Family Educational Rights and Privacy Act

Last updated
FERPA
Great Seal of the United States (obverse).svg
Long titleFamily Educational Rights and Privacy Act
Citations
Statutes at Large 20 U.S.C.   § 1232g
Legislative history
  • Introduced in the Senate by James L. Buckley (C-RNY)
  • Passed the House on January 3, 1973 
  • Passed the Senate on February 21, 1974 
  • Signed into law by President Gerald Ford on August 21, 1974
Major amendments
USA Patriot Act
United States Supreme Court cases

The Family Educational Rights and Privacy Act of 1974 (FERPA or the Buckley Amendment) is a United States federal law that governs the access to educational information and records by public entities such as potential employers, publicly funded educational institutions, and foreign governments. [1] The act is also referred to as the Buckley Amendment, for one of its proponents, Senator James L. Buckley of New York. [2]

Contents

FERPA is a U.S. federal law that regulates access and disclosure of student education records. It grants parents access to their child's records, allows amendments, and controls disclosure. After a student turns 18, their consent is generally required for disclosure. The law applies to institutions receiving U.S. Department of Education funds and provides privacy rights to students 18 years or older, or those in post-secondary institutions. Disclosure is permitted to parents of dependent students, and medical records are usually protected under FERPA rather than HIPAA. The law has faced criticism for concealing non-educational public records.

Overview

FERPA gives parents access to their child's education records, an opportunity to seek to have the records amended, and some control over the disclosure of information from the records. With several exceptions, schools must have a student's consent prior to the disclosure of education records after that student is 18 years old. The law applies only to educational agencies and institutions that receive funds under a program administered by the U.S. Department of Education. [3]

Other regulations under this Act, effective starting January 3, 2012, allow for greater disclosures of personal and directory student identifying information and regulate disclosure of student IDs and e-mail addresses. [4] For example, schools may provide external companies with a student's personally identifiable information without the student's consent. [4] Conversely, tying student directory information [5] to other information may result in a violation, as the combination creates an education record. [6] [7]

Examples of situations affected by FERPA include school employees divulging information to anyone other than the student about the student's grades or behavior, and school work posted on a bulletin board with a grade. Generally, schools must have written permission from the parent or eligible student in order to release any information from a student's education record.

This privacy policy also governs how state agencies transmit testing data to federal agencies, such as the Education Data Exchange Network.

This U.S. federal law also gave students 18 years of age or older, or students of any age if enrolled in any post-secondary educational institution, the right of privacy regarding grades, enrollment, and even billing information unless the school has specific permission from the student to share that specific type of information.

FERPA also permits a school to disclose personally identifiable information from education records of an "eligible student" (a student age 18 or older or enrolled in a postsecondary institution at any age) to his or her parents if the student is a dependent "student" as that term is defined in Section 152 of the Internal Revenue Code. Generally, if either parent has claimed the student as a dependent on the parent's most recent U.S. Federal income tax return, the school may non-consensually disclose the student's education records to both parents. [8]

The law allowed students who apply to an educational institution such as graduate school permission to view recommendations submitted by others as part of the application. On standard application forms, students are given the option to waive this right.

FERPA specifically excludes employees of an educational institution if they are not students.

FERPA is now a guide to communicating higher education issues and privacy issues that include sexual assault and campus safety. [9] It provides a framework on addressing needs of certain populations in higher education. [9]

Access to public records

The citing of FERPA to conceal public records that are not "educational" in nature has been widely criticized, including criticism by the Act's primary Senate sponsor. [10] For example, in the Owasso Independent School District v. Falvo case, an important part of the debate was determining the relationship between peer-grading and "education records" as defined in FERPA. The plaintiffs argued "that allowing students to score each other's tests [...] as the teachers explain the correct answers to the entire class [...] embarrassed [...] children", but they lost in a summary judgment by the district court. The Court of Appeals, ruled that students placing grades on the work of other students made such work into an "education record." Thus, peer-grading was determined as a violation of FERPA privacy policies because students had access to other students' academic performance without full consent. [11] However, on appeal to the Supreme Court, it was unanimously ruled that peer-grading was not a violation of FERPA. This is because a grade written on a student's work does not become an "education record" until the teacher writes the final grade into a grade book. [12]

