Federal Education Department Proposes Revisions to School Privacy Law The U.S. Department of Education proposed 30 pages of revisions in the Family Educational Rights and Privacy Act (FERPA), partly in response to the massacre at Virginia Tech last year. The proposed revisions, published in the March 24 Federal Register, were largely aimed at removing restrictions that might inhibit educators from disclosing information in cases of emergency or threat without the consent of the student. The main changes in FERPA rules include: • Educators who disclose information to protect the health and safety of a student or the public would have new legal protections. • The new rules take into account new technologies and would interpret the law to cover students who attend classes through distance learning or the Internet. • School districts would make sure that employees would have access only to records they needed. • Districts would need written contracts with researchers to whom educational records were disclosed without parental consent, specifying and agreeing to the purposes of the research. • In compliance with the U.S. Patriot Act, educational institutions must disclose education records to the Attorney General in response to an appropriate court order. • College campus officials can release information about a student who is a registered sex offender. According to a federal study, Report to the President on Issues Raised by the Virginia Tech Tragedy (June 13, 2007), and a state report, The Virginia Tech Review Panel Report (August 2007), the slaying at Virginia Tech might have been avoided if school officials did not feel they were hampered by FERPA. According to news reports, several professors in the English department were aware that student Seung Hui Cho was troubled and might have posed a threat. They could have shared that information with his parents, Education Week reported, without violating the law, but apparently felt restrained from doing that. On April 16, 2007, he killed 33 people, including himself. The federal study cited fear of violating privacy laws as a barrier to sharing information among institutional staff and the state study expressed similar concerns, suggesting that school officials need stronger liability protections. The U.S. Department of Education says the changes in the rules provide that protection. The proposed regulations state: "The Secretary requires that, considering the totality of the circumstances, there be an articulable and significant threat to the health or safety of a student or other individuals, and that the disclosure [of the information] be to any person whose knowledge of the information is necessary to protect against the threat. On the other hand, the Secretary has determined that greater flexibility and deference should be afforded to administrators so they can bring appropriate resources to bear on a circumstance that threatens the health and safety of individuals." The regulations take into consideration changes in technologies and other developments since the law was first passed 34 years ago. For instance, while the law protects the privacy of students in school, the new provisions expand privacy coverage to students who attend classes by videoconference. The provisions also permit school districts to share student data with contractors as long as the data are pertinent to the contractors' functions. Many districts are out-sourcing administrative work. Because of the danger of identity theft, social security numbers may not be shared. Student identification numbers could be shared as long as that would not permit others to access records without a password or other protection. In order to help protect against record fraud, districts also would be permitted to share records with the agencies that originally created them. Educators who thought a record was falsified could send the document back to the office that supposedly created it to see if it was bona fide. Researchers would still be able to access de-identified student information without parental consent but would be required to sign a contract stating that the records could only be used for the purposes of the study. The proposed regulations may be accessed at http://frwebgate4.access.gpo.gov/cgi-bin/waisgate.cgi?WAISdocID=7553314 966+0+0+0&WAISaction=retrieve. The state study on the Virginia Tech massacre may be found at http://www.vtreviewpanel.org/report/index.html. The federal study is at http://www.hhs.gov/vtreport.html. |
