Fixing FERPA

Fixing FERPA: Strengthening Transparency & Confidence in FERPA Enforcement

Strengthening Transparency & Confidence in FERPA Enforcement June 2024 Jessica Arciniega, Katherine Kalpos, Morgan Sexton, Amelia Vance, and Casey Waughn   CC BY-NC 4.0 There is a pervasive myth among stakeholders concerned about student privacy that FERPA is not enforced––that it is toothless. This misconception stems from a lack of public transparency throughout the whole FERPA enforcement process at the Department of Education (USED). The public-facing parts of USED’s FERPA enforcement portray FERPA enforcement as weak, specifically due to the low number of punitive enforcement decisions and past systematic problems detailed in a 2018 USED Office of Inspector General (OIG) […]

Fixing FERPA: Strengthening Transparency & Confidence in FERPA Enforcement Read More »

Fixing FERPA: Increasing Transparency to Make FERPA’s Privacy Protections More Meaningful

Increasing Transparency to Make FERPA’s Privacy Protections More Meaningful June 2024 Katherine Kalpos, Morgan Sexton, Amelia Vance, and Casey Waughn   CC BY-NC 4.0 Schools must communicate about their data collection and privacy policies so that parents and eligible students can effectively exercise their FERPA rights to access, amend, and request deletion of personally identifiable information (PII) in education records. But in their efforts to be more transparent, schools should strive to provide clarity rather than simply providing more information. Transparency does not require (and should not equate to) information overload. While FERPA provides a good starting point toward transparency

Fixing FERPA: Increasing Transparency to Make FERPA’s Privacy Protections More Meaningful Read More »

Fixing FERPA: Enhancing EdTech Accountability

Enhancing EdTech Accountability June 2024 Katherine Kalpos, Morgan Sexton, Amelia Vance, and Casey Waughn   CC BY-NC 4.0 Sharing student data with a 4th grade teacher, Mr. Stevens, so he can tailor his lesson plans for the upcoming school year? Use the school official exception. Sharing student data with an edtech company to create student profiles on a new app that customizes lessons based on students’ strengths and weaknesses? Use the school official exception. Although it may seem counterintuitive, schools must use the same exception to FERPA’s consent requirement in order to share student data with teachers and with edtech

Fixing FERPA: Enhancing EdTech Accountability Read More »

Fixing FERPA: Distinguishing Between Core & Secondary Technology Uses

Distinguishing Between Core & Secondary Technology Uses June 2024 Katherine Kalpos, Morgan Sexton, Amelia Vance, and Casey Waughn   CC BY-NC 4.0 Schools use technology to take attendance to ensure they create accurate records of which students are present, and FERPA protects this personally identifiable information (PII). Students might wear heart monitors as part of gym class, which also creates PII. FERPA protects this very different type of PII in the same way and to the same degree that it protects attendance data. A fundamental problem with FERPA is that it includes all-or-nothing protections for data regardless of why the

Fixing FERPA: Distinguishing Between Core & Secondary Technology Uses Read More »

Fixing FERPA: Clarifying Data Sharing Through a Defined Pedagogical Exception

Clarifying Data Sharing Through a Defined Pedagogical Exception June 2024 Katherine Kalpos, Morgan Sexton, Amelia Vance, and Casey Waughn   CC BY-NC 4.0 A second-grade teacher, Ms. Montana, is teaching her class about multiplication. She writes “2 x 3 = _” on the board and asks if anyone would like to come forward and write the answer. When a student raises his hand, Ms. Montana says, “Yes, Jackson, come on up.” Jackson walks to the board, writes the number “6”, and goes back to his seat. Ms. Montana congratulates him on getting the correct answer and continues the lesson. Sounds

Fixing FERPA: Clarifying Data Sharing Through a Defined Pedagogical Exception Read More »

Fixing FERPA

Did you know that the Family Educational Rights and Privacy Act (FERPA), a student privacy law that has been around for nearly 50 years, was influenced by the rise of computers? Did you know that FERPA restricts educational apps from using student’s personally identifiable information for anything other than the educational purpose approved by the school? Did you know that, contrary to popular belief, FERPA is continuously and actively enforced by the U.S. Department of Education? Despite its continued applicability and relevance in today’s data-driven education landscape, FERPA is often criticized as outdated and insufficient. But the prevalence of inaccurate

Fixing FERPA Read More »

FERPA 101

FERPA 101 It is interesting to think that a law enacted in 1974—pre-smartphone, mobile app, and modern computer—still governs the vast technological landscape and data collection practices of modern education. In the age of online learning and student one-to-one devices, the Family Educational Rights and Privacy Act of 1974 (FERPA) remains the primary federal law protecting student privacy. FERPA analysis has grown increasingly complex over the years as rules and guidance were added to account for emerging technologies–as  highlighted during the COVID-19 pandemic when the education community struggled to apply FERPA in light of schools’ increasing reliance on educational technology.

FERPA 101 Read More »

FERPA Exemptions

FERPA Exemptions While FERPA is renowned for its robust privacy protections for student data, it’s easy to overlook the flip side of the coin: the student data that falls outside of FERPA’s protections. Understanding the scope of FERPA’s protections is crucial for navigating the nuances of student privacy today, especially since the line between student data that is and is not covered is not always intuitive. To help illustrate what student data is not protected under FERPA, we’ve created the following table explaining the FERPA exemptions with clear descriptions and real-world examples.   FERPA Exempt Description Example De-Identified Records and

FERPA Exemptions Read More »

FERPA Exceptions

FERPA Exceptions FERPA typically requires consent prior to disclosing any student personally identifiable information (PII) from education records. Nevertheless, FERPA includes several exceptions that allow for certain sharing without consent while still ensuring that the necessary safeguards are in place to protect the privacy of student data. To make understanding these exceptions a little easier, we have put together the following table that details every exception in FERPA–offering clear and concise explanations, criteria for when they may be applicable, and tangible examples that shed light on their practical application.   FERPA Exceptions Description Example School Official (34 CFR 99.31(a)(1) and

FERPA Exceptions Read More »