your communication or social media posting, the email or social media account address from which it is sent, and our response.  We collect information automatically using technology when you visit our Sites or social media pages or when you open one of our emails as described in this Notice.

The specific personal information (and sensitive personal information) we collect, why we collect it, and our legal basis for processing it, is periodically reassessed in applicable data process flow assessments or Data Protection Impact Assessments, as relevant.

It is the policy of the California State University to limit the collection and safeguard the privacy of personal information collected or maintained by the University. The University’s information management practices conform to the requirements of the Information Practices Act of 1977 (Civil Code Section 1798, et seq.), the Public Records Act (California Government Code Section 6250, et seq.), California Government Code Section 11015.5, the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99), and other applicable laws pertaining to information privacy.  In the event of a conflict between this Notice and the Public Records Act, the Information Practices Act, FERPA, or other law governing the disclosure of University records, the applicable law will control.

Any information acquired by the University through the Sites is subject to the limitations set forth in the Information Practices Act.  The University will not distribute or share electronically collected personal information (as defined in subdivision (d) of California Government Code Section 11015.5) about users to any third party without the permission of the user, except in narrow circumstances set forth in this Notice.  The University will not sell any electronically collected personal information to any third party.  Such electronically-collected personal information is exempt from requests made pursuant to the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1).

How we use the information we collect:

We use information that we collect about you or that you provide to us, including any personal information:

  • To provide you with information that you request from us.
  • To process application, registration and enrollment requests when you apply, register or enroll for our campuses, events, programs or services, or otherwise administer your participation in our events, programs or services, including (without limitation) study abroad and distance learning, financial aid, housing and dining.
  • To collect and process donations, gifts and donor information.
  • To process service requests from students, staff, faculty, and other members of the campus community, including the facilitation of parking permit and identification card requests.
  • To process registration for sports, cultural, educational, and other university events.
  • To respond to your questions, requests, comments or complaints and determine your satisfaction with our events, programs and services.
  •   To operate, maintain, and provide to you the features, services, and functionality of the Sites and its contents, and to monitor and improve our site and the user experience.
  • To provide information about our University and send you related information including brochures and other University materials, campus and CSU news, academic notices, updates, security alerts, special offers, confirmations, and support and administrative messages.
  • To notify you about changes to our Sites or any services we offer or provide through it.
  • To compare and review your personal information for errors, omissions and accuracy.
  • To prevent, detect or investigate any fraudulent, abusive or illegal act.
  • To allow you to participate in interactive features on our Sites.
  • In any other way we may describe when you provide the information.
  • For any other purpose with your consent.

We may also use your personal information for operational and other lawful purposes such as security, analytics, operations, fraud detection and prevention, reporting, making back-ups and legal compliance.

We use cookies, clear gifs, and log file information to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the Sites; (b) monitor the effectiveness of our Sites and services; (c) monitor aggregate metrics such as the total number of visitors and traffic; (d) diagnose or fix technology problems reported by our users or engineers that are associated with the IP addresses controlled by a specific web company or ISP; and (e) help you efficiently access information.

At the time we collect personal information, we strive to tell users about the purpose for which the information is collected as well as the general or specific uses that we will make of that information. 

International transfer of personal information:  Personal information provided to us by users outside of the United States may be transferred to other countries such as the United States, where data protection laws may differ from those of your home country.  By providing us with your information, you acknowledge that your personal information may be transferred to the United States and processed on servers within the United States.  However, all reasonable steps will be taken to protect your privacy in accordance with applicable data protection laws.

User Content:  Any personal information or content you voluntarily disclose for posting to the Sites (for instance, any content you post) (“User Content”) becomes available to the public via the Sites.  User Content includes, but is not limited to, comments, photos, videos, etc.  If you remove User Content, copies may remain viewable in cached and archived pages or if other users have copied or stored your User Content.

We reserve the right to monitor the User Content you post on the Sites and to remove any User Content for any reason or no reason including, without limitation, if in our sole opinion, such material violates, or may violate, any applicable law, or to protect or defend our rights or those of any third party.  We also reserve the right to remove User Content upon the request of any third party.

