Today's Info Policy News
Protecting your children's privacy: The Facts
WHO'S WATCHING YOUR CHILDREN?
With the exact phrase
With all of the words
With at least one of the words
Without these words
Within these fields
Date range limit
No limit: Show me all items regardless of date captured.
Limit the search to items added since this date.
Item(s) found: 174
Proposed Part 121 Regulation for Protecting PII in Educational Agencies
Sunday March 31 2019, 8:11 PM
March 31, 2019 Proposed Part 121 Regulation for Protecting PII in Educational Agencies Commentary by Sheila Kaplan, Founder, Education New York
School Resource Officers, School Law Enforcement Units, and the Family Educational Rights and Privacy Act (FERPA)
Friday February 22 2019, 7:25 AM
Checklist for Developing School District Privacy Programs
Tuesday September 01 2015, 11:27 AM
Case Study #5: Minimizing PII Access (Updated Aug 2015)
Tuesday September 01 2015, 11:17 AM
Protecting Student Privacy in Research Projects
Saturday April 04 2015, 4:26 PM
While a great deal of attention has been paid recently to protecting the privacy of students’ personal information and education records, families and educators also need to be aware of the use and disclosure of students‘ personal information in research conducted by universities and other entities.
Hearing on “How Emerging Technology Affects Student Privacy"
Monday February 16 2015, 12:24 PM
United States House of Representatives 114th Congress, 1st Session; Committee on Education and the Workforce Subcommittee on Early Childhood, Elementary and Secondary Education Hearing on “How Emerging Technology Affects Student Privacy" February 12, 2015 Statement of Joel R. Reidenberg Stanley D. and Nikki Waxberg Chair and Professor of Law Founding Academic Director, Center on Law and Information Policy Fordham University New York, NY Good morning Chairman Rokita, Ranking Member Fudge and distinguished
Privacy Handbook for Student Information Online: A Toolkit for Schools and Parents
Tuesday February 10 2015, 9:16 AM
Privacy and Security Developments 2014 Issue 01
Monday November 24 2014, 6:23 AM
Privacy and Security Developments is a periodic briefing of new cases, statutes, articles, books, resources, and other developments. It is authored by Professors Daniel J. Solove and Paul M. Schwartz.
FUTURE OF PRIVACY FORUM LAUNCHES ONE-STOP SHOP WEBSITE FOR STUDENT PRIVACY
Thursday August 21 2014, 7:43 AM
PTAC: Transparency Best Practices for Schools and Districts
Friday August 15 2014, 11:22 AM
Opt-Out 2014: Protect Children
Tuesday August 12 2014, 6:10 PM
FERPA Exceptions Summary
Monday April 14 2014, 9:03 AM
Protecting Student Privacy While Using Online Educational Services
Tuesday February 25 2014, 2:51 PM
Sheila Kaplan Testimony Nov 20, 2013 NY Assembly Education Committee Hearing
Thursday November 21 2013, 8:09 AM
Sheila Kaplan Testimony Nov 13, 2013
Thursday November 14 2013, 8:05 PM
Written Testimony NY Senate Hearing
Tuesday October 29 2013, 4:57 PM
Protecting Student Data at the State Level: A Proposal for CPOs in DoEs
Tuesday October 15 2013, 6:07 PM
Chief Privacy Officer for Education Act letter to NYT editor
Tuesday October 15 2013, 9:40 AM
EPIC letter to Congress
Friday October 11 2013, 6:12 PM
OPT-OUT NOW Press Release
Tuesday September 10 2013, 8:25 AM
SHEEO NPRM FERPA MAY 2011
Monday August 05 2013, 10:35 PM
We have formally endorsed the suggestions from the Data Quality Campaign (DQC) and acknowledge the value of the specific comments and suggestions they have provided.
CCSSO FERPA NPRM
Monday April 08 2013, 10:38 PM
“How Data Can be Used to Inform Educational Outcomes”
Sunday April 07 2013, 3:54 PM
Reidenberg provided written testimony for the House Committee on Education and Labor hearing, “How Data Can be Used to Inform Educational Outcomes”.
EPIC v US ED Reply
Wednesday March 06 2013, 12:02 PM
FERPA, COMMON CORE STATE STANDARDS & DATA-SHARING
Wednesday March 06 2013, 9:54 AM
Software & Information Industry Association (SIIA) NPRM Submission FERPA
Saturday March 02 2013, 4:37 PM
EPIC vs US ED reply
Friday February 22 2013, 9:30 AM
KRIS ALMAN post to "Every Day Should Be Digital Learning Day"
Saturday February 09 2013, 11:49 AM
FACT SHEET: UNLOCKING THE POWER OF EDUCATION DATA FOR ALL AMERICANS
Friday February 08 2013, 12:41 PM
EPIC V US ED Defendant Statement of ISSUES
Tuesday February 05 2013, 11:26 AM
EPIC v US ED
Tuesday February 05 2013, 11:05 AM
ORDERED that Defendant’s Motion is GRANTED, and further ORDERED that Plaintiffs’ Cross-Motion is DENIED, and further ORDERED that Plaintiffs’ Complaint is DISMISSED for lack of subject matter jurisdiction.
EPIC v US ED
Monday January 21 2013, 1:46 PM
PLAINTIFFS’ CROSS-MOTION FOR SUMMARY JUDGMENT AND MEMORANDUM OPPOSING DEFENDANT’S MOTION TO DISMISS AND MOTION FOR SUMMARY JUDGMENT
‘‘Uninterrupted Scholars Act (USA)
Wednesday January 16 2013, 2:01 PM
Amends FERPA: ‘‘(L) an agency caseworker or other representative of a State or local child welfare agency, or tribal organization (as defined in section 4 of the Indian Self-Determination and Education Assistance Act (25 U.S.C. 450b)), who has the right to access a student’s case plan,
Data De-identification: An Overview of Basic Terms
Wednesday January 16 2013, 1:35 PM
PTAC-GL, Oct 2012: In addition to defining and clarifying the distinction among several key terms, the paper provides general best practice suggestions regarding data de-identification strategies for different types of data. The information is presented in the form of an alphabetized list of definitions, followed at the end by additional resources on FERPA requirements and statistical techniques that can be used to protect student data against disclosures
OPT-OUT PROTECT KIDS
Sunday December 30 2012, 3:21 PM
Inadequate security of personal, private, and sensitive Information in school districts’ mobile computing devices – audit
Friday December 28 2012, 4:49 PM
FERPA and the Cloud: What FERPA Can Learn from HIPAA
Tuesday December 18 2012, 7:01 AM
SOLOVE: Parents need to look at what their schools are doing about student privacy and speak up, because the law isn’t protecting their children’s privacy. School officials who want to develop a more meaningful and robust protection of privacy should talk to government officials who are tasked with complying with HIPAA. They can learn a lot from studying HIPAA and following some of its requirements. Congress should remake FERPA more in the model of HIPAA. If Congress won’t act, state legislatures should pass better education privacy laws. Because FERPA does not provide adequate oversight and enforcement of cloud computing providers, schools must be especially aggressive and assume the responsibility. Otherwise, their students’ data will not be adequately protected. School officials shouldn’t assume that the law is providing regulation of cloud computing providers and that they need not worry. The law isn’t, so right now the schools need to be especially vigilant.
It's 3PM: Who's Watching Your Children?
Wednesday December 12 2012, 5:48 PM
Parents concerned about their children's privacy should be aware of how easily personally identifiable information can be bought and sold by marketers as well as by identity thieves. FERPA was enacted in 1974 to protect the privacy of education records and directory information -- including name, address, phone number, date of birth, and e-mail address, among other personally identifiable information. Parents should be aware that under FERPA, directory information can be disclosed without parental consent. If you do not opt-out of directory information personal and identifiable information about your children may be public.
FERPA and the Cloud: Why FERPA Desperately Needs Reform
Tuesday December 11 2012, 6:51 AM
SOLOVE: Parents should lobby Congress and their state legislatures to pass laws providing better protections of their children’s data. This is an issue that should be of great concern to parents since educational institutions possess a staggering amount of personal data about students, and this data can currently be outsourced to nearly any company anywhere – even to a cloud computing provider in the most totalitarian country in the world!
