One of the hottest topics in academia lately is "FERPA". This is an acronym which you will see in lots of communications from the Experiential Programs Office and in various other University and College publications. "FERPA" stands for Family Educational Rights and Privacy Act of 1974. Clearly this is no new-comer having been passed 27 years ago. Recently, however, it is getting more play because of some violations and the penalties associated with those. This is the law of the land and must be observed by every member of the educational system from the President of the University to the caretakers. Somewhere in there will fall the remote faculty, the volunteer faculty and the preceptors and instructors involved in Experiential Education.
At the heart of this law is the definition of "Educational Records". Put simply, it is any record having to do with a student made in respect to that student's education. This is broad enough to include just about everything. The most obvious are transcripts, examinations, grades, papers, and those sorts of obvious things. It also includes less obvious records such as student files maintained by student services.
FERPA is important not just because it is law, but because the violations of FERPA, are enforced by the threat of loss of all federal funding to the institution which is in violation. That's the "hammer" applied to this particular law. And, just because it has not yet happened to Purdue, doesn't mean that we can rest easy and continue with "business as usual". It only takes one disgruntled (and harmed) student to cause the statute to kick in. All of us must be diligent in releasing information without the student's permission - preferably in writing.
Note please that FERPA includes both rights and privacy. The rights are invoked for the parents or legal guardians of students who are under the age of majority (in Indiana that is 18 years old). Those parents and legal guardians must be granted access to virtually all educational records. Only in rare and special cases can that access be denied. The rare case would be one such as a completely personal record kept by a faculty member which is not shared with any other person. The special cases include certain records of physicians and psychologists and police agencies. Even those must ordinarily be available to parents, guardians, and of course, students. Students who are over the age of majority fall into the second part - the privacy part. Even the parents cannot see most educational records of their children unless they jump through several statutory "hoops", including a showing of dependency (in the tax sense).
So, the other half of that is the privacy part. The educational records, described briefly above, are considered to be confidential. We cannot post grades which link to students. We cannot give the test paper of one student (with a grade on it) to another student even if that person is a spouse. There is the statutory mandate of an expectation of privacy of those records. The student ID number (usually the social security number, but not always) must not be released. We can all imagine a situation in which a record contains the student's name and ID number as well as the parent's names. Using the mother's name and public records on marriage certificates, the intruder could have all the elements needed to steal a person's identity - name, SSN, mother's maiden name. Not a good situation. All records generated in an experience site are included in the expectation of confidentiality.
Verbally transferring information is equally protected. There can absolutely not be any discussion of the performance or evaluation of a student with another student. While comparisons may seem to stimulate activity - those are forbidden. Giving information which leads to the location of a student to a non-program person is not allowed. Persons who want to contact students should leave their name and number which is forwarded to the student so that the student can make the decision to contact or not contact the caller. You can release certain information - it is commonly called "directory information" - easy to identify because it is the kind of information you do find in a phone directory. If you have more than one student, evaluations should be done separately. It is perfectly acceptable to talk to two or more students together, as long as evaluation and grading does not enter into the conversation. That is confidential information.
If this seems like over kill - it probably is. But given the nature of the law, it seems better to err on the side of over reaction. Students have both an ethical and legal expectation of being able to see their own records and have those records protected from unwanted intrusion. We all need to work to achieve statutory compliance. When in doubt - don't release it. Any questions about FERPA can be directed to your instructor.