The federal privacy regime governing student records is badly broken, perhaps beyond repair.
Schools and colleges don’t understand — or choose not to understand — where legitimate student privacy interests end and where the public’s interest in disclosure begins, and too often reject journalists’ valid information requests by raising bogus confidentiality claims. Even such documents as campus parking tickets commonly get branded as “confidential educational records,” as if registering for a college class gives people diplomatic immunity entitling them to secretly disobey laws.
There is ample blame to go around — and it starts with Congress and a botched statute, the Family Educational Rights and Privacy Act — but the U.S. Department of Education is in the best position to address schools’ gross over-compliance with the statute. The DOE has the sole authority to penalize FERPA violators who inadequately protect the confidentiality of students’ educational records. So the DOE’s definition of what is and isn’t an “educational record” is the one schools will obey.
This week, the Department announced that it will — for the second time in three years — issue regulations clarifying how FERPA is to be applied. That should be a positive development. The head of the office charged with interpreting FERPA, Paul Gammill, was ousted in February in a dispute with the Obama administration over his insistence on a literalist application of FERPA that the White House feared would scuttle data-collection efforts it considers essential to school reform.
But there is nothing in the Department’s preliminary public notice that gives any reason for optimism that the new rule will restore common sense to the privacy-run-amok regime that FERPA has become.
The notice indicates that a proposed rule will be circulated this summer, triggering a public-comment process that will take several months. It mentions only two topics that the new rule will address: (1) to “strengthen enforcement” of FERPA to cover additional recipients of student data, which sounds like a move toward greater secrecy rather than less, and (2) to clarify how states can use student data gathered under the 2009 federal stimulus bill without running afoul of FERPA.
Nothing gives any promise that DOE will use this opportunity to rein in the widespread abuse of FERPA to conceal non-confidential information, or to clarify that the theoretical penalty for violating FERPA — total loss of all federal education funding — will never be imposed to punish a school’s good-faith decision to honor a lawful open-records request, even if the decision turns out to be a mistake.
So let’s hope that the beep-beep-beep sound emanating from the Department is the sound of an alarm clock waking up asleep-at-the-wheel bureaucrats, and not the sound of a garbage truck backing up over us.
(And if you want to contact the DOE’s Office of Family Policy Compliance before it spits out another unbalanced FERPA interpretation, the agency’s contact information is here.)