The Family Educational Rights and Privacy Act of 1974 (FERPA) protects student records but also imposes a number of obligations on school entities that receive federal funding, including public school districts, charter schools and most colleges and universities. Barring a few exceptions, all records containing identifying information about a student are protected under FERPA.
School entities are legally obliged to keep student records private, and failure to comply can threaten federal dollars and lead to other liability, not to mention create trust issues with parents and students. Educational professionals – teachers, professors, deans of faculty, deans of student affairs, faculty mentors, legal advisers and education attorneys – must understand FERPA requirements for maintaining and sharing documents and information about students.
Recent FERPA News Call Attention to Student Record Issues
New technologies, the advent of social media, data breaches, immigration and how to respond to publicity when it raises student privacy implications were not considered during the passage of FERPA; nonetheless, school entities must address these issues today while ensuring compliance with the law. Even when a school entity is attacked publicly and wants to defend itself, the privacy rights of its students are not waived.
As illustrated by the 2012 case of Oakstone Community College v. Williams, even if the parent or student is attacking the school entity and disclosing FERPA protected information, the school entity is still bound under FERPA.
Other FERPA compliance issues raised recently include information uploaded onto social media, including pictures that might be considered student records under FERPA, and student immigration status. Significant concern has been raised about “sanctuary colleges” and the disclosure of students’ immigration status under FERPA. School entities can’t release this information without consent or an exception under FERPA, or a warrant or subpoena from law enforcement.
Policies and Procedures Can Cover Potential FERPA Disclosure Scenarios
Educational records under FERPA don’t just include student files stored on a central database, but also apply more broadly to various locations where records are kept in various formats, including pictures and videos, handwritten, in print or on computer media. For school entities using new technologies, ensuring these are FERPA compliant is paramount.
Schools must ensure they are prepared for inevitable security breaches: They must know what legal requirements there are for notice under state law, have a plan for dealing with public outcry, check their contracts for indemnity provisions and understand insurance policies.
To avoid privacy breaches through social media usage including blogs, school entities must ensure staff do not post FERPA-protected information online without applicable exceptions and also carefully review media and directory information policies and releases. In order to ensure compliance with FERPA in the light of increasingly complex issues, school entities must train staff on the requirements under FERPA.
Create Legally Defensible Procedures for Maintenance of Student Records
AudioSolutionz recently hosted the live webinar “FERPA in the News: Headlines Call Attention to Student Record Issues” with industry veteran Timothy E. Gilsbach, Esq., who explored the FERPA issues that may be raised by new technology, security breaches or with respect to recent developments in immigration policies. Timothy provided practical tips for legally defensible procedures regarding the maintenance and disclosure of student records – all of which can help teachers and professors, deans, PR officers, faculty mentors, registrars, IT heads, and legal advisers and education attorneys – in their efforts to assure compliance with FERPA.