Success Academy FERPA Notification
Monday November 26 2012, 10:05 AM
Saturday November 24 2012, 11:06 AM
DECEMBER 2011 – REVISED FERPA REGULATIONS: AN OVERVIEW FOR PARENTS AND STUDENTS
Monday November 12 2012, 11:00 AM
It is important for schools to have directory information policies, as schools may not do even mundane activities (such as publishing yearbooks or creating graduation programs) without having designated the items about the students contained in the publications as directory information. For example, without a directory information policy, FERPA would require schools to obtain consent for every student every time it wants to publish a yearbook. However, many schools have been forgoing designations of directory information, as they have concluded that such designations would put students at risk of becoming targets of marketing campaigns, the media, or even victims of criminal acts
2012 Opt-Out form
Friday November 09 2012, 7:02 AM
Example of bad FERPA notification
Charter Institute FERPA Notification
Thursday November 01 2012, 4:51 PM
Georgia Department of Law letter to UGA
Tuesday October 30 2012, 6:48 PM
College Reports Breach of Confidential Student Information via Unknown Outside Source, Investigation On-Going
Wednesday October 10 2012, 8:55 PM
Frequently Asked Questions—Cloud Computing
Monday September 24 2012, 10:25 AM
FERPA does not prohibit the use of cloud computing solutions for the purpose of hosting education records; rather, FERPA requires States to use reasonable methods to ensure the security of their information technology (IT) solutions.
EPIC v US ED
Wednesday August 22 2012, 11:54 PM
PLAINTIFFS’ REPLY MOTION TO DEFENDANT’S OPPOSITION TO PLAINTIFFS’ MOTION TO SUPPLEMENT THE ADMINISTRATIVE RECORD AND CONSIDER EXTRA-RECORD EVIDENCE
NYSSBA End of Session Review
Sunday August 12 2012, 9:35 AM
NYSSBA position on parental notification (S.2357/A.8474) factually incorrect.
EPIC v US ED : MOTION TO SUPPLEMENT THE ADMINISTRATIVE RECORD AND CONSIDER EXTRA-RECORD EVIDENCE
Monday July 23 2012, 6:23 PM
EPIC’S MOTION TO SUPPLEMENT THE ADMINISTRATIVE RECORD AND CONSIDER EXTRA-RECORD EVIDENCE
EPIC v US ED Scheduling Order
Wednesday June 27 2012, 4:35 PM
SCHEDULING ORDER: In light of the joint report submitted by the parties, it is ORDERED that: 1. The administrative record will be due June 29, 2012. 2. Defendant’s dispositive motion will be due on July 27, 2012, with plaintiffs’ opposition and any cross-motion due on August 27, 2012; the reply and opposition to any cross-motion due September 26, 2012; and reply to any cross-motion due on October 10, 2012.
EPIC v US ED (US ED answer)
Friday May 04 2012, 2:53 PM
Gates Foundation COOPER on data sharing
Thursday April 26 2012, 3:09 PM
The SLC, co-funded by the Foundation and the Carnegie Corporation of New York, "is working to change the way educational data is gathered," Cooper explained. "All of these different technologies have created islands within the schools"--islands which prevent the holistic examination of a student's data during their educational path. Even if one school has its act together and can effectively track a student in that school, what happens if that student transfers to another school? Or wants to take additional classes as an institution like the Khan Academy or Maker Faire, Cooper asked. Right now, such extracurricular learning opportunities are rarely tracked.
FEDERAL REGISTER screen shot regarding FERPA & NIST
Thursday April 26 2012, 2:46 PM
SHARED LEARNING INFRASTRUCTURE AND FERPA
Wednesday April 25 2012, 4:02 PM
Balancing Student Privacy and School Safety: A Guide to the Family Educational Rights and Privacy Act for Elementary and Secondary Schools ??
Thursday March 08 2012, 7:57 AM
Revealing New Truths About Our Nation's Schools
Tuesday March 06 2012, 5:54 PM
CRDC makes public long-hidden data about which students are suspended, expelled, and arrested in school.
EPIC v US Department of Education
Thursday March 01 2012, 9:08 AM
EPIC has filed a lawsuit under the Administrative Procedure Act against the Department of Education. EPIC's lawsuit argues that the agency's December 2011 regulations amending the Family Educational Rights and Privacy Act exceed the agency's statutory authority, and are contrary to law. The agency issued the revised regulations despite the fact that “numerous commenters . . . believe the Department lacks the statutory authority to promulgate the proposed regulations."
American Bar Association FERPA comments
Thursday January 26 2012, 5:22 PM
FERPA NPRM May 23, 2011
Student Weight Status Category Report: 2008-2010 New York State (Exclusive of New York City)
Thursday January 26 2012, 9:31 AM
December 2011 FERPA Regulations: Information Sharing Around Child Welfare and Education
Thursday January 26 2012, 8:02 AM
The new rules offer expanded opportunities for state or local child welfare and education agencies to share information. However, given that these new regulations do not sufficiently eliminate the barriers to intersystem communication for children in care, we look forward to legislative changes to ensure that child welfare agencies can fulfill their duty to ensure that the educational needs of the children in their care are met.
“We’re From the Government and We’re Here to Help You”
Wednesday January 25 2012, 12:29 PM
Speakers: Kathleen M. Styles, Chief Privacy Officer, U.S. Department of Education and Michael B. Hawes, Statistical Privacy Advisor, U.S. Department of Education The Department of Education administers the Family Educational Rights and Privacy Act (FERPA) and recently established a Chief Privacy Officer position to coordinate federal technical assistance on privacy and confidentiality to the education community. Kathleen will discuss ED’s privacy initiatives, both in schools and in connection with student longitudinal databases. The presentation will cover recently issued and forthcoming guidance documents and regulation changes. She and Michael Hawes will also discuss the difficult balance in releasing student data, about the need to both be transparent and protect privacy through disclosure avoidance.
NY Assembly bill A.8474 same as NY Senate bill S.2357B
Monday January 23 2012, 12:38 PM
Requires active parental consent to release personal and sensitive information (categorized as directory information under FERPA) about students. This bill passed the NY Senate 62-0 in the 2011 session. It has been sponsored & reintroduced in the Assembly by Assemblywoman Linda Rosenthal & in the Senate by Sen. Suzi Oppenheimer for the 2012 legislative session.
APPENDIX A: FERPA Guidance for Reasonable Methods and Written Agreements
Thursday January 05 2012, 5:57 PM
FERPA represents the floor for protecting [student] privacy, not the ceiling. PAGE A-5 Federal Register/Vol. 76, No. 232/Friday, December 2, 2011/Rules and Regulations.
FERPA: Guidance for Reasonable Methods & Agreements
Tuesday December 20 2011, 4:45 PM
DEPARTMENT OF EDUCATION 34 CFR Part 99 in the Federal Register (76 FR 19726)
Monday December 05 2011, 11:20 AM
SUMMARY: The Secretary of Education (Secretary) amends the regulations implementing section 444 of the General Education Provisions Act (GEPA), which is commonly referred to as the Family Educational Rights and Privacy Act (FERPA). These amendments are needed to ensure that the U.S. Department of Education (Department or we) continues to implement FERPA in a way that protects the privacy of education records while allowing for the effective use of data. Improved access to data will facilitate States’ ability to evaluate education programs, to ensure limited resources are invested effectively, to build upon what works and discard what does not, to increase accountability and transparency, and to contribute to a culture of innovation and continuous improvement in education.
National Opt-Out Campaign Informs Parents How to Protect the Privacy of their Children's School Records
Tuesday September 20 2011, 4:53 PM
Parents have rights under the Family Educational Rights Privacy Act (FERPA) to restrict access to their children's personal information.
FTC Alerta para Consumidores: Cómo proteger la información personal de su hijo en la escuela
Sunday September 11 2011, 7:37 PM
Pregunte en la escuela de su hijo cuál es la política aplicable al directorio de información de los estudiantes. En el directorio de información de los estudiantes se pueden listar el nombre, domicilio, fecha de nacimiento, número de teléfono, domicilio de email y foto de su hijo. La ley FERPA establece que las escuelas deben notificar a los padres y tutores sus respectivas políticas aplicables al directorio de información de los estudiantes, y darle el derecho de optar por que no se suministre esa información a terceros. Es mejor que presente su solicitud por escrito y que guarde una copia para sus archivos. Si usted no ejerce su derecho de optar por que no se comparta la información de su hijo, los datos listados en el directorio de la escuela pueden estar a disposición no sólo de los compañeros de clase y personal de la escuela de su hijo, sino también del público en general.