Cookie Policy

Cookies Information:  When you visit the Sites, we may send one or more cookies – a small text file containing a string of alphanumeric characters – to your computer that uniquely identifies your browser and lets us help you log in faster and enhance your navigation through the Sites.  A cookie does not collect personal information about you.  We use both session cookies and persistent cookies.  A persistent cookie remains on your hard drive after you close your browser.  Persistent cookies may be used by your browser on subsequent visits to the Sites.  Persistent cookies can be removed by following your web browser’s directions.  A session cookie is temporary and disappears after you close your browser.  You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent.  However, some features of the Sites or services may not function properly if the ability to accept cookies is disabled. 

Google Analytics:  We use a tool called “Google Analytics,” a web analytics service provided by Google, Inc. to collect information about use of the Sites.  Google Analytics collects information such as how often users visit our Sites, what pages are visited, and what other sites were visited prior to coming to our Sites.  We use the information we get from Google Analytics only to improve the Sites.  Google Analytics collects only the IP address assigned to you on the date you visit the Sites, rather than your name or other identifying information.  Google Analytics will also collect contextual information, such as type of web browser, type of operating system, browser resolution, and network location, however

we do not combine the information collected through the use of Google Analytics with personally identifiable information.  Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit the Sites, the cookie cannot be used by anyone but Google.  Google’ s ability to use and share information collected by Google Analytics about your visits to the Sites is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to the Sites by disabling cookies on your browser, however, please note that if you do this you may not be able to use the full functionality of the Sites.

Log File Information:  Log file information is automatically reported by your browser each time you access a web page.  When you register with or view our Sites, our servers automatically record certain information that your web browser sends whenever you visit any website.  These server logs may include information such as your web request, Internet Protocol addresses or other device identifiers, browser information, Internet Service Provider, operating system, location, date/time stamp, clickstream data, referring/exit pages and URLs, domain names, landing pages, pages viewed, and other such information.

Clear Gifs Information:  When you use the Sites, we may employ clear gifs (also known as web beacons) which are used to track the online usage patterns of our users anonymously.  No personal information is collected using these clear gifs.  In addition, we may also use clear gifs in HTML-based emails sent to our users to track which emails are opened by recipients. 

California Do Not Track Disclosures

California Business & Professions Code Section 22575(b) (as amended effective January 1, 2014) provides that California residents are entitled to know how a website operator responds to “Do Not Track” (DNT) browser settings.  DNT is a feature offered by some browsers which, when enabled, sends a signal to websites to request that your browsing is not tracked, such as by third party ad networks, social networks and analytic companies.  We do not engage in the collection of personally identifiable information about users’ online activities over time and across third party websites when an individual uses our Sites and therefore do not respond to DNT signals.

How we share your information:

We share your information internally at the CSU to facilitate and manage the purposes listed above, including with third parties whom the University engages to process your personal information on our behalf for the purposes stated above (such as vendors who help the University with our marketing, application processing, financial aid or payment processing, education management, and web hosting).  The University may also share your personal data with government and law enforcement agencies or regulators (1) to comply with a legal process, subpoena, order or other legal or regulatory requirement applicable to us; (2) to enforce our terms of use or other policies; or (3) to pursue available legal remedies or defend against legal claims.  We may also share your personal information with a third party as requested by you if permitted by this and other University policies and applicable laws and regulations.  We will not distribute or share any electronically collected personal information (as defined in subdivision (d) of California Government Code section 11015.5) about users to any third party without prior written permission from the user except in narrow circumstances involving possible violations of Section 502 of the Penal Code or as authorized under law (including but not limited to the Information Practices Act), or to assist another state agency or public law enforcement organization in any case where the security of a network operated by a state agency has been, or is suspected of having been, breached.

