It is important that all students have access to a quality education. In order to achieve this goal, SEAs and LEAs must have the ability to disclose student data to evaluate the effectiveness of publicly-funded education programs – programs ranging from early childhood through adult education – to ensure that our limited public resources are invested wisely. The Department has amended the FERPA regulations to clarify the limited circumstances where SEAs and LEAs may disclose student information to assess the effectiveness of State and Federally-funded education programs – the audit and evaluation exception and the studies exception. (34 CFR §§ 99.31(a)(6) & 99.31(a)(3) and 99.35.)
We have highlighted examples in the list below of activities permitted under the new regulations. These examples are intended to be illustrative, not all-inclusive. We intend to issue a series of case studies to explain in more detail how SEAs and LEAs may comply with the new regulations. If you have other specific scenarios you think would be helpful for the Department to provide additional information on, please contact the Department’s Privacy Technical Assistance Center (PTAC) at PrivacyTA@ed.gov