US Education Department Model Notice for Directory Information
Monday September 05 2011, 12:21 PM
The Family Educational Rights and Privacy Act (FERPA), a Federal law, requires that [School District], with certain exceptions, obtain your written consent prior to the disclosure of personally identifiable information from your child's education records. However, [School District] may disclose appropriately designated "directory information" without written consent, unless you have advised the District to the contrary in accordance with District procedures. Directory information may include: Student's name; Address; Telephone listing; Electronic mail address; Photograph; Date and place of birth; Major field of study; Dates of attendance; Grade level; Participation in officially recognized activities and sports; Weight and height of members of athletic teams; Degrees, honors, and awards received; The most recent educational agency or institution attended; Student ID number, user ID, or other unique personal identifier used to communicate in electronic systems that cannot be used to access education records without a PIN, password, etc. (A student's SSN, in whole or in part, cannot be used for this purpose.)
Example of customized opt-out form
Sunday September 04 2011, 7:45 PM
COLLEGE OF CHARLESTON FERPA DIRECTORY INFORMATION OPT-OUT FORM - note parents or college students have choices as to which information they want to share.
Saturday September 03 2011, 2:40 PM
INTRODUCED BY Assembly Member Fuentes; This bill would redefine directory information to no longer include a pupil's place of birth and to also include a pupil's e-mail address.
CA: State colleges, alumni groups reap $6.6M in credit card royalties
Friday September 02 2011, 8:29 PM
Erica Perez; Under the agreements, banks typically get exclusive rights to market credit cards to university students and alumni, and they pay royalties to the universities or related organizations based on the number of new credit card accounts opened.] Excerpt from source linked to entry: [university must give the bank mailing lists for alumni, faculty, staff, fans, ticket holders, donors, undergraduates and graduate students. The lists include postal addresses, telephone numbers and e-mail addresses.]
FTC CONSUMER ALERT: Protecting Your Child's Personal Information at School
Friday September 02 2011, 6:10 PM
[Ask your child's school about its directory information policy. Student directory information can include your child's name, address, date of birth, telephone number, email address, and photo. FERPA requires schools to notify parents and guardians about their school directory policy, and give you the right to opt-out of the release of directory information to third parties. It's best to put your request in writing and keep a copy for your files. If you don't opt-out, directory information may be available not only to the people in your child's class and school, but also to the general public.]
TEXAS SB 1106
Saturday August 13 2011, 3:54 PM
AN ACT relating to the exchange of confidential information concerning certain juveniles.
S. 1464 - METRICS Act
Saturday August 13 2011, 3:10 PM
To enable States to implement integrated statewide education longitudinal data systems. This Act may be cited as the ``Measuring and Evaluating Trends for Reliability, Integrity, and Continued Success (METRICS) Act of 2011'' or the ``METRICS Act''.
Stolen Futures: A Forum on Child Identity Theft July 12, 2011
Monday July 25 2011, 5:26 PM
Session 3 TRANSCRIPT - Securing Children’s Data in the Educational System: Steven Toporoff - Federal Trade Commission. PANELISTS: Kathleen Styles, U.S. Department of Education; Michael Borkoski, Howard County Maryland Public Schools; Larry Wong, Montgomery County Maryland Public Schools; Richard Boyle ECMC, Denny Shaw i-SAFE, Inc. [This panel will explore the Family Educational Rights and Privacy Act (FERPA) and initiatives to protect children’s personal information in school systems. We will also explore lessons learned from a high-profile data breach involving student information. Finally, the panel will discuss outreach efforts to teach children, teachers, youth counselors, and school administrators about privacy and securing children’s personal information.]
Balancing Student Privacy and School Safety: A Guide to the Family Educational Rights and Privacy Act for Elementary and Secondary Schools
Monday July 25 2011, 1:51 PM
Many school districts employ security staff to monitor safety and security in and around schools. Some schools employ off-duty police officers as school security officers, while others designate a particular school official to be responsible for referring potential or alleged violations of law to local police authorities. Under FERPA, investigative reports and other records created and maintained by these "law enforcement units" are not considered "education records" subject to FERPA. Accordingly, schools may disclose information from law enforcement unit records to anyone, including outside law enforcement authorities, without parental consent. See 34 CFR § 99.8. While a school has flexibility in deciding how to carry out safety functions, it must also indicate to parents in its school policy or information provided to parents which office or school official serves as the school's "law enforcement unit." (The school's notification to parents of their rights under FERPA can include this designation. As an example, the U.S. Department of Education has posted a model notification on the Web at: http://www.ed.gov /policy/gen/guid/fpco/ferpa/lea-officials.html.) Law enforcement unit officials who are employed by the school should be designated in its FERPA notification as "school officials" with a "legitimate educational interest." As such, they may be given access to personally identifiable information from students' education records. The school's law enforcement unit officials must protect the privacy of education records it receives and may disclose them only in compliance with FERPA. For that reason, it is advisable that law enforcement unit records be maintained separately from education records.
Stolen Futures: A Forum on Child Identity Theft July 12, 2011
Wednesday July 20 2011, 6:12 PM
TRANSCRIPT SESSION ONE: Stolen Futures: A Forum on Child Identity Theft July 12, 2011; The Federal Trade Commission (FTC) and the Office for Victims Rights (OVC), Office of Justice Programs, U.S. Department of Justice, will hold a forum to discuss child identity theft. Government, business, non-profit, legal service providers, and victim advocates will explore the nature of child identity theft, including foster care identity theft and identity theft within families, with the goal of advising parents and victims on how to prevent the crime and how to resolve child identity theft problems.
Addressing Emergencies on Campus June 2011
Tuesday June 28 2011, 6:32 PM
United States Department of Education (USED) : Summary of two applicable Federal education laws administered by the Department of Education (Department): the Family Educational Rights and Privacy Act (FERPA) and the Higher Education Act of 1965 (HEA), as amended. This Federal component is only one piece of what is necessary to consider in ensuring the safety of our Nation’s students, faculty, and school staff. A comprehensive and effective campus policy must incorporate all Federal and State policies regarding health and safety emergencies, education, student privacy, civil rights, and law enforcement, as well as specific local community needs.
Fordham CLIP Comments on FERPA NPRM May 23, 2011 Docket: ED-2011-OM-0002 1
Wednesday June 22 2011, 10:24 PM
Fordham Professor of Law Joel Reidenberg: Proposed Amendments to the FERPA Regulations contradict Congressional Mandates; Impermissible expansion of “Authorized representative” proposed in §99.3; Problematic expansion of “directory information” proposed in §99.3; Impermissible expansion of the “audit and evaluation” provision proposed in § 99.35(a)(2); Questionable Enforcement proposed in §99.35 ;
NYS Sen. Oppenheimer and Sen. Montgomery on S.2357
Tuesday June 21 2011, 4:25 PM
Sen. Oppenheimer and Sen. Montgomery on S.2357 @ 36:30 minutes. Senators demonstrate responsible data stewardship. S.2357 excerpt: [(C) UNLESS OTHERWISE ALLOWED BY LAW, A SCHOOL MAY NOT, EVEN WITH THE AFFIRMATIVE CONSENT OF THE PARENT OF THE STUDENT IN ATTENDANCE OR THE ELIGIBLE STUDENT IN ATTENDANCE, DISCLOSE PERSONALLY IDENTIFIABLE STUDENT INFORMATION FOR A COMMERCIAL, FOR-PROFIT ACTIVITY INCLUDING BUT NOT LIMITED TO USE FOR: (I) MARKETING PRODUCTS OR SERVICES; (II) SELLING PERSONALLY IDENTIFIABLE STUDENT INFORMATION FOR USE IN MARKETING PRODUCTS OR SERVICES; (III) CREATING OR CORRECTING AN INDIVIDUAL OR HOUSEHOLD PROFILE; (IV) COMPILATION OF A STUDENT LIST; (V) SALE OF THE INFORMATION FOR ANY COMMERCIAL PURPOSE; OR (VI) ANY OTHER PURPOSE CONSIDERED BY THE SCHOOL AS LIKELY TO BE A COMMERCIAL, FOR-PROFIT ACTIVITY. (D) IN MAKING AN ALLOWABLE DISCLOSURE UNDER THIS SUBDIVISION, A SCHOOL MAY ONLY DISCLOSE THE MINIMUM AMOUNT OF INFORMATION NECESSARY TO ACCOM PLISH THE PURPOSE OF THE DISCLOSURE.]
New York Senate; S.2357-B
Tuesday June 07 2011, 12:07 PM
This bill, sponsored by Sen. Oppenheimer, restricts the sale of student PII and requires affirmative consent for the release of sensitive information.