We fully cooperate with law enforcement agencies in identifying those who use our Sites or services for illegal activities.  We may report to law enforcement agencies any activities that we in good faith believe to be unlawful.  Release of your personal information for security purposes, as described in this Notice to any person or entity, including, without limitation, in connection with any government investigation or litigation, shall be based on a determination made solely by us, as permitted by law or, for those not in the EEA, exercising our discretion for which you expressly grant permission to us in accordance with this Notice.

How we protect your information:

We take reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your personal information against loss, unauthorized access, and illegal use or disclosure.  Such personal information is stored by the University in secure locations and University staff is trained on procedures for the management of personal information, including limitations on the release of information. Access to personal information is limited to those members of the University’s staff whose work requires such access.  Confidential information is destroyed according to the University’s records retention schedule.  The University conducts periodic reviews to ensure that proper information management policies and procedures are understood and followed. 

The security of your personal information is important to us, but please remember that no method of transmission over the Internet or method of electronic storage is 100% secure.  While we strive to use commercially reasonable means to protect your personal information, we cannot ensure or warrant the absolute security of any information you transmit to the Sites, and you do so at your own risk.  Once we receive your transmission of information, we make commercially reasonable efforts to ensure the security of our systems.  However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.  While we strive to protect your personal information and privacy, we cannot guarantee the security of any information you disclose online.

We encourage all individuals to use appropriate safeguards to secure their computers and the information on those computers.  For additional information on online privacy and security, please see the University’s policies and procedures related to Information Security; you may also consult with the California Attorney General’s Privacy Enforcement and Protection website.

In the event that personal information is compromised as a result of a breach of security, we will promptly investigate and notify those persons whose personal information has been compromised in accordance with the notification procedures set forth in the CSU Information Security Policy, or as otherwise required by applicable law.

Links to Other Websites

We are not responsible for the practices employed by websites linked to or from our Sites nor the information or content contained in them, and we make no warranty, either express or implied, concerning the content of any such site, including the accuracy, completeness, reliability, or suitability of them for any particular purpose, nor do we warrant that any such site or content is free from any claims of copyright, trademark, or other infringement of the rights of third parties, or that any such site or content is devoid of viruses or other contamination.  We may provide links to other websites to you solely as a convenience, and the inclusion of linked sites does not imply endorsement by the University or CSU of any of the linked sites.  Please remember that when you use a link to go from our Sites to another website, our Notice is no longer in effect.  Your browsing and interaction on any other website, including those that have a link on our Sites, is subject to that website’s own rules and policies.  Please read over those rules and policies before proceeding.  We do not ensure the security of your personal information if you visit websites not belonging to CSU, nor are we the data controller for any information collected on those sites unless we specifically state so.  We further reserve the right to terminate a link to a third party site at any time.

Access and choice:

We comply with all applicable regulations regarding data retention and deletion of personal data and retain personal information only for as long as necessary to fulfill the purpose for which it was collected (including for college operations), for strategic planning, and to comply with applicable laws and retention requirements.  You can ask to review, update or make changes to the personal information we maintain about you, or exercise your option of having your personal information discarded without reuse or distribution, by sending a written request to the postal or email address set out below.  We may take a reasonable period of time to respond.  If you request the deactivation or change of information on our system, such information may be retained in our backup systems for a period of time subject to technology restrictions, or as a precaution against systems failures.  Some information may be retained for longer periods as required by law, contract or auditing requirements or as otherwise described in this Notice.

You have the option to decline providing information about yourself online and may use other methods, such as U.S. mail, to respond to requests for information or to communicate with us.  You may use the contact information listed below to ask about additional alternatives to providing or obtaining information through use of our Sites.

By providing us your email address, you consent to our use of your email address to send you Site and service-related notices, including any notices required by law, in lieu of communication by postal mail.  We may also use your email address to send you other messages, including, but not limited to, newsletters, information on campus activities, programs and events, legal updates, changes to features of our Sites or services, or other account information.  Where required by law, we will obtain your consent before sending you specific types of email or other communications.

