When Congress passed the Family Educational Rights and Privacy Act (FERPA) in 1974 to protect the privacy of student data, online predators didn't exist and the term “identity theft” might have been a plot point in a James Bond movie. But now these threats are very real. Seemingly harmless information (a student's name, address and birth date, for example) can create any number of problems if it falls into the wrong hands.
In April, the U.S. Department of Education (DOE) proposed a series of amendments to FERPA, including one that would give schools leeway in limiting how that data, known as directory information, is used. For instance, schools could compile names, activities students participate in and photos, but the information could only be used for the yearbook. The goal is to let schools collect information and share it when needed without exposing it to Freedom of Information Act requests from the public at large.
If passed, another change to FERPA would give states greater freedom to provide information from their longitudinal data systems to those studying the effectiveness of educational programs (a health and human services or Head Start program representative, for instance). It also would let high schools and secondary institutions share information about student achievement, says Melanie Muenzer, chief of staff for the DOE's Office of Planning, Evaluation and Policy Development. There's currently a lot of confusion surrounding whether colleges can report information back to high schools, she explains, and various states interpret the law differently. The clarification would enable high schools to receive reports from postsecondary institutions so they can see how students fare after graduation and measure high school programs' effectiveness over the long term.
While the amended law would let states share information with more entities, it also would give the DOE greater authority to enforce FERPA policies regarding how that information is protected. Currently, FERPA only gives the department the authority to enforce its policies among entities and agencies that have students in attendance. The change would let the DOE enforce the policies among state education agencies as well, for instance.
“It's up to every single person who has access to student information to make sure that they are living up to their obligations to protect that student data,” Muenzer says.
The department collected public feedback on the proposed changes in April and May, and it plans to announce the new regulations by the end of the year.