Legislative Analysis

Strengthening Transparency & Confidence in FERPA Enforcement June 2024 Jessica Arciniega, Katherine Kalpos, Morgan Sexton, Amelia Vance, and Casey Waughn   CC BY-NC 4.0 There is a pervasive myth among stakeholders concerned about student privacy that FERPA is not enforced––that it is toothless. This misconception stems from a lack of public transparency throughout the whole FERPA enforcement process at the Department of Education (USED). The public-facing parts of USED’s FERPA enforcement portray FERPA enforcement as weak, specifically due to the low number of punitive enforcement decisions and past systematic problems detailed in a 2018 USED Office of Inspector General (OIG)

Increasing Transparency to Make FERPA’s Privacy Protections More Meaningful June 2024 Katherine Kalpos, Morgan Sexton, Amelia Vance, and Casey Waughn   CC BY-NC 4.0 Schools must communicate about their data collection and privacy policies so that parents and eligible students can effectively exercise their FERPA rights to access, amend, and request deletion of personally identifiable information (PII) in education records. But in their efforts to be more transparent, schools should strive to provide clarity rather than simply providing more information. Transparency does not require (and should not equate to) information overload. While FERPA provides a good starting point toward transparency

Enhancing EdTech Accountability June 2024 Katherine Kalpos, Morgan Sexton, Amelia Vance, and Casey Waughn   CC BY-NC 4.0 Sharing student data with a 4th grade teacher, Mr. Stevens, so he can tailor his lesson plans for the upcoming school year? Use the school official exception. Sharing student data with an edtech company to create student profiles on a new app that customizes lessons based on students’ strengths and weaknesses? Use the school official exception. Although it may seem counterintuitive, schools must use the same exception to FERPA’s consent requirement in order to share student data with teachers and with edtech

Clarifying Data Sharing Through a Defined Pedagogical Exception June 2024 Katherine Kalpos, Morgan Sexton, Amelia Vance, and Casey Waughn   CC BY-NC 4.0 A second-grade teacher, Ms. Montana, is teaching her class about multiplication. She writes “2 x 3 = _” on the board and asks if anyone would like to come forward and write the answer. When a student raises his hand, Ms. Montana says, “Yes, Jackson, come on up.” Jackson walks to the board, writes the number “6”, and goes back to his seat. Ms. Montana congratulates him on getting the correct answer and continues the lesson. Sounds

Distinguishing Between Core & Secondary Technology Uses June 2024 Katherine Kalpos, Morgan Sexton, Amelia Vance, and Casey Waughn   CC BY-NC 4.0 Schools use technology to take attendance to ensure they create accurate records of which students are present, and FERPA protects this personally identifiable information (PII). Students might wear heart monitors as part of gym class, which also creates PII. FERPA protects this very different type of PII in the same way and to the same degree that it protects attendance data. A fundamental problem with FERPA is that it includes all-or-nothing protections for data regardless of why the