U.S. Department of Education Proposes Changes to FERPA (Federal Education Rights and Privacy Act)

I don't know if you followed this, but this spring the U.S. Department of Education proposed changes to regulations in the Federal Educational Rights and Privacy Act (FERPA). The deadline for public comment has already passed, but click here to review the proposed changes, published in the Federal Register. For a more "reader-friendly" version of the proposed changes, click here for the ED.gov version.

Here is a brief summary of rationale provided by the Department of Education for the proposed changes, quoted from the Federal Register:

• "We propose to amend § 99.3 to add a definition of the term authorized representative. Under the proposed definition, an authorized representative would mean any entity or individual designated by a State or local educational authority or agency headed by an official listed in § 99.31(a)(3) to conduct—with respect to Federal or State supported education programs—any audit, evaluation, or compliance or enforcement activity in connection with Federal legal requirements that relate to those programs."

• We also would amend § 99.35 to require written agreements between a State or local educational authority or agency headed by an official listed in § 99.31(a)(3) and its authorized representative, other than an employee (see proposed § 99.35(a)(3)). 

• Finally, proposed § 99.35(d) would clarify that if the Department's Family Policy Compliance Office (FPCO) finds that a State or local educational authority, an agency headed by an official listed in § 99.31(a)(3), or an authorized representative of a State or local educational authority or agency headed by an official listed in § 99.31(a)(3) improperly rediscloses PII in violation of FERPA, the educational agency or institution from which the PII originated would be prohibited from permitting the entity responsible for the improper redisclosure (i.e., the authorized representative, or the State or local educational authority or the agency headed by an officials listed in § 99.31(a)(3), or both) access to the PII for at least five years (see 20 U.S.C. 1232g(b)(4)(B) and § 99.33(e)).

The proposed changes to FERPA regulations are part of a series of U.S. Department of Education initiatives to safeguard student privacy while creating a more flexible arrangement among states for sharing educational information. Here are the other initiatives, as described in a Department of Education press release issued on April 7, 2011:

• Hiring a new Chief Privacy Officer to serve as the "senior advisor to the secretary on all of the Department's policies and programs related to privacy, confidentiality and data security."

• Establishment of the Privacy Technical Assistance Center (under the National Center for Educational Statistics) to ""serve as a one-stop resource for the P-20 education community on privacy, confidentiality, and data security."

• Release of technical briefs featuring best practices, from the National Center for Educational Statistics. Click here to read the first three briefs.

According to the Department of Education's April 7 press release these initiatives are designed "to safeguard student privacy while clarifying that states have the flexibility to share school data that are necessary to judge the effectiveness of government investments in education." However, some critics claim that the proposed changes to FERPA actually loosen definitions of terms like "authorized representatives" and ease restrictions on sharing protected information, which could endanger the privacy of students.

 I am gratified to see increasing attention given to the need to update FERPA regulations to address the increasingly important impacts of emerging technologies (e.g., social media, cloud computing) on communication among students and faculty members. We need to protect student privacy, first and foremost, while also adapting to new and more open forms of communication. For more about this conversation, check out this useful resource on the Catholic University of America's website and read through the resources on education and cloud computing, social networks, apps, etc.

It would be in the best interests of students, families, institutions, and educators alike to follow action on these proposed changes and engage as necessary.

Regards,
Mark