Student medical records

Legal experts have debated the issue of whether student medical records (e.g. records of therapy sessions with a therapist at an on-campus counseling center) might be released to the school administration under certain triggering events, such as when a student sues his or her college or university. [13] [14]

Usually, student medical treatment records will remain under the protection of FERPA, not the Health Insurance Portability and Accountability Act (HIPAA). This is due to the "FERPA Exception" written within HIPAA. [15]

See also

Related Research Articles

<span class="mw-page-title-main">United States Department of Education</span> U.S. federal government department

The United States Department of Education is a cabinet-level department of the United States government. It began operating on May 4, 1980, having been created after the Department of Health, Education, and Welfare was split into the Department of Education and the Department of Health and Human Services by the Department of Education Organization Act, which President Jimmy Carter signed into law on October 17, 1979.

Medical privacy, or health privacy, is the practice of maintaining the security and confidentiality of patient records. It involves both the conversational discretion of health care providers and the security of medical records. The terms can also refer to the physical privacy of patients from other patients and providers while in a medical facility, and to modesty in medical settings. Modern concerns include the degree of disclosure to insurance companies, employers, and other third parties. The advent of electronic medical records (EMR) and patient care management systems (PCMS) have raised new concerns about privacy, balanced with efforts to reduce duplication of services and medical errors.

<span class="mw-page-title-main">Health Insurance Portability and Accountability Act</span> United States federal law concerning health information

The Health Insurance Portability and Accountability Act of 1996 is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1996. It aimed to alter the transfer of healthcare information, stipulated the guidelines by which personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and addressed some limitations on healthcare insurance coverage. It generally prohibits healthcare providers and businesses called covered entities from disclosing protected information to anyone other than a patient and the patient's authorized representatives without their consent. The bill does not restrict patients from receiving information about themselves. Furthermore, it does not prohibit patients from voluntarily sharing their health information however they choose, nor does it require confidentiality where a patient discloses medical information to family members, friends or other individuals not employees of a covered entity.

<span class="mw-page-title-main">Privacy laws of the United States</span>

Privacy laws of the United States deal with several different legal concepts. One is the invasion of privacy, a tort based in common law allowing an aggrieved party to bring a lawsuit against an individual who unlawfully intrudes into their private affairs, discloses their private information, publicizes them in a false light, or appropriates their name for personal gain.

A privacy policy is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Personal information can be anything that can be used to identify an individual, not limited to the person's name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services. In the case of a business, it is often a statement that declares a party's policy on how it collects, stores, and releases personal information it collects. It informs the client what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises. Privacy policies typically represent a broader, more generalized treatment, as opposed to data use statements, which tend to be more detailed and specific.

<span class="mw-page-title-main">Individuals with Disabilities Education Act</span> United States law

The Individuals with Disabilities Education Act (IDEA) is a piece of American legislation that ensures students with a disability are provided with a Free Appropriate Public Education (FAPE) that is tailored to their individual needs. IDEA was previously known as the Education for All Handicapped Children Act (EHA) from 1975 to 1990. In 1990, the United States Congress reauthorized EHA and changed the title to IDEA. Overall, the goal of IDEA is to provide children with disabilities the same opportunity for education as those students who do not have a disability.

<span class="mw-page-title-main">Clery Act</span> 1990 US federal law

The Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act or Clery Act, signed in 1990, is a federal statute codified at 20 U.S.C. § 1092(f), with implementing regulations in the U.S. Code of Federal Regulations at 34 CFR 668.46.

Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data. This includes usually the right to get details on which data is stored, for what purpose and to request the deletion in case the purpose is not given anymore.

Title V: Removing obstacles to investigating terrorism is the fifth of ten titles which comprise the USA PATRIOT Act, an anti-terrorism bill passed in the United States after the September 11, 2001 attacks. It contains 8 sections regarding the capture and prosecution of terrorists.

Privacy law is a set of regulations that govern the collection, storage, and utilization of personal information from healthcare, governments, companies, public or private entities, or individuals.