You can choose not to receive such emails from us by “unsubscribing” using the instructions in any email you receive from us, or by sending a written request to the postal or email address set out below.  It may take up to thirty (30) business days for us to process your request. This will not stop us from sending emails about your account or your transactions with us, or any other service-related email.  Opting out does not affect our communications with you via telephone or mail nor does it affect our use of your non-personally identifiable information as described in this Notice.

EEA Data Subject Rights

If you are an individual located in the EEA only, you have certain rights with regard to your personal data collected while you are in the EEA.  These rights may include right of access, right of correction, right to be forgotten, right to restrict processing of your identifiable personal information, right to notice related to changes/deletion/processing limits, right to data portability, right to objection, right not to be subject to decisions based solely on automated processing, and right to withdraw consent.  Some of these rights are restricted by law to information that was collected on the basis of explicit consent, or are restricted by other conditions (such as necessity for contract or to comply with the law).  You have the right to contact us in connection with the exercise of your rights under applicable EEA law, which you can do through the contact information below, or by sending an email to privacy@calstate.edu.  We will respond to your written request without unreasonable delay and in accordance with any deadlines imposed by law.  Unless we notify you at the time of your request, we will not charge you any fee in connection with the exercise of your rights.  If you are not satisfied with our response, you have the right to complain to or seek advice from a supervisory authority and/or bring a claim against us in any court of competent jurisdiction.

Changes to Our Privacy Notice

We reserve the right to modify this Notice at any time.  It is our policy to provide notifications, whether such notifications are required by law or are for other operational purposes, to you via email notice, written or hard copy notice, or through conspicuous posting of such notice on our Sites page, as determined by the University in its sole discretion.  We reserve the right to determine the form and means of providing notifications to you, provided that you may opt out of certain means of notification as described in this Notice.  You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Sites and this Notice to check for any changes. 

For changes to our Privacy Notice, it is our policy to post any changes we make on this page.  The date the Notice was last revised is identified at the top of the page.  We will provide notice on the Sites, or at www.csulb.edu/student-records/ferpa-students prior to the effective date of any change.  Your continued use of the Sites after any change in this Notice will constitute your acceptance of such change.

Contact Us

If you have questions about this Notice or the practices of our Sites, you may contact us using one of the following methods:

Students who wish to view the contents of their Educational Records must contact the appropriate unit custodian (in person or by phone) to make an appointment to view these records. Access to inspect educational records normally shall be granted to the student no later than 15 working days following the date of request from the student. If the records the student wishes to view are under the control of various Unit Custodians, the student must make individual requests to each Unit Custodian (See section on Types, Locations, and Custodians of Records). The responsible department Unit Custodian will meet with the student during normal business hours, at the scheduled appointment time and place. The original records may not leave the office where the records are maintained.

The following limitations exist on the right to inspect and review records:

  • No review of a record containing information about another student
  • No review of a record containing information about the student’s parents, e.g., financial records
  • No review of a record containing confidential letters or confidential statements of recommendation placed in the education record of the student before January 1, 1975
  • No review of a record containing confidential letters or confidential statements of recommendation placed in the education record of the student after January 1, 1975, if the student has waived his or her right to inspect and review those letters and statements
  • No review of a record connected with a student’s admission application, if that application was denied

Students have the right to request amendment of the education records that the student believes are inaccurate, misleading, or in violation of privacy rights. Students should direct any such requests to the university official responsible for the record, clearly identify the part of the record they want changed, and specify why it is inaccurate, misleading, or in violation of privacy rights. If the university denies such a request, the student will be notified of the decision and advised of his/her right to a hearing regarding the request for amendment.

