Advertisement

July 28, 2014

U.S. Department of Education Amends its FERPA Regulations to Allow for Certain Additional Student Disclosures

The United States Department of Education (DOE) has completed its administrative procedures and has enacted new regulations that amend current regulations enforcing the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. section 1232g. These new regulations, which are effective on January 3, 2012, allow for greater disclosures of personal and directory student identifying information and regulate student IDs and e-mail addresses, among other issues. The new regulations are found at 34 CFR, Part 99, sections 99.3, 99.31, 99.5, 99.6 and 99.37. Colleges and universities need to quickly consider the impact of these new regulations upon their current student privacy policies and existing notices. Failure to do so may result in complaints and DOE enforcement proceedings.

FERPA

FERPA is a longstanding federal statute which provides that a parent or eligible student, if over the age of 18, has a right to inspect and review the student's education records and to have them amended and withdrawn, under certain circumstances. FERPA is applicable to all public K-12 school districts and virtually all post secondary institutions, as they receive federal funds under programs administered by the DOE. FERPA generally prohibits the disclosure of personally identifying information (PII) contained in "education records," without aparent's or student's written consent, to certain third parties. There are a number of statutory exceptions for emergency medical and health reasons and for law enforcement activities, among others. PII includes a student's name, social security number, parents' names, family addresses, birth dates, place of birth, a parent's maiden name, and any other data that make a student's identity easily traceable.

FERPA makes a distinction between PII and "directory information." DOE regulations allow for the disclosure of directory information, without needing a student's or parent's consent, unless the parent or student has opted out of such disclosure. A school subject to FERPA must provide a written notice to parents or students setting forth its disclosure policies concerning directory information with the procedures for opting out and contesting the student's education records.

The New Regulations

A. Directory Information and Student IDs

The new regulations clarify that an institution may, under certain circumstances, designate and disclose student ID numbers, or other unique personal identifiers, as directory information to be displayed on a student’s ID card or badge as long as the ID card is not the sole method of obtaining access to the student’s education records and is used with other credible identifiers. The regulations also provide that a parent or student may not opt out of the disclosure of such directory information.

The DOE left it up to the schools to determine what specifically should be included on a student ID. It also stated that FERPA does not require schools to force students to wear IDs. With regulations enacted in 2008, institutions may use directory information to access online electronic systems and to allow a school to require a student to disclose his/her name, identifying information and institutional e-mail address in and out of class. The DOE further clarified that an institution need not make directory information available on student IDs, but may do so if it so chooses.

B. Studies and Audit and Evaluation Exceptions

The new regulations also allow for the disclosure of PII, without student or parent consent, where institutions have contracted with organizations to conduct studies or audits of the effectiveness of education programs. However, the regulations require a written agreement with the organization containing mandatory provisions intended to guard the privacy of student records. The regulations also provide institutions with detailed, required provisions aimed at preventing PII from ending up in the hands of persons or entities not intended or permitted to receive them, and guidelines for addressing data breaches. A careful review of the regulations is necessary before an institution enters into any agreement to provide PII access to an organization that is conducting a study or an audit and evaluation.

C. Notices

The new regulations contain a model notification of rights form for post secondary institutions to provide to students and parents. Given the changes in the DOE's regulations described in this Alert, current notice forms must be re-examined to determine whether they are in compliance. Also, the DOE's model form has a number of optional provisions that each institution should evaluate based on their specific needs.

Conclusion

FERPA and the DOE's regulations are complex and create the potential for administrative sanctions. The new regulations give expanded authority to institutions to make disclosures, but a careful approach to crafting policies and disclosures is necessary to avoid administrative penalties, as well as possible lawsuits by students and parents. 

©2014 Greenberg Traurig, LLP. All rights reserved.

About the Author

Shareholder

Stephen Mendelsohn concentrates his practice on all aspects of commercial litigation through trial and appeals with an emphasis on financial institutions, securities and real estate. He counsels employers on all facets of employment law and has broad experience with private and public universities and schools. Stephen represents a number of private equity funds in their securities litigation matters. Previously, Stephen served as an assistant Attorney General for the State of New York. 

561.955.7629

Boost: AJAX core statistics

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be  a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.

The National Law Review - National Law Forum LLC 4700 Gilbert Ave. Suite 47 #230 Western Springs, IL 60558  Telephone  (708) 357-3317 If you would ike to contact us via email please click here.