Gonzaga University v. Doe, 536 U.S. 273 (2002), was a case in which the Supreme Court of the United States ruled that the Family Educational Rights and Privacy Act of 1974, which prohibits the federal government from funding educational institutions that release education records to unauthorized persons, does not create a right which is enforceable under 42 U.S.C. § 1983.

Owasso Independent School District v. Falvo, 534 U.S. 426 (2002), was a case in which the United States Supreme Court held in favor of Owasso Independent School District that students scoring each other's tests and calling out the grades do not violate the Family Educational Rights and Privacy Act of 1974 (FERPA). Justice Kennedy wrote the opinion of the court. Justice Scalia wrote a concurring opinion in which he agreed with the ruling but took issue with parts of Kennedy's opinion. The case originated in the District Court of and for Tulsa County, Oklahoma, where the court ruled in Owasso's favor. Falvo appealed to the United States District Court for the Northern District of Oklahoma, where they overturned the district judge's decision and ruled in favor of Falvo. It was then appealed to the United States Court of Appeals for the 10th Circuit, where they partially reversed the lower court's judgment and partially affirmed it. They affirmed in regards to the 14th Amendment complaint, but reversed on the FERPA claim, stating that the peer grading act did violate the terms of FERPA. The school board then appealed this to the Supreme Court of the United States, where it was heard on November 27, 2001, and decided on February 19, 2002.

A noncustodial parent is a parent who does not have physical custody of his or her minor child as the result of a court order. When the child lives with only one parent, in a sole custody arrangement, then the parent with which the child lives is the custodial parent while the other parent is the non-custodial parent. The non-custodial parent may have contact or visitation rights. In a shared parenting arrangement, where the child lives an equal or approximately equal amount of time with the mother and father, both are custodial parents and neither is a non-custodial parent.

On the subject of liability and student records in the United States there are various pieces of legislation at the local, state, and federal level that dictate the legal liability of any organizations or persons handling student data in an educational context. This article discusses that in the scope of the United States, and in the scope of educational institutions and their proxies in the handling of student data for children under 19.

<span class="mw-page-title-main">Owasso High School</span> School in Owasso, Oklahoma, United States

Owasso High School is a high school located within Tulsa County in Owasso, Oklahoma, United States. It is among the largest high schools in Oklahoma by enrollment with nearly 3,000 students. In 2024, the school received international attention following the death of Nex Benedict.

Privacy in education refers to the broad area of ideologies, practices, and legislation that involve the privacy rights of individuals in the education system. Concepts that are commonly associated with privacy in education include the expectation of privacy, the Family Educational Rights and Privacy Act (FERPA), the Fourth Amendment, and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Most privacy in education concerns relate to the protection of student data and the privacy of medical records. Many scholars are engaging in an academic discussion that covers the scope of students’ privacy rights, from student in K-12 and even higher education, and the management of student data in an age of rapid access and dissemination of information.

The campus privacy officer (CPO) is a position within a post-secondary university that ensures that student, faculty, and parent privacy is maintained. The CPO role was created because of growing privacy concerns across college campuses. The responsibilities of the CPO vary depending on the specific needs of the campus community. Their daily tasks may include drafting new privacy policies for their respective college campus, creating a curriculum that informs teachers and students about privacy, helping to investigate any privacy breaches within the university, and ensuring that the university is abiding by current state and federal privacy laws. CPOs are also responsible for connecting with student and faculty groups across the entire campus in order to understand the privacy concerns of the campus. The role of CPO is an expanding profession within the United States and other countries, such as Canada and South Africa. There are numerous organizations that exist to provide training for CPOs and support them.

Owasso Public Schools is a school district that serves Owasso, Oklahoma. The district consists of 13 academic campuses, including Owasso High School. As of 2024, the district has 9,800 students enrolled The superintendent of the district is Dr. Margaret Coates. The district is known for its involvement in Owasso Independent School District v. Falvo, a case that reached the US Supreme Court.