Following are the procedures for the correction of records:

  1. A student must make a written request to amend a record that he or she feels is inaccurate, misleading, or in violation of their rights of privacy.  This request should be submitted on the “Student Challenge on Content/Accuracy” form, available in the Office of Student Conduct and Ethical Development. In so doing, the student should identify the part of the record to be amended and specify
  2. why the student believes it is inaccurate, misleading or in violation of his or her rights of privacy.
  3. This challenge shall be presented to the Unit Custodian where the records in question are maintained or, if not known, to the Director of Student Conduct and Ethical Development.
  4. The Unit Custodian will, within 15 working days after the request has been received, make a final determination to comply with the request to amend the record or decide not to comply.
  5. If the campus decides to amend the record, the information in the record shall be corrected or removed or destroyed as determined by the University and the student shall be notified of the decision in writing.
  6. If the campus decides not to amend the record, the student shall be advised, in writing, of the decision and the right to a formal hearing.
  7. Upon receiving a written request for a hearing, the Department Chairperson or Department Director will arrange for a hearing, and notify the student, reasonably in advance, of the date, place, and time of the hearing.
  8. Once a formal request for hearing has been received, the directives outlined in the document “Hearing Procedures for Challenge or Access to Educational Records” shall become immediately effective.
  9. The Hearing Officer will prepare a written recommendation based solely on the evidence presented at the hearing. The recommendation will include a summary of the evidence presented and the reasons for the decision.
  10. If the University decides that the information is inaccurate, misleading, or in violation of the student’s right of privacy, it will amend the record and notify the student, in writing, that the record has been amended.
  11. If the University decides that the challenged information is not inaccurate, misleading, or in violation of the student’s right of privacy, it will notify the student that he or she has a right to place in the record a statement commenting on the challenged information and/or a statement setting forth reasons for disagreeing with the decision.
  12. The statement will be maintained as part of the student’s education record as long as the contested record is maintained. This statement will be disclosed whenever the Records Custodian discloses the portion of the record to which the statement relates.

Students have the right to consent to disclosure of personally identifiable information contained in education records, except to the extent that privacy settings authorizes disclosure without consent. For example, one exception permits disclosure to school officials with legitimate educational interests.

A school official is a person employed by the university in an administrative, supervisory, academic, research or support staff position (including law enforcement unit personnel and health staff); a person or company with whom the university has contracted (such as an attorney, auditor, or collection agent); a person serving on the Board of Trustees; or a student serving on an official committee, such as a disciplinary or grievance committee, or assisting another school official in performing his or her tasks. A school official has a legitimate educational interest if the official needs to review an education record in order to fulfill his or her professional responsibility.

Each Unit Custodian will maintain a record of all requests for access to and each disclosure of personally identifiable information from a student’s education records. This record must be kept with the education records of the student as long as the records are maintained. The record must include:

  1. The name of the party making the request,
  2. The legitimate interest the party had in requesting or obtaining the information, and
  3. Any additional party to whom the records may be re-disclosed and the legitimate interests under which each of the additional parties had in requesting or obtaining this information. Any such additional party must provide those records within 30 days of a request by CSULB. For its part, CSULB must list in each student’s record the names of the state, federal, or local agencies that may make further disclosures and must accommodate parent or student requests to review student’s record of disclosures.

Additional third parties that receive subpoenas or court orders are responsible for notifying the students subject to those subpoenas. If a third-party recipient does not provide the notification required, CSULB is not allowed to grant access to education records to that third party for at least five years.

If you believe there has been a FERPA violation, you may email Beach Central to connect with a CSULB representative for support.

Students have the right to file a complaint with the United States Department of Education concerning alleged failures by the University to comply with the requirements of FERPA. Learn more via the Protecting Student Privacy (via U.S. Dept. of Education).

Students may access the complaint form online and e-mail it to the Student Privacy Policy Office (SPPO) at FERPA.Complaints@ed.gov or send it to the following address:

U.S. Department of Education
Student Privacy Policy Office
400 Maryland Ave, SW
Washington, DC 20202-8520

Students are advised that notwithstanding the above, CSULB has designated certain information contained in the education records of its students as "Directory Information" for purposes of privacy settings.

