You’ve probably heard of FERPA, the Family Educational Rights and Privacy Act of 1974. It’s the federal privacy law that governs how educational records are protected, giving parents and individuals over 18 the right to control who sees those records. Now, Congress is considering a major overhaul of FERPA, and Fordham Law Professor Joel Reidenberg says the changes can’t come quickly enough.
Joel Reidenberg: FERPA is over 40 years old and was written at a time when schools had no computers — and the Internet did not exist in the way we know it today. So we’re really dealing with privacy issues that weren’t there at the time the bill was enacted.
Reidenberg is the founding academic director of CLIP, the Center on Law and Information Policy at Fordham. He says there are several critical privacy issues that could be addressed by the FERPA changes now under consideration.
Joel Reidenberg: I believe that there are six key things that we need to change to modernize FERPA.
First, we need to update the definitions in FERPA. FERPA currently only applies to educational records, which are envisioned as a file in the principal’s office, located in a cabinet. Instead, we have to look at information about a child in school, and anything that that entails. So that’s a very important update for the modern era.
Second, we need to examine the scope of coverage for the statute. The original statute only applied directly to institutions receiving federal funds for education, so the vendors who are acquiring all the student information are not directly regulated by the statute. And we need to find a way to apply these protections directly to all of those parties who hold or receive information about students from our schools.
Third, the statute needs to spell out what are permissible educational uses, and then prohibit those uses that are not educational. So the borderline between commercial and educational has to be articulated in the statute.
Fourth, FERPA has no obligation for data security — and we know from all the breaches that have been occurring in the United States over the last two years that this is an enormous issue. So it’s very important that FERPA require parties holding and processing information about schoolchildren – that they process that information with high levels of security.
Fifth, the transparency of the information processing for student information needs to be improved for families. Families need to be able to have an effective notice when their child’s information is being collected, when it’s being used, and who’s gaining access to it. And currently, in FERPA, there’s no equivalent to what we see in the Fair Credit Reporting Act that enables families to see and gain access to all of the kinds of data that is being processed about their children and that’s being used to affect their children’s education.
Sixth, FERPA does not have an effective remedy. Under the current statute, the only remedy is a complete withdrawal of all federal funds for education. It’s a nuclear option that has never been exercised by the Department of Education. So it will be very important that any modernization include a graduated set of remedies so that there will be different levels that can be applied for more significant or less significant violations.
The House Education & Workforce Committee recently held a hearing on FERPA reform, and Professor Reidenberg testified before the Committee.
Joel Reidenberg: Congress and the White House are very interested in addressing these privacy issues. Both political parties want to strengthen student privacy. At the moment there are several draft bills circulating in Congress, so I think we can expect formal proposals both in the House and in the Senate. At that point, Congress is likely to advance something through the legislative process. I think this will be critical for schools to be able to assure effective and innovative education in the era of cloud computing.
For helpful information about education and children’s privacy — and a host of other information policy issues — visit CLIP’s web site.