Education New York comments re Student Privacy submitted to FERPA NPRM - May 23, 2011
Monday May 23 2011, 9:22 PM
Document ID: ED-2011-OM-0002-0001: Family Educational Rights and Privacy. The proposed changes to FERPA do not adequately address the capacity of marketers and other commercial enterprises to capture, use, and re-sell student information. Even with privacy controls in place, it is also far too easy for individuals to get a hold of student information and use it for illegal purposes, including identity theft, child abduction in custody battles, and domestic violence. Few parents are aware, for example, that anyone can request -- and receive -- a student directory from a school. Data and information breaches occur every day in Pre-K-20 schools across the country, so that protecting student privacy has become a matter of plugging holes in a dyke rather than advancing a comprehensive policy that makes student privacy protection the priority.
Supporting Data Use While Protecting the Privacy, Security and Confidentiality of Student Information
Monday May 02 2011, 6:28 PM
Data Quality Campaign: [Meet the moral and legal responsibility to respect the privacy and the confidentiality of students’ personally identifiable information; Mitigate risks related to the intentional and unintentional misuse of data, which are amplified by the digital nature of today’s society in which more information — in education and every sector — is housed and shared in electronic and web-based forms; and ensure clarity around roles and responsibilities, including states’ authority to share data, in what form the data can be shared, at what level of detail, with whom and with what protections in place.]
DQC: The American Recovery and Reinvestment Act (ARRA) Support for State Longitudinal Data Systems (SLDS)
Friday April 22 2011, 5:06 PM
Data Quality Campaign - The American Recovery and Reinvestment Act provides federal support to states to further build and promote the use of statewide longitudinal data systems. This document includes: 1. ARRA Overview and Data Systems; a. American Recovery and Reinvestment Act; b. America COMPETES Act; 2. State Stabilization Funds and Assurances 3. Institute of Education Sciences State Longitudinal Data Systems Grants: a. American Recovery and Reinvestment Act – IES Funding; 4. U.S. Department of Education Guidance on Implementation of ARRA : a. Fact sheet: The American Recovery and Reinvestment Act of 2009: Saving and Creating Jobs and Reforming Education; b. Letter to Governors from Secretary of Education Arne Duncan c. Implementing the American Recovery Act – Letter from Secretary of Education Arne Duncan
U.S. Department of Education (USED) Safeguarding Student Privacy
Friday April 08 2011, 6:38 PM
The use of data is vital to ensuring the best education for our children. However, the benefits of using student data must always be balanced with the need to protect students’ privacy rights. Students and their parents should expect that their personal information is safe, properly collected and maintained and that it is used only for appropriate purposes and not improperly redisclosed. It is imperative to protect students’ privacy to avoid discrimination, identity theft or other malicious and damaging criminal acts. All education data holders must act responsibly and be held accountable for safeguarding students’ personally identifiable information – from practitioners of early learning to those developing systems across the education continuum (P-20) and from schools to their contractors. The need for articulated privacy protections and data security continues to grow as Statewide Longitudinal Data Systems (SLDS) are built and more education records are digitized and shared electronically. As States develop and refine their information management systems, it is critical that they ensure that student information continues to be protected and that students’ personally identifiable information is disclosed only for authorized purposes and under the circumstances permitted by law. All P-20 stakeholders should be involved in the development of these statewide systems and protection policies.
"What every school official should know about privacy"
Thursday March 17 2011, 2:24 PM
Video of Daniel Solove on schools and privacy taped at Cornell University.
TITLE 20 > CHAPTER 31 > SUBCHAPTER III > Part 4 > § 1232g
Tuesday March 15 2011, 12:47 PM
FERPA statute regarding directory information - note PICTURE and E-MAIL NOT in statute. US ED added through regulations -- they were not added by Congress: 5)(A) For the purposes of this section the term “directory information” relating to a student includes the following: the student’s name, address, telephone listing, date and place of birth, major field of study, participation in officially recognized activities and sports, weight and height of members of athletic teams, dates of attendance, degrees and awards received, and the most recent previous educational agency or institution attended by the student.
United States House of Representatives Committee on Education and Labor Hearing on “How Data Can be Used to Inform Educational Outcomes” April 14, 2010
Monday March 14 2011, 7:36 PM
1. States are warehousing sensitive information about identifiable children. 2. The Fordham CLIP study documents that privacy protections are lacking and rules need to be developed and implemented to assure that children’s educational records are adequately protected. 3. As part of basic privacy standards, strong data security is necessary to minimize the risks of data invasions, scandals and melt-downs from centralized databases of children’s personal information. Statement of Joel R. Reidenberg, Professor of Law and Founding Academic Director Center on Law and Information Policy, Fordham University School of Law New York, NY
GAMMILL v USED - USA Merit System Board documents
Monday March 14 2011, 1:14 PM
Proposed regulatory (not statutory) change vastly expands term authorized representative well beyond these four 3 entities: Comptroller General of US, Secretary, Attorney General, and state or local education authorities. (See pages 10 and 11)
PAUL GAMMILL v U.S. DEPARTMENT OF EDUCATION
Monday March 14 2011, 12:44 PM
Whistleblower Retaliation lawsuit filed by Gammill against USED for retaliation of sharing an illegal attempt to circumvent FERPA. Case Number: 1:2011cv00409; Filed: February 18, 2011; Court: District Of Columbia District Court; Office: Washington, DC Office; County: 88888; Presiding Judge: John D. Bates
The Handbook for Campus Safety and Security Reporting
Friday March 11 2011, 7:35 PM
FERPA does not preclude an institution’s compliance with the timely warning provision of the campus security regulations. FERPA recognizes that information can, in case of an emergency, be released without consent when needed to protect the health and safety of others. In addition, if institutions utilize information from the records of a campus law enforcement unit to issue a timely warning, FERPA is not implicated as those records are not protected by FERPA. U.S. Department of Education, Office of Postsecondary Education, The Handbook for Campus Safety and Security Reporting, Washington, D.C., 2011.
FERPA and Social Media
Thursday March 10 2011, 2:50 PM
When students are assigned to post information to public social media platforms outside of the university LMS, they should be informed that their material may be viewed by others. Students should not be required to release personal information on a public site. Instructor comments or grades on student material should not be made public. (Interestingly, grades given by other students on “peer-graded” work can be made public under FERPA). (ACE, 2008) While not clearly required by law, students under the age of 18 should get their parent’s consent to post public work. FERPA does not forbid instructors from using social media in the classroom, but common sense guidelines should be used to ensure the protection of students.
OHIO 3319.321 Confidentiality
Thursday March 10 2011, 2:40 PM
Ohio Revised Code » Title  XXXIII EDUCATION (A) No person shall release, or permit access to, the directory information concerning any students attending a public school to any person or group for use in a profit-making plan or activity. Notwithstanding division (B)(4) of section 149.43 of the Revised Code, a person may require disclosure of the requestor’s identity or the intended use of the directory information concerning any students attending a public school to ascertain whether the directory information is for use in a profit-making plan or activity.
Some questions raised over release of student info (North Dakota)
Tuesday March 08 2011, 4:54 PM
[North Dakota: High schools across the state would be required to give names, addresses and phone numbers of their students to the State Board of Higher Education under a proposed Senate bill.] [Several committee members expressed concern about the additional information and wanted to make sure parents would be fully aware of what information was being requested before opting out. That view also was shared by Bev Nielson of the North Dakota School Boards Association.]
Data Quality Campaign Release of Data for Action 2010: DQC's State Analysis
Monday March 07 2011, 6:15 PM
On February 16, 2011 DQC discussed the results of its sixth annual state analysis Data for Action 2010, a powerful policymaking tool to drive education leaders to use data in decision making. Data for Action is a series of analyses on states’ ability to collect and use data to improve student success. It provides transparency about state progress and priority actions they need to take to collect and use longitudinal data to improve student success.
Statistical Methods for Protecting Personally Identifiable Information in Aggregate Reporting
Thursday March 03 2011, 1:36 PM
NCES 2011-603 Building on current best practices, the Brief outlines reporting recommendations. Primarily, the goal of these reporting recommendations is to maximize the reporting of student outcomes while protecting students’ personally identifiable information.
Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records
Thursday March 03 2011, 1:21 PM
NCES 2011-601 This first brief discusses basic concepts and definitions that establish a common set of terms related to the protection of personally identifiable information, especially in education records.
Recommendations on Data Security and Privacy Protections
Saturday February 19 2011, 11:00 PM
Excerpted from the Data Protections Report submitted to the U.S. Department of Education’s Performance Information Management Service by Highlight Technologies on June 16, 2010. (Where is original report and comments?)