Directory Information may include, but is not limited to, information such as:

  • Student's name,
  • Address (see below for conditions)
  • Telephone number (see below for conditions)
  • Date of Birth
  • College of Enrollment
  • Year in School
  • Major field of study
  • Grade Level
  • Enrollment Status (including current enrollment, dates of attendance, full-time/part-time, withdrawn)
  • Degrees, honors and awards received
  • Email address (see below for conditions)
  • Participation in officially recognized activities and sports
  • Weight and height of Athletic teams
  • Photographs (including ID pictures)
  • Videos depicting and/or concerning university life
  • Previous educational institutions attended 

Addresses, telephone numbers and email addresses for currently enrolled students will be released to CSULB personnel and units solely for the purpose of conducting legitimate University business. They may not be shared with individuals or organizations outside the University except in accordance with the provisions immediately below:

Addresses, telephone numbers and email addresses may be released for non-commercial use by individuals or organizations outside the University provided the requests for such information have been reviewed and approved by the appropriate University personnel. Requests from the academic offices of accredited educational institutions shall be reviewed by the Provost and Senior Vice President for Academic Affairs or designee. All other requests shall be reviewed by the Vice President for Student Services or designee. FERPA allows CSULB to make students’ electronic identifiers and e-mail addresses available within the institution but not release them to the general public as directory information.

Otherwise, the University may disclose any of the items designated above without prior written consent, unless the student provides a request that certain information not be released (non-disclosure). Requests for non-disclosure may be made directly by the student online through My.CSULB.edu. If the student does not have access to the Internet, their request for non-disclosure must be requested on the “Authorization to Withhold Student Information” form, available in the Office of Enrollment Services. If the request is not removed before the student leaves or graduates from CSULB,at the point of graduation or at the time the student leaves CSULB, this non-disclosure restriction will normally remain indefinitely or until written notification is received asking that the restriction be removed.

Specifying items as directory information allows the University to disclose this information without prior written consent. It does not require that the University release the information except under court direction. Any requests for directory information will be directed to the Office of Enrollment Services. Each request for release of directory information will be reviewed. Any requests for access to non-directory information from academic or administrative offices of the University, or offices allied to the University, such as the Alumni Association, who have a legitimate educational interest in utilizing the information, will be directed to the Office of Enrollment Services.

In addition to the above, The Director of Athletics may provide information concerning participation of students in athletic events, including the height and weight of athletes. The University will also respond to requests for information regarding the employment status of students serving as Teaching Associates (TA’s), Graduate Assistants (GA’s), or Instructional Student Assistants (ISA’s) and the departments that employ them.

NOTE: CSULB has designated student ID numbers as directory information only for the purpose of displaying the ID number on a student’s ID card as the ID card is not the sole method of obtaining access to the student’s education records and is used with other credible identifiers.


FERPA allows you to restrict the release of certain personal or “directory” information. Please note that if you restrict your information, CSULB and the National Student Clearinghouse will be unable to release your degree and enrollment information for purposes such as verification

You may make restrictions using  MyCSULB Student Center

  1. In the “Personal Information” section, select "Privacy Settings."
  2. You will see the “Edit FERPA/Directory Restrictions” page and can restrict any or all of the defined categories or select individual items.
  3. Select the respective button for each category or select the checkboxes for individual items.

You may release restrictions by selecting the “Release All Restrictions” button;“Release All” within a category; or by deselecting the checkbox to remove an individual restriction.

In some circumstances, students may need a third party (such as a parent or guardian) to discuss their educational record with university staff.

Students may grant third party permission to discuss class schedule, grades, financial aid award details, and/or student financial services (tuition and billing) information with respective university staff. 

View the instruction guide for FERPA Information Release.


The Federal Family Educational Rights and Privacy Act allows CSULB to release "directory information" about current and former students to other people, organizations, and agencies (see the CSULB Catalog). Effective Fall 2003, CSULB designates the following items authorized by FERPA as Directory Information:

  • Student's name
  • Address and Telephone number (see below for conditions)
  • Major field of study
  • Dates of attendance, grade level, and enrollment status
  • Degrees, honors and awards received
  • E-mail address

Addresses and telephone numbers for currently enrolled students will be released to CSULB personnel and units solely for the purpose of conducting legitimate University business. They may not be shared with individuals or organizations outside the University except in accordance with the following provisions. Addresses and telephone numbers may be released for non-commercial use by individuals or organizations outside the University provided the requests for such information have been reviewed and approved by the appropriate University personnel. Requests from the academic offices of accredited educational institutions shall be reviewed by the Provost and Senior Vice President for Academic Affairs or designee. All other requests shall be reviewed by the Vice President for Student Services or designee.

