News Feature | March 3, 2015

FERPA Requirements Could Extend To Solutions Providers

Christine Kern

By Christine Kern, contributing writer

Education IT News for VARs — January 29, 2015

As technology use has exploded and pushed into the educational realm, the original parameters of Family Education Rights and Privacy Act (FERPA) are being stretched, and some believe that it is time to update the guidelines to respond to the current environment.

FERPA was passed in 1974 to protect students’ educational records and ensure that parents had a right to access their children’s’ educational information. FERPA established guidelines for information sharing, guaranteeing that private information regarding academic performance and individual identifiable information would remain private. 

Lawmakers are now pursing updates to FERPA, according to Education Week Representative Todd Rokita, (R- IN), chair of the House education subcommittee, explains, “The law has not been significantly updated since its introduction in 1974. Unless Congress updates FERPA and clarifies what information can be collected, how that information can be used, and if that information can be shared, student privacy will not be properly protected.”

The House Subcommittee on Early Childhood, Elementary, and Secondary Education hosted a hearing to explore “How Emerging Technology Affects Student Privacy.”

In anticipation of the hearing, The Electronic Privacy Information Center (EPIC.ORG) sent a letter to Chairman Rokita, stating:  “More than ever, students experience routine and pervasive surveillance that threatens fundamental privacy and intellectual freedom rights.” Citing a number of articles regarding student data breaches, the letter continues, “Schools and companies fail to adequately safeguard the student data they collect. We write to urge you to pursue effective measures that meaningfully safeguard student data.”

Vendors are also aware of privacy issues and have committed themselves to measures to safeguard data. Microsoft’s Allyson Knox testified at the hearing, and wrote in a blog post that Microsoft “was among the 14 original signers of the “K-12 School Service Provider Pledge to Safeguard Student Privacy,” a framework that would establish minimum standards for the maintenance, collection and use of student data.” Knox writes, “Technology holds the promise to transform education, enable personalized instruction, and help children learn. Yet despite this promise, the primary federal law focused on protecting student privacy, the Family Educational Rights and Privacy Act, no longer reflects the reality of today’s education system and the new technologies that are being used. The time has come to do the difficult work of revising this law to bring it into the 21st century.”

In his testimony,  Joel Reidenberg, founding academic director of the Center on Law and Information Policy at Fordham University, asserts that Congress should focus on four primary goals in amending the current law:

  • Expanding the legal definition of an “educational record” to include digital data and metadata generated by software, websites, apps,  and online learning platforms
  • Expanding FERPA to apply to vendors and not just educational agencies
  • Including a “graduated” enforceable series of penalties for FERPA violators, and allowing individual families a private right of action
  • Including requirements around data security standards and notification of data breaches

The subcommittee will consider all testimony and determine appropriate courses of action to move forward with amendments to the current law.