NYC Schools Parents Bill of Rights
Monday February 14 2011, 9:49 PM
Parents have the right to: 12. consent to disclosures of personally identifiable information contained in the student’s education records, except to the extent that Family Educational Rights and Privacy Act (FERPA) and Chancellor’s Regulation A-820 authorize disclose without consent.
NYC P-3 SCHOOL FAMILY HANDBOOK
Sunday February 13 2011, 5:39 PM
See page 19 for information deemed appropriate to release about 4 year old CHILDREN.
CONFIDENTIALITY AND RELEASE OF STUDENT RECORDS; RECORDS RETENTION
Sunday February 13 2011, 3:13 PM
This regulation supersedes New York City Chancellor’s Regulation A-820 dated July 8, 2008. Changes: • The regulation was revised to conform to amendments to federal regulations under the Family Educational Rights and Privacy Act (“FERPA”).
Identifying Violence-prone Students
Thursday January 13 2011, 2:02 PM
The fine line higher education officials walk in dealing with troubled students is discussed.
NCES 2011-602 Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records
Tuesday January 04 2011, 9:55 PM
SLDS Technical Brief - Guidance for Statewide Longitudinal Data Systems (SLDS) [A privacy and data protection program for student education records must include an array of rules and procedures for protecting PII held in the record system. It also must include a full set of public disclosures of the existence and uses of the information included in the data system, a description of all parents’ or eligible students’ rights to review and appeal the contents of an individual education record and of their rights and the procedures to appeal a violation. ]*****[A school directory may include PII such as a student’s name, grade level, and contact information. Taken by itself, the release of this information is not harmful to a student. However, when combined with the student’s Social Security Number or another identifier and the student’s education record, this information has the potential for violating a student’s right to privacy. The release of this combined record could lead to harm or embarrassment. Thus, the privacy and data protection program should focus on PII that will be maintained in the electronic student record system with its likely wealth of student data.2}
Directory Information Part 1 (WAV file, no text -- it's audio)
Sunday December 26 2010, 5:36 PM
EDNY comments on Data Quality Campaign webcast with US ED response. See Part 2 for continuation of conversation.
Directory Information Part 2 (This file is an audio 'wav' file)
Sunday December 26 2010, 5:23 PM
Part 2 of EDNY comments on Data Quality Campaign webcast with US ED response.
Kindergarten Through 12 Grade Schools’ Collection and Use of Social Security Numbers (A-08-10-11057)
Thursday December 23 2010, 9:53 AM
OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION - Despite the potential risks associated with using SSNs as primary student identifiers, many K-12 schools continue this practice. While we recognize that SSA cannot prohibit States or K-12 schools from collecting and using SSNs as student identifiers or for other purposes, we believe SSA can help reduce the threat of identity theft and SSN misuse by encouraging States and K-12 schools to reduce unnecessary collection of SSNs and improve protections and safeguards when collected.
New York State Student Information Repository System (SIRS) Manual
Wednesday December 22 2010, 8:44 PM
New York State Student t Information Repository System (SIRS) Manual; Reporting Data for the 2010–11 School Year (SEE APPENDIX 19)
K-12 Education: Many Challenges Arise in Educating Students Who Change Schools Frequently
Monday December 20 2010, 9:20 PM
GAO-11-40 November 18, 2010 - The recent economic downturn, with foreclosures and homelessness, may be increasing student mobility.
K-12 EDUCATION - Selected Cases of Public and Private Schools That Hired or Retained Individuals with Histories of Sexual Misconduct
Friday December 17 2010, 1:00 PM
GAO-11-200 ; GAO examined show that individuals with histories of sexual misconduct were hired or retained by public and private schools as teachers, support staff, volunteers, and contractors.
COMMERCIAL DATA PRIVACY AND INNOVATION IN THE INTERNET ECONOMY: A DYNAMIC POLICY FRAMEWORK
Thursday December 16 2010, 1:16 PM
US DEPT OF COMMERCE REPORT says the principles "should promote increased transparency through simple notices, clearly articulated purposes for data collection, commitments to limit data uses to fulfill these purposes, and expanded use of robust audit systems to bolster accountability." NO RECOMMENDATIONS REGARDING EDUCATION AND FERPA DIRECTORY INFORMATION.
Many States Collect Graduates’ Employment Information, but Clearer Guidance on Student Privacy Requirements Is Needed
Monday December 13 2010, 9:17 AM
GAO-10-927 - GAO recommends that Education clarify means by which states can collect and share graduates’ employment information under the Family Educational Rights and Privacy Act (FERPA) and establish a time frame for doing so. Education agreed with the recommendation.
Schools Selling Students' Personal Information
Wednesday October 06 2010, 3:17 PM
Link to stories about schools selling student information
Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information
Tuesday September 28 2010, 2:51 PM
GAO-08-795T : In its report GAO identified alternatives that the Congress should consider, including revising the scope of privacy laws to cover all personal information, requiring that the use of such information be limited to a specific purpose, and revising the structure and publication of privacy notices.
FERPA Myth Busters
Friday July 23 2010, 2:58 PM
Organization: Education Counsel -- Draft for WICHE Conference Use -- December 16, 2008
Family Educational Rights and Privacy Act (FERPA) and the Disclosure of Student Information Related to Emergencies and Disasters
Thursday June 24 2010, 1:48 PM
The purpose of this guidance is to answer questions that have arisen about the sharing of personally identifiable information from students’ education records to outside parties when responding to emergencies, including natural or man-made disasters. Understanding how, what, and when information can be shared with outside parties is an important part of emergency preparedness.
FERPA Legislative History
Wednesday May 05 2010, 10:21 AM
The Family Educational Rights and Privacy Act of 1974 (“FERPA”), § 513 of P.L. 93- 380 (The Education Amendments of 1974), was signed into law by President Ford on August 21, 1974, with an effective date of November 19, 1974, 90 days after enactment. FERPA was enacted as a new § 4381 of the General Education Provisions Act (GEPA) called “Protection of the Rights and Privacy of Parents and Students,” and codified at 20 U.S.C. § 1232g.2 It was also commonly referred to as the “Buckley Amendment” after its principal sponsor, Senator James Buckley of New York. FERPA was offered as an amendment on the Senate floor and was not the subject of Committee consideration. Accordingly, traditional legislative history for FERPA as first enacted is unavailable.
Education and Workforce Data Connections: A Primer on States’ Status
Wednesday April 14 2010, 6:16 PM
Data Quality Campaign - [States are currently working to connect education and workforce data, however, states are far from reaching the goal of having data systems that can link across the P-20/Workforce spectrum. To connect these education and workforce databases, states should engage a broad range of stakeholders to: 1. Prioritize, through broad-based stakeholder input, the critical policy questions to drive the development and use of longitudinal data systems. 2. Ensure data systems are interoperable within and across agencies and states by adopting or developing common data standards, definitions and language. 3. Protect personally identifiable information through governance policies and practices that promote the security of the information while allowing appropriate data access and sharing.]
Delta College trustees won't add more student information to campus directory
Thursday March 18 2010, 1:34 PM
By Andrew Dodson | The Bay City Times - [Currently, information on Delta College students that is readily available, unless they have opted out, includes their name, degree, address, awards, dates attended, program, participation in activities, enrollment, e-mail and weight and height for members of athletic teams. Higgs argued that the college should have more items on file, including a student photo, whether or not that student is full or part time and a phone number. "That's what the courts look to," said Higgs. "Our policy doesn't have those things and it should." Other board members disagreed, saying that more data collecting isn't required and isn't worth the time. They voted against the plan 8-1.]
Privacy flags raise concern for graduate students
Thursday March 11 2010, 9:24 PM
by Katie Perkowski -[Undergraduate students are not the only ones concerned with personal information available through UK’s online people search — now, graduate students are voicing their concern, too. Members of UK’s graduate school have recently voiced concern about their information like home address and home telephone number being available on the UK Web site without their knowledge, said English teaching assistant Jesslyn Collins-Frohlich.]
Clash Over Student Privacy
Tuesday March 09 2010, 5:05 PM
This document should not be shared due to copyright. Inside Higher Ed - [WASHINGTON -- The U.S. Education Department has fired the top federal official charged with protecting student privacy, in what the dismissed official says was a conflict with the agency's political leaders over their zeal to encourage the collection of data about students' academic performance. Paul Gammill says he was physically escorted out of the department's offices on a Friday morning last month after he refused to resign as director of the agency's Family Policy Compliance Office. Administration officials said that "[p]rivacy laws require us to keep certain employment matters confidential, so we cannot comment on Mr. Gammill. But Gammill, not so encumbered, maintains that he was dismissed because, on several occasions, he argued in internal meetings and documents that the department's approach to prodding states to expand their longitudinal student data systems violated the Family Educational Rights and Privacy Act, which protects the privacy of students' educational records.]