In addition to the above, the Director of Athletics may provide information concerning participation of students in athletic events, including the height and weight of athletes. The University will also respond to requests for information regarding the employment status of students serving as Teaching Associates (TAs), Graduate Assistants (GAs), or Instructional Student Assistants (ISAs) and the departments that employ them. CSULB is also required by law to release specific information for U.S. military recruiting purposes and to comply with the USA Patriot Act of 2001.

FERPA regulations have expanded the circumstances under which the education record and personally identifiable information contained in such records-including the social security number, grades, and other private information may be accessed without student consent. A request for disclosure is not required in the following:

  • CSULB may allow access to student records and personally identifiable information to any third party designated by a Federal or State Authority to evaluate a federal-or state-supported education program. The evaluation may relate to any program that is principally engaged in the provision of education, such as early childhood education and job training, as well as any program that is administered by an education agency or institution
  • CSULB may allow access to the information above to researchers performing certain types of studies, in certain cases even when we object to or do not request such research. CSULB must obtain certain use-restriction and data security promises from the entities that we authorize to receive this information but CSULB need not maintain direct control over such entities.
  • In connection with Statewide Longitudinal Data Systems, CSULB may collect, compile, permanently retain, and share students’ education records and may track students’ participation in education and other programs by linking such to other personal information about students obtained from other Federal or State data sources, including workforce development, unemployment insurance, child welfare, juvenile justice, military service, and migrant student records systems.

  • A student’s education record may be received from or disclosed to officials of another institution of postsecondary education without the consent of the student—not only when the student seeks or intends to enroll, but also after the student is already enrolled , so long as the disclosure is for purposes related to the student’s enrollment or transfer.
  • Any student records or information, including health records and information about disciplinary proceedings, that could have been disclosed when the student was seeking or intending to enroll, may be exchanged between CSULB and another institution without the student’s consent.
  • These regulations apply to any institution that a student previously attended, not just the institution that the student attended most recently.

CSULB will not permit third-party access to non-directory, personally identifiable information contained in a student’s educational record without the written consent of the student, except under the following circumstances permitted under FERPA:

  • To CSULB officials who have a legitimate educational interest in the records (as defined under the Definitions Section of this document)
  • To officials of another school, upon request, in which a student seeks to enroll or is enrolled
  • To certain officials of the U.S. Department of Education, the Comptroller General, and state and local educational authorities, in connection with audit or evaluation of certain state or federally supported education programs
  • In connection with a student’s request for or receipt of financial aid to determine the eligibility, amount, or conditions of the financial aid, or to enforce the terms and conditions of the aid
  • To state and local officials or authorities if specifically required by a state law that was adopted before November 19, 1974
  • To organizations conducting certain studies for or on behalf of the university
  • To accrediting organizations to carry out their functions
  • The discretionary release to parents of an eligible student who is claimed as a dependent for income tax purposes
  • To comply with a federal or California judicial order or lawfully issued subpoena
  • To appropriate parties in a health or safety emergency
    • A CSULB campus-wide health and safety emergency can be declared by the President, the Vice President for Student Services, the Vice President for Administration and Finance, or the Chief of Police; the authorization and recording of education-record releases during declared emergencies are the responsibilities of the Associate Vice President for Enrollment Services
    • CSULB may take into account the totality of the circumstances pertaining to a threat to the safety or health of students or other individuals in making a determination concerning disclosures of student records
    • CSULB may disclose personally identifiable information from an education record to appropriate parties, including parents of an eligible student, if knowledge of the information is necessary to protect the health or safety of the student or other individuals.
    • If there is a rational basis for the determination concerning disclosure of student records, DOE’s Family Policy Compliance Office will not substitute its judgment for that of CSULB leadership in evaluating the circumstances and making its determination
  • To individuals requesting directory information designated by the University
  • The discretionary release by the university of the results of any disciplinary proceeding conducted by the university against and alleged perpetrator of a crime of violence to the alleged victim of that crime
  • To U.S. military recruiters pursuant to 32 CFR 216 (Solomon Amendment)
  • The discretionary release to a parent or legal guardian regarding a student’s violation of any law or university rule or policy governing the use or possession of alcohol or a control substance if the student is under 21 years old and has committed a disciplinary violation (1988 HEA Amendments)
  • To comply with the U.S.A Patriot Act of 2001, under ex parte court orders for relevant investigations and prosecutions of specified crimes or acts of terrorism
  • To comply with other federal legislation passed subsequent to FERPA, including but not limited to the Student Right to Know Act and the Taxpayer Relief Act
  • To comply with State and local authorities, within a juvenile justice system, pursuant to specific State law
  • To comply with Federal and State data collection use.

