Main Nav

New FERPA Rules Promote Education Reform and Enable Increased Accountability and Transparency

The Revised Regulations for the Family Educational Rights and Privacy Act (FERPA) were announced on December 2, 2011.  According to the U.S. Department of Education, the changes in the rules were “needed to ensure that the Department continues to implement FERPA in a way that protects the privacy of education records while allowing for the effective use of data.”  The rule changes are designed to accommodate increased accountability and transparency for schools and institutions of higher education.  “Improved access to data will facilitate States’ ability to evaluate education programs, to ensure limited resources are invested effectively, to build upon what works and discard what does not, and to contribute to a culture of innovation of continuous improvement in education” writes the Department in the summary of the Final regulations.

Advocates for the changes include the Data Quality Campaign (DQC) and others who promote using data to improve student achievement and believe changes in the FERPA rules were necessary to aid education reform.  According to an Advisory and Overview prepared by EducationCounsel, LLC, for the DQC, the regulations transform FERPA in the following ways:

  • Reflect the new reality of state longitudinal data systems
  • Clarify existing ambiguities for states
  • Balance access with protection
  • Provide consistency with federal data requirements
  • Promote the efficient use of data system investments

The new FERPA rules are not without their critics, however.  Barmak Nassirian, Associate Executive Director for External Relations of the American Association of Collegiate Registrars and Admissions Officers  (AACRAO) writes, “the Department has regrettably decided to go down the path of a data free-for-all in the name of accountability.”  Some are worried that the new rules weaken the privacy protections for students which is the overall intent of FERPA.  The Department concedes that “the benefits of using student data must always be balanced with the need to protect student privacy.”

Among the key changes in the Final rule are the following:

Directory Information.  Institutions can now adopt limited directory information policies that allow the disclosure of directory information to be limited to specific parties, for specific purpose, or both.  The purpose of this change was to lessen the burden of obtaining consent for more mundane uses of student information, while allowing schools to choose the purposes for which directory information should be disclosed.

Audit/Evaluation and Studies Exceptions.  The new regulations help facilitate effective research and evaluation of education programs by clarifying who may receive student information to conduct evaluations of education programs, and under what circumstances these types of disclosures may occur.  The regulations also provide best practices for written agreements among parties that share information.

Safeguards and Enforcement.  The new regulations balance the provisions for expanded access with additional privacy safeguards and strengthened enforcement.  State or local educational authorities are to use “reasonable methods” to ensure “to the greatest extend practicable” that organizations who receive student data to conduct evaluations, audits, or compliance reviews use the student data only for authorized purposes, protects the data from further disclosure, and destroys the data when it is no longer needed.  Enforcement anticipates loss of privileges for instances of misuse and clarifies investigation and enforcement procedures.

A more detailed analysis of the new rules and the implications for information technology professionals will be available from EDUCAUSE in early January.  We are also planning a webinar with the Department’s Chief Privacy Officer, Kathleen Styles, on January 25th, 1-2 p.m., as part of Data Privacy Month



Tags from the Community