Federal Register: July 6, 2000 (Volume 65, Number 130)
Tuesday March 09 2010, 4:56 PM
DEPARTMENT OF EDUCATION - 34 CFR Part 99 - Family Educational Rights and Privacy- AGENCY: Department of Education. ACTION: Final regulations. SUMMARY: The Secretary amends the regulations implementing the Family Educational Rights and Privacy Act (FERPA). The amendments are needed to implement sections 951 and 952 of the Higher Education Amendments of 1998 (HEA). These amendments permit postsecondary institutions to disclose certain information to the public and to parents of students. DATES: These regulations are effective August 7, 2000.
Putting Private Info on Government Database
Tuesday March 09 2010, 4:34 PM
Phyllis Schlafly writes - [The Fordham report made numerous recommendations to beef up student privacy, such as collecting only information relevant to articulated purposes, purging unjustified data, enacting time limits for data retention and hiring a chief privacy officer for each state. There is no indication that these suggestions will be implemented. The Obama Department of Education officials believe that collecting personally identifiable data is "at the heart of improving schools and school districts." One of the four reform mandates of the Race to the Top competition is to establish pre-kindergarten to college-and-career data systems that "track progress and foster continuous improvement."]
Comments of the World Privacy Forum regarding Notice of Proposed Rulemaking, FERPA
Tuesday February 02 2010, 8:28 PM
[Our comments focus on several aspects of the Notice of Proposed Rulemaking (NPRM), notably, the definition and handling of directory information and personally identifiable information. We also comment on the use of full tax returns to determine eligibility. And finally, we comment on the issue of outsourcing, including the need for audit trails in regards to the proposed expansion of the school official exemption.]
Family Policy Compliance Office (FPCO)
Wednesday November 04 2009, 5:04 PM
The mission of the Family Policy Compliance Office (FPCO) is to meet the needs of the Department's primary customers--learners of all ages--by effectively implementing two laws that seek to ensure student and parental rights in education: the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA).
Personal school data not always private
Tuesday November 03 2009, 8:15 PM
APOLGIES @ SCOTT WALDMAN Staff Writer I TRIED REACHING YOU MANY TIMES FOR ACTIVE LINK Section: Capital Region, Page: B1 Date: Saturday, February 9, 2008 [GUILDERLAND - Last year, the Guilderland Teachers Association got the address of every local family and sent those with school-age children postcards promoting the union's picks in the May school board election. But trying to get that kind of personal information from other school districts won't work. The issue shines a light on how school districts interpret a federal law that permits the disclosure of "directory" information - including student and parent names, addresses and phone numbers - without consent. The law leaves it up to individual districts to define what is considered directory information. The statute also stipulates that schools must tell residents they have the right to withhold the information.]
Use of parental list is faulted
Tuesday November 03 2009, 8:06 PM
March 17, 2008 by Scott Waldman - [GUILDERLAND - Guilderland School District violated federal law when it provided the names and addresses of parents to the teachers union, according to the state's authority on open government. Last year, Guilderland Teachers Association used those names and addresses to send parents of school-aged children postcards promoting the union's picks in a school board election. School officials deny that any law was broken, but the district recently imposed a moratorium on releasing "directory" information after complaints by school board members and news coverage of the controversy.]
Sunday November 01 2009, 9:40 PM
South Dakota Superintendent Thinks Info Policy Will Pass Tonight
Friday October 30 2009, 5:37 PM
[Over the past month some parents have voiced their concerns to the school board over what they consider the selling of their children's contact information. Some say they don't want it to land in the wrong hands. Pam Homan says parents have known about the information policy for some time. "On the blue card as we call it parents have been informed of the FERPA requirement and whether or not they wish to have their child's name included or excluded from information." Revisions have been made to the proposed policy. Allowing parents more control over where the information is given. It will allow four categories that are: school publications, directory information, SD board of regents, and military recruiters.]
Plano ISD: Redefining the student directory
Friday October 30 2009, 10:30 AM
[If the changes are approved, Plano ISD couldn't, without consent from the parents, print a student's address, telephone number or e-mail address in any district publication. Some school districts -- and I'm not sure about Plano -- sell directory information to third parties as a money-making operation. Companies, such as Coca-Cola or Citi Bank, could buy the directories and market products to students.] NOTE: CHANGES WERE APPROVED
CHILDREN’S EDUCATIONAL RECORDS AND PRIVACY -- A STUDY OF ELEMENTARY AND SECONDARY SCHOOL STATE REPORTING SYSTEMS -- October 28, 2009
Friday October 30 2009, 9:44 AM
[The Study reports on the results of a survey of all fifty states and finds that state educational databases across the country ignore key privacy protections for the nation's K-12 children. The Study finds that large amounts of personally identifiable data and sensitive personal information about children are stored by the state departments of education in electronic warehouses or for the states by third party vendors. These data warehouses typically lack adequate privacy protections, such as clear access and use restrictions and data retention policies, are often not compliant with the Family Educational Rights and Privacy Act, and leave K-12 children unprotected from data misuse, improper data release, and data breaches. The Study provides recommendations for best practices and legislative reform to address these privacy problems.] Joel R. Reidenberg, Professor of Law and Founding Academic Director of CLIP Jamela Debelak, Esq., Executive Director of CLIP
National Forum on Education Statistics. Forum Guide to Protecting the Privacy of Student Information: State and Local Education Agencies
Saturday March 21 2009, 1:43 PM
National Forum on Education Statistics. Forum Guide to Protecting the Privacy of Student Information: State and Local Education Agencies, NCES 2004–330. Washington, DC: 2004.
FERPA Online Library
Thursday March 12 2009, 3:22 PM
Family Policy Compliance Office Letters
Commercial Activities in Schools: Use of Student Data is Limited and Additional Dissemination of Guidance Could Help Districts Develop Policies
Thursday March 12 2009, 3:16 PM
GAO -- Recommendation: The Secretary of Education should take additional action to assist districts in understanding that they are required to have specific policies in place for the collection, disclosure, and use of student information for marketing and selling purposes by disseminating its guidance to state school boards associations.
Report Is Said To Criticize On-Campus Recruitment
Thursday March 12 2009, 3:10 PM
September 6, 2007 -- NY SUN -- ALEXANDER BRITELL -- [A report by a civil liberties group and the president of Manhattan, Scott Stringer, will criticize military recruitment tactics at some city school campuses. A source familiar with the findings of the report, which is drawn from the survey responses of nearly 1,000 students, said it alleges that military recruiters have been given too much access to public school classrooms, and that the city's Department of Education has not adequately informed students about their right to remove their names from recruiting lists.]
Family Policy Compliance Office (FPCO)
Thursday March 12 2009, 2:49 PM
Children's Online Privacy Protection Act of 1998
Tuesday March 03 2009, 3:14 PM
TITLE XIII-CHILDREN'S ONLINE PRIVACY PROTECTION ***NOTE INCONSISTENCY BETWEEN DEFINITIONS OF PERSONAL INFORMATION AND PARENTAL CONSENT BETWEEN COPPA AND FERPA COPPA DEFINITION (LINK HAS FULL COPPA TEXT) (8) PERSONAL INFORMATION.—The term "personal information" means individually identifiable information about an individual collected online, including— (A) a first and last name; (B) a home or other physical address including street name and name of a city or town; (C) an e-mail address; (D) a telephone number; (E) a Social Security number; (F) any other identifier that the Commission determines permits the physical or online contacting of a specific individual; or (G) information concerning the child or the parents of that child that the website collects online from the child and combines with an identifier described in this paragraph. (9) VERIFIABLE PARENTAL CONSENT.—The term "verifiable parental consent" means any reasonable effort (taking into consideration available technology), including a request for authorization for future collection, use, and disclosure described in the notice, to ensure that a parent of a child receives notice of the operator's personal information collection, use, and disclosure practices, and authorizes the collection, use, and disclosure, as applicable, of personal information and the subsequent use of that information before that information is collected from that child.