The student may request copies of pages contained within the education record. No processing fees apply. Requests for copies of an official CSULB academic transcript are not part of this record access process. Official copies of CSULB academic transcripts are available through the normal transcript request process and for the regular transcript processing fees. Information is available from the Office of Enrollment Services.

Although the student retains the right to inspect his or her records, CSULB is not normally required under FERPA to provide copies of documents contained in the education record. Therefore, CSULB may deny copies of records if the student has an unpaid financial obligation to the University.

The “Unit Custodian” is the person who possesses the records or is in charge of the office that possesses the records. It is the Unit Custodian’s responsibility to ensure proper access control and to handle, store, and dispose of the records as appropriate.

The following is a list of the major types and locations of Records that the University maintains and the unit custodian for their respective type of records:

Custodian of Records
TypesLocationUnit Custodian
Academic Advising RecordsAcademic Advising CentersDirectors
Academic Department / Program RecordsCollege Office / Individual DepartmentsAssociate Dean / Dept. Chair or designee
Administrative Computing RecordsInformation Technology 
Brotman Hall, Room 188
Admissions and Academic Records
(e.g., applications, transcripts, transfer work, class schedule, degree audit, probation or disqualification, petitions, etc.)
Enrollment Services 
Brotman Hall, Room 123
Assistant Vice President,  Enrollment Services (or designee)
Alumni RecordsAlumni Office 
Foundation Bldg., Room 324
Student Disciplinary RecordsOffice of Student Conduct & Ethical Development
USU, Room 224
Educational Equity Services 
Advising Records
E.E.S. Office LA1, Room 104Director
Employment RecordsStaff Personnel Office 
Brotman Hall, Room 335
Extension RecordsCollege of Professional and Continuing Education (CPaCE)
Foundation Bldg., 104
Associate Dean
Financial Aid RecordsEnrollment Services 
Brotman Hall, Room 123
Housing RecordsHousing & Residential Life 
Earl Warren Drive
ID Card RecordsID Card Office 
SW side of University Bookstore
I.D. Card Manager
LibraryLibrary WestDean
Occasional (e.g., correspondence in office not listed above or below)Student will be directed to the appropriate location for inspection and review of information.University staff person who maintains this occasional record.
Student Campus Organizational RecordsStudent Life and Development 
USU, Room 215
Student Health RecordsStudent Health CenterDirector
Student Payroll RecordsPayroll Office 
Brotman Hall, Room 353
Teacher Educational Placement RecordsCredential Processing Ctr. ED1-042Director


Students who are hired on campus in Student Assistant roles at CSULB are required to complete FERPA Compliance training as part of their data security clearance. When you are hired as a Student Assistant, be sure to complete the following:

  1. Student Assistant PeopleSoft Student Administration System Security Authorization Form (DocuSign initiated by your supervisor)
  2. Student Assistant Student Administration System Confidentiality Agreement (DocuSign)
  3. Watch the FERPA Compliance Training video and submit quiz results (link in video description) confirming your FERPA training has been completed.