Join the GOOGLE +Rubber Room Community

Friday, March 29, 2013

Privacy, FERPA and Student Records - What's The Answer?

Valerie Strauss: On the Question of Student Privacy


dataEarlier this month I wrote a post about
a lawsuit against the U.S. Education
Department that charges the agency with
promoting regulations that undercut student
privacy and parental consent. The suit was
filed some time ago by the nonprofit Electronic 
Privacy Information Center over 2011 regulations involving the Family Educational Rights and
Privacy Act, also known as FERPA, a law that
is supposed to protect the privacy of student
education records at all schools that receive
federal education funds.
The lawsuit argues that 2011 regulations issued
by the department changed FERPA in a way
that effectively allows more individuals and both private and public entities to have
access to sensitive student records. Third parties already could get student data from
school districts and state education agencies under certain conditions under rules
finalized in 2008.
The issue has gained attention because of a new $100 million database built in
large part with Gates Foundation money that holds detailed files on millions of 
schoolchildren and that is being run by a new nonprofit called inBloom. Critics
fear that private information in the database will be given to private third parties
in part because of the 2011 regulations.
But inBloom counsel Steve Winnick says that critics are misinterpreting the 2011
FERPA regulations. Following is a piece he wrote about the issue. Winnick is
senior counsel   at EducationCounsel LLC, and has significant experience working
on FERPA issues as the former deputy general counsel of the U.S. Department of
Education and at EducationCounsel.
By Steve Winnick
Since the launch of non-profit inBloom earlier this month, there has been much
discussion regarding the privacy and use of student data and the role of the Family Educational Rights and Privacy Act (FERPA). In particular, the 2011 FERPA
regulatory amendments were discussed in Valerie Strauss’ earlier post. She has given
us the opportunity to address some misunderstanding about inBloom’s service and its compliance with FERPA.
Technology needs to do a better job helping teachers and parents with the important mission of educating our children. inBloom is working to make it easier for teachers, parents, and students themselves to see a coherent picture of student progress and
give parents more options to be involved in their children’s education.
Data-driven instructional technology has been available in classrooms for over a
decade. School districts that purchase these systems are burdened with the expense
and complexity of connecting these tools to the systems they already have. inBloom
eases this burden by providing a secure service to help school districts manage their instructional data. Only school districts can make decisions about how information
about students can be used.
As an example, one of the inBloom pilot districts has implemented over 30 different
online learning systems. The time it takes for a teacher to login and download results
from each of these tools steals time from their busy day and makes it difficult to have important conversations about student learning with parents. With inBloom, districts
can provide teachers and parents with better instructional tools and the information
they need to help students succeed.
The disclosure of student records to the inBloom data services is allowed by two different provisions in FERPA. The first provision allows schools to disclose student records to school officials with a legitimate educational interest in the records, including private contractors hired by a school district, when the student records are needed to provide the contracted 
services. This applies to inBloom, which is contracted by school districts to provide technology services for school administrators and teachers. USED spelled out rules authorizing disclosure of student records to school district contractors in 2008 (see section 99.31(a)(1)(B)); however, this type of disclosure was consistently allowed long before it was codified in 2008 (for example, see this 2004 USED advisory opinion).
The second FERPA provision allows disclosures of student records to authorized representatives of state or local education officials for the purpose of evaluating, auditing or complying with federal- or state-supported education programs. This is not the primary purpose of inBloom, but is a secondary benefit of states’ participation in inBloom.
As I mentioned at the beginning of this post, many people have misinterpreted the 2011 USED regulations. Prior to 2011, FERPA did not allow state or local education agencies to designate non-education state agencies (for example, the state workforce agency) as authorized representatives for evaluating public education programs. Anyone evaluating these programs had to be “under the direct control” of a state or local education agency, i.e. “an employee or contractor,” as stated in a 2003 directive from the Department.
As explained in the preamble to the 2011 regulations (page 75616), USED through those regulations reversed that interpretation and began allowing education agencies to designate any entity—including other state agencies—to assist in the evaluation of education programs, and to receive student records for that purpose. In other words, other state and local agencies could now assist the education department—and access student records for that purpose— in the same way that outside contractors could.
Even more importantly, the 2011 regulations do not in any way affect the 2008 regulations that permit disclosures of student data to private contractors to perform educational services for a school district (under significant conditions), which relates to the core mission of inBloom.
inBloom’s work with states and districts fully complies with the law, with or without the 2011 regulations. inBloom has adopted data privacy and security protections that meet the highest industry standards, exceed FERPA requirements, and are designed to ensure that student data are used only for agreed-upon education purposes and not further disclosed.
inBloom is committed to protecting the privacy and security of student records while helping states and school districts to more effectively use student data for legitimate educational purposes, in particular to provide a more customized education for all of our children. FERPA historically has been the subject of multiple myths that get in the way of effectively using data for these critical educational objectives. It is important that there be an accurate public understanding of what FERPA means and how it is being