The federal government of the United States has limited authority to act on education, and education policy serves to support the education systems of state and local governments through funding and regulation of elementary, secondary, and post-secondary education. The Department of Education serves as the primary government organization responsible for enacting federal education policy in the United States.

Student rights in United States higher education are accorded by bills or laws and executive presidential orders. These have been proceduralized by the courts to varying degrees. The U.S. does not have a legally binding national student bill of rights and students rely on institutions to voluntarily provide this information. While some colleges are posting their own student bills, there is no legal requirement that they do so and no requirement that they post all legal rights.

References

  1. Codified at 20 U.S.C.   § 1232g, with implementing regulations in title 34, part 99 of the Code of Federal Regulations
  2. "Legislative History of Major FERPA Provisions". U.S. Department of Education.
  3. "FERPA for Students". www2.ed.gov. 2015-06-26. Retrieved 2020-11-14.
  4. 1 2 Mendelsohn, Stephen A. (2 January 2012). "U.S. Department of Education Amends its FERPA Regulations to Allow for Certain Additional Student Disclosures". The National Law Review . Retrieved 9 March 2014.
  5. "What is "Directory Information"?". US Department of Education. 26 June 2015. Archived from the original on 2 July 2019. Retrieved 26 February 2020. – [...] Typically, "directory information" includes information such as name, address, telephone listing, date and place of birth, participation in officially recognized activities and sports, and dates of attendance. A school may disclose "directory information" to third parties without consent if [...]. ( 34 CFR 99.37 .)
  6. "FERPA Tutorial - Directory Information|When is Directory Information Not Really Directory Information?". Office of The University Registrar - Pennsylvania State University . Retrieved 26 February 2020. It is important to also understand the concept of "implicit disclosure." An implicit disclosure may occur when a list consists only of directory information but the list itself by definition reveals non-directory information. For example, a list of names and email addresses of all students who have a particular grade-point average reveals the students' GPAs. Likewise, a class list containing names and email addresses of the students reveals class enrollments. Since neither grade-point average nor class enrollment are directory items, releasing these lists without prior consent of the students constitutes a FERPA violation.
  7. "What is an education record? | Protecting Student Privacy". studentprivacy.ed.gov. US Department of Education. Archived from the original on 25 December 2018. Retrieved 26 February 2020 via studentprivacy.ed.gov/frequently-asked-questions. [...]records include but are not limited to grades, transcripts, class lists, student course schedules, health records (at the K-12 level), student financial information (at the post secondary level), and student discipline files. [...]
  8. FERPA General Guidance for Parents, U.S. Department of Education, http://www2.ed.gov/policy/gen/guid/fpco/ferpa/parents.html
  9. 1 2 Fuller, Matthew (June 2017). "An Update on the Family Educational Rights and Privacy Act". New Directions for Institutional Research. 2016 (172): 25–36. doi:10.1002/ir.20201. ISSN   0271-0579.
  10. Jill Riepenhoff & Todd Jones, "Secrecy 101," The Columbus Dispatch, Dec. 17, 2010, http://www.dispatch.com/content/stories/local/2010/10/14/secrecy-redirect.html
  11. Dinger, Daniel. "Johnny saw my test score, so I'm suing my teacher: Falvo v. Owasso Independent School District, peer grading, and a student's right to privacy under the Family Education Rights and Privacy Act". Journal of Law & Education. 30: 575–626.
  12. "Owasso Independent School District No. I-011 v. Falvo". – [...]assuming a teacher's grade book is an education record, grades on students' papers are not covered by the Act at least until the teacher has recorded them. 534 U.S. 426 (2002)
  13. Mangan, Katherine (March 5, 2015). "Just How Private Are College Students' Campus Counseling Records?". The Chronicle of Higher Education . Retrieved 17 March 2015.
  14. Pryal, Katie Rose Guest (March 2, 2015). "Raped on Campus? Don't Trust Your College to Do the Right Thing". The Chronicle of Higher Education .
  15. Rowe, Linda (2005). "What Judicial Officers Need to Know about the HIPAA Privacy Rule". NASPA Journal. 42 (4): 498–512. doi:10.2202/0027-6014.1537. ProQuest   62084860.