State says Cambridge Public Schools can't charge $14K for public records
Friday February 13 2009, 3:12 PM
David L. Harris -- GateHouse News Service - [On Nov. 30, 2007, the Chronicle sent a letter requesting directory information, but the request was later denied in a three-page letter from the school’s legal department. After appealing to the state’s supervisor of public records, Alan Cote, the school department sent a letter dated July 11, explaining that the work to compile the directory information would cost $14,426.88. The Chronicle’s sister paper, the Newton TAB, requested the same information from Newton Public Schools around the same time. The school department, which sent the data within three weeks of the request, did not charge the TAB for the information.]
Student Information Not For Sale At UW- Marathon County
Wednesday February 11 2009, 7:06 PM
Wsaw.com reporter: Margo Spann -- [Private companies looking to sell or market products to college students are buying information about them directly from their schools. The Assistant Director of Student Services at UW Marathon County Annette Hackbarth-Onson says federal law allows colleges to sell information about their students. She says companies are often looking to buy students names, birth-dates, and email addresses.]
Rethinking the Role of Consent in Protecting Health Information Privacy
Tuesday January 27 2009, 9:52 AM
CDT is advocating for the inclusion of privacy protections in the President's economic stimulus bill, which contains at least $20 billion for a national health information technology network. CDT's paper argues that personal health information should easily flow for treatment, payment, and certain core administrative tasks without requiring patient consent, but that stricter limits need to be placed on marketing and other secondary uses. January 26, 2009. This paper advocates for a new generation of privacy protections that allow personal health information to flow among health care entities for treatment, payment, and certain core administrative tasks without first requiring patient consent, as long as there is a comprehensive framework of rules that governs access to and disclosure of health data. Patient consent is one important element of this framework, but relying on consent would do little to protect privacy. This paper also suggests how a framework of protections can provide patients with more meaningful opportunities to make informed choices about sharing their personal health information online.
E P I C - A l e r t -- Volume 15.25 -- December 23, 2008
Tuesday December 23 2008, 6:41 PM
Published by the Electronic Privacy Information Center (EPIC) - Washington, D.C. Table of Contents -  Privacy Coalition Members Write to President-elect Obama  India Hosts Third Internet Governance Forum  Government Issues Final Rules in Education Records Privacy  Privacy, Security and Openness at the Internet Governance Forum  DHS Releases Fusion Center Privacy Impact Assessment  News in Brief
How to Prevent Digital Snooping
Monday December 15 2008, 6:25 PM
BRUCE SCHNEIER in the Wall Street Journal concludes [Large databases filled with personal information, whether managed by governments or corporations, are an essential aspect of the information age. And they each need to be accessed, for legitimate purposes, by thousands or tens of thousands of people. The only way to ensure those people don't abuse the power they're entrusted with is through audit. Without it, we will simply never know who's peeking at what.]
In-Depth Summary of Changes to FERPA Rules
Thursday December 11 2008, 7:54 PM
Family Educational Rights and Privacy; Final Rule
Tuesday December 09 2008, 7:02 PM
FR Doc E8-28864[Federal Register: December 9, 2008 (Volume 73, Number 237)] [Rules and Regulations] [Page 74805-74855] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr09de08-8]
Education Department Reworks Privacy Regulations
Monday December 08 2008, 8:46 PM
Wall Street Journal (WSJ) ELIZABETH BERNSTEIN -- [Ferpa has long allowed colleges to share information about a student if there is a "health or safety" emergency, but had stipulated that the definition of such an emergency must be strictly construed. The new regulations strip away this condition that the definition of the emergency must be narrow and emphasize that schools may use this health-or-safety exception as long as there is an "articulable" and significant threat to the student or other individuals. The regulations also specifically state that parents are among the appropriate parties who may be called in case of a health-or-safety emergency] [The new regulations will also tweak other parts of Ferpa, including areas dealing with electronic records, students' Social Security numbers, and outside contractors hired by educational institutions who are given access to student records to perform services for the institution. In addition, they will address the circumstances under which schools may give researchers access to aggregated student records.]
U Alabama at Birmingham Student Records Policy, Photo as Directory Information
Thursday December 04 2008, 8:41 PM
UAB’s Student Records Policy, derived from the Federal Educational Rights and Privacy Act (FERPA), lists the following items of a student record as “directory information:” Name, Telephone number, E-mail address, Date and place of birth, Major field of study, Participation in officially recognized activities and sports, Dates of attendance, Degrees and awards received, Institution most recently previously attended These items are considered public information which may be made available by the university without prior consent of the student and are considered part of the public record of the student’s attendance. Effective Spring 2009, the photo used on the CampusCard will become an item of directory information. Under the provisions of FERPA, students have the right to withhold the disclosure of directory information.
Joint Guidance on the Application of the Family Educational Rights and Privacy Act (FERPA) And the Health Insurance Portability and Accountability Act of 1996 (HIPAA) To Student Health Records (ID: CSD5578)
Thursday December 04 2008, 4:36 PM
The HIPAA Privacy Rule specifically excludes from its coverage those records that are protected by FERPA. At the elementary or secondary school level, students’ immunization and other health records that are maintained by a school district or individual school, including a school-operated health clinic, that receives funds under any program administered by the U.S. Department of Education are “education records” subject to FERPA, including health and medical records maintained by a school nurse who is employed by or under contract with a school or school district. Some schools may receive a grant from a foundation or government agency to hire a nurse. Notwithstanding the source of the funding, if the nurse is hired as a school official (or contractor), the records maintained by the nurse or clinic are “education records” subject to FERPA.
Vermont to study student privacy policies
Thursday June 12 2008, 4:14 PM
Reformer reports, "The state (Vermont) board is also going to consider how the education department handles third party research requests on behalf of the education department using student data. Under the proposed change, the department information technology team would classify data as sensitive and confidential, and a written contract would have to be signed before the release of records. A third proposed policy spells out how organizations that contract with the education department go about obtaining student information for their work."
Students anxious about directory data
Wednesday June 11 2008, 10:06 AM
Columbia Tribune reports, "The names, telephone numbers, e-mail addresses, mailing addresses and other information of University of Missouri students are all considered public information and have been drawing the attention of marketing agencies eager to sell goods and services to the student body."
One in four data breaches involves schools
Tuesday June 03 2008, 8:34 PM
By Meris Stansbury, Assistant Editor, eSchool News, "Cyber criminals are becoming bolder and more sophisticated in their operations, federal computer security experts say. And that's bad news for schools, because educational institutions reportedly account for approximately one of every four data security breaches."
Tuesday June 03 2008, 8:26 PM
EDUCAUSE is a nonprofit association and good source of information about FERPA and higher education.
Huge Databases Offer a Research Gold Mine — and Privacy Worries
Tuesday June 03 2008, 8:14 PM
By DAVID GLENN from the issue dated May 9, 2008 Chronicle of Higher Education, "Researchers have used the new databases to study many issues, including which high-school math courses are most important for college success and how exposure to adjunct instructors affects student retention. But the new education databases create obvious challenges for protecting student privacy — which is one reason most states have been slow to build them. Florida's education department takes elaborate steps to 'de-identify' its information before handing it to outside researchers. Despite those efforts, nervous officials in other states look at a system like Florida's and worry about potential violations of the Family Educational Rights and Privacy Act, or Ferpa. In March the U.S. Department of Education proposed new Ferpa regulations that might clarify the ground rules for the use of such databases, but it is far from certain that the new rules will make states more comfortable with the projects." http://chronicle.com -- Section: The Faculty -- Volume 54, Issue 35, Page A10
Monday June 02 2008, 10:10 PM
Letter from Wisconsin College Republicans to Family Policy Compliance Office regarding FERPA violation claim.
Frequently Asked Questions
Sunday June 01 2008, 4:41 PM
What is "Directory Information"? FERPA defines "directory information" as information contained in the education records of a student that would not generally be considered harmful or an invasion of privacy if disclosed. Typically, "directory information" includes information such as name, address, telephone listing, date and place of birth, participation in officially recognized activities and sports, and dates of attendance. A school may disclose "directory information" to third parties without consent if it has given public notice of the types of information which it has designated as "directory information," the parent's or eligible student's right to restrict the disclosure of such information, and the period of time within which a parent or eligible student has to notify the school in writing that he or she does not want any or all of those types of information designated as "directory information." The means of notification could include publication in various sources, including a newsletter, in a local newspaper, or in the student handbook. The school could also include the "directory information" notification as part of the general notification of rights under FERPA. The school does not have to notify a parent or eligible student individually. (34 CFR § 99.37.)
