Education Department’s FERPA guidance: “In case of emergency, use your common sense”

Following deadly shooting incidents in which colleges in Virginia and Arizona may have held back from sharing life-saving information with law enforcement for fear of violating students’ privacy rights, the U.S. Department of Education is instructing colleges that they need not slavishly obey federal privacy law in public-safety emergencies.

The Department’s new June 2011 guidance, “Addressing Emergencies on Campus,” follows the April 2007 mass shooting at Virginia Tech, and the January 2011 shootings in Tucson that claimed the life of a federal judge and nearly killed U.S. Rep. Gabrielle Giffords. In each case, the culprit was a current (or recently expelled) college student whose school had identified the student’s erratic and violent tendencies but refrained from alerting off-campus police agencies.

The Family Education Rights and Privacy Act (FERPA) requires schools and colleges to enact and enforce policies to keep student records confidential. In practice, FERPA has morphed into what one judge mockingly referred to as “an invisible cloak” that institutions try to drape over every scrap of information, even if the document is not truly private and there is strong public interest in disclosure.

But the DOE’s FERPA regulations expressly provide that otherwise-confidential data can be released in case of a health or safety emergency. It is that exception — which likely would have protected officials at Pima Community College had they taken more aggressive action to sound the alarm about Jared Loughner’s disturbing behavior — that the Department is attempting to highlight and reinforce.

Two elements of the new DOE guidance are especially important to emphasize, because they deflate misperceptions about FERPA that often obstruct journalists and parents in their quest for information.

  • First, and very importantly, the DOE reemphasizes that FERPA is about the confidentiality of records, not the confidentiality of information, and the two are very different:

FERPA does not prohibit a school official from disclosing information about a student that is obtained through the school official’s personal knowledge or observation and not from the student’s education records. For example, if a teacher overhears a student making threatening remarks to other students, FERPA does not protect that information from disclosure.

This is a significant, common-sense narrowing of the way in which many schools misapply FERPA. For example, students at a Minnesota high school attempting to write about the murder arrest of one of their former classmates told the SPLC that they were barred on FERPA grounds from interviewing teachers about their memories of the teen, even memories unrelated to his academic performance. This is, under the DOE’s interpretation, a clear misuse of FERPA.

  • Second, the FERPA exception for police records — which allows disclosure of records created or maintained for law enforcement purposes — is a much broader exception than many institutions realize. It applies even to “campus security” units whose only function is to report suspected crimes to the city police department:

[S]chools that do not have specific law enforcement units may designate a particular office or school official to be responsible for referring potential or alleged violations of law to local police authorities. Some smaller school districts and colleges employ off-duty police officers to serve as school security officers. Investigative reports and other records created and maintained by these law enforcement units are not considered ‘education records’ subject to FERPA.

In other words, if a school official creates memos, notes or logs about suspected crimes for purposes of notifying the police — even if that official has no police powers — the records are not FERPA records and, if they fall within the state public-records act, they must be disclosed.

You can read the entire guidance memo at this link.