Legislative History of Major FERPA Provisions
Sunday June 01 2008, 4:20 PM
Should Parents View School Security Tapes?
Thursday August 30 2007, 11:53 PM
Fulton County News (Pennsylvania) reports, "Board member Kenny Wuertenberg informed the board and administration he had a problem with punishing a child and not allowing the parents to see the incident as recorded by security cameras on school buses and in district facilities. 'It’s fascist ... What happened to due process?' questioned Wuertenberg. 'How is who is riding a public school bus private?'”
Student information found in recycle bin
Thursday August 30 2007, 12:57 PM
Who knows your student?
Thursday August 30 2007, 12:24 PM
Vermont County Courier reports, "Many parents, though, are surprised to find out that more general information about their children - names, addresses, telephone numbers, e-mail addresses, honors and awards - can be more openly shared under FERPA. FERPA calls this 'directory information' that 'is generally not considered harmful or an invasion of privacy if released.' Mark Oettinger, the General Counsel for the Vermont Department of Education, said, 'The "directory information " piece is the exception.' According to FERPA, directory information can be disclosed by schools without parent consent."
Privacy issues curb teen-driver rules
Wednesday August 29 2007, 8:24 PM
Chicago Tribune reports, "The law would have required school districts to submit information to the State Board of Education, detailing whether a student had been expelled, truant or who had dropped out of school. That information would then have been passed to Secretary of State Jesse White's office, which would have flagged the affected students and barred them from driving privileges. State education officials said they decided to delay enforcing the law after the U.S. Department of Education notified them that it violated the Federal Education Rights and Privacy Act, said Matthew Vanover, a spokesman for the state board. 'They told us it would be a violation ... for that information to be shared with the secretary of state's office,' he added."
College M.D. alert to stressed-out students
Sunday August 26 2007, 9:41 AM
The Post-Standard reports, "This year, campuses across the nation are paying particular attention to identifying troubled students in their midst, as part of the aftermath of the April shooting deaths at Virginia Tech carried out by a student with a history of mental illness."
Campus Safety 101
Sunday August 26 2007, 9:35 AM
NY Times op-ed contributor Carolyn Reinach Wolf opines, "One of the major areas of concern in setting up a coordinating office is confidentiality requirements and parental notification. These issues, however, can be addressed by clarifying federal and state confidentiality laws, educating campus employees and parents about exceptions to these laws, and developing protocols to address those situations in which a choice must be made between liability for breach of confidentiality and liability for serious injury or death."
Know your rights on recruiters
Friday August 24 2007, 8:00 AM
Allen Gilbert, Executive director of ACLU of Vermont writes, "So-called 'student directory information,' which includes things such as name, age and extracurricular activities, can be made publicly available under the Family Educational Rights and Privacy Act (FERPA) unless parents choose to 'opt out' and withhold the disclosure of their child's information."
Guidelines for Working with Law Enforcement Agencies
Wednesday August 08 2007, 12:15 PM
By Michael Corn. EQ -- Volume 30 Number 3 2007. Checklist: * Create a policy to address the handling of all legal documents. * Form a team consisting of the security officer, legal counsel, and campus police. * Put campus legal counsel on your telephone speed-dial. * Meet with provost and/or chancellor to discuss law enforcement requests and investigations. * Review and document the salient features of your environment, including your institutional policies on data release and retention. * Understand your obligations with regard to confidentiality. * Discuss with the agent(s) in charge of an investigation whom you wish to inform of the investigation and why. * Work with the agent(s) in charge of an investigation to review what they are looking for and what will not be useful to them. * Develop internal procedures that control the materials and information of legally restricted information. Buy a safe for storing legal materials. * Work with law enforcement agents to better understand your environment and narrow the scope of information requests.
No unwanted publicity
Monday August 06 2007, 9:19 AM
The Enquirer reports, "Started as part of the 1974 Family Educational Rights and Privacy Act (FERPA), the act allows parents to approve their child's personal school information and image to be used for school purposes. These can include name, address, birthdays and participation in school activities including sports, awards, honors, scholarships and photographs. Parochial and private schools generally do not have to abide by FERPA, but many have developed their own guidelines and publicity waivers."
Houston district keeping baseball stats private from parent
Thursday July 19 2007, 6:23 AM
Houston Chronicle reports, "The law generally is viewed as covering students' educational records, such as grades and disciplinary history. Schools across the country regularly release player statistics for newspapers and game programs, but the Houston district contends that the FERPA law covers athlete's statistics."
New Illinois truancy law clashes with federal law
Sunday June 17 2007, 11:41 PM
"Another new law is coming that could further drive down truancy rates in Rockford schools. It threatens something that many teenagers hold dear: their driver’s licenses." "Starting July 1, the new state law requires Illinois school districts to report chronic and habitual truants to Secretary of State Jesse White. Students on the list will not be allowed to obtain a learner’s permit or driver’s license until they are 18, unless the School District certifies that the applicant has resumed regular school attendance. Rockford School District attorney Stephen Katz raises one concern with the new law — another law, called the Federal Education Rights and Privacy Act, prohibits sharing student records without parental permission to all but a select group of agencies."
Could privacy laws hide your student's distress signals?
Sunday June 17 2007, 9:14 AM
FREE PRESS reports, "A federal inquiry into the Virginia Tech shootings released last week suggests that confusion about what university officials were authorized to reveal kept them from sharing information that might have assured that Cho got more aggressive medical treatment or stymied his efforts to purchase firearms. Cho's family members also have complained that they knew little about the extent of his troubles until he went on his rampage."
Georgia Tech Reports Unauthorized Access of Data
Thursday June 14 2007, 6:45 PM
Approximately 23,000 current and former Georgia Tech students have been notified that an electronic file containing their demographic data, such as birthdates, may have been exposed. While no Social Security or credit card numbers (the data most commonly used for identify theft) were included in this file, some of the potentially exposed information is protected under the Family Educational Rights and Privacy Act (FERPA).
Fuzzy Understandings of FERPA
Thursday June 14 2007, 8:16 AM
Inside Higher Ed reports, "A federal report on the Virginia Tech shootings considers the misunderstanding of federal and state privacy laws to be a 'substantial obstacle' to the information sharing needed to protect students."
MAXIMIZING THE POWER OF EDUCATION DATA WHILE ENSURING COMPLIANCE WITH FEDERAL STUDENT PRIVACY LAWS: A GUIDE FOR STATE POLICYMAKERS
Monday May 14 2007, 5:39 PM
This issue brief was written by the managing partners of the Data Quality Campaign and based on the legal analysis by Steve Winnick, Scott Palmer and Art Coleman of Holland & Knight LLP. This issue analysis may serve as a guide to assist states as they build and use state longitudinal data systems in ways that comply with FERPA and fully protect the privacy rights of students and their parents.
Family Educational Rights and Privacy Act Regulations (FERPA)
Sunday February 18 2007, 8:44 PM
34 CFR Part 99. Family Educational Rights and Privacy Act Regulation
Wednesday September 13 2006, 10:55 AM
The Honolulu Advertiser reports, "Manin [sports information director] said the department, faced with some athletes who requested privacy and some who agreed to waivers, wanted to adopt a uniform approach. She said the policy was 'implemented to protect the privacy of student-athletes in accordance with the Family Education Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA).'"
Family Educational Rights and Privacy Act (FERPA)
Thursday July 27 2006, 9:36 PM
"The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA gives parents certain rights with respect to their children's education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are 'eligible students.'" parent or eligible student in order to release any information from a student's education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR § 99.31): School officials with legitimate educational interest; Other schools to which a student is transferring; Specified officials for audit or evaluation purposes; Appropriate parties in connection with financial aid to a student; Organizations conducting certain studies for or on behalf of the school; Accrediting organizations; To comply with a judicial order or lawfully issued subpoena; Appropriate officials in cases of health and safety emergencies; and State and local authorities, within a juvenile justice system, pursuant to specific State law. Schools may disclose, without consent, "directory" information such as a student's name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. However, schools must tell parents and eligible students about directory information and allow parents and eligible students a reasonable amount of time to request that the school not disclose directory information about them. Schools must notify parents and eligible students annually of their rights under FERPA. The actual means of notification (special letter, inclusion in a PTA bulletin, student handbook, or newspaper article) is left to the discretion of each school.
Forum Guide to the Privacy of Student Information: A Resource for Schools
Thursday June 29 2006, 10:50 AM
This NCES guide was written to help school and local education agency staff to better understand and apply FERPA, a federal law that protects privacy interests of parents and students in student education records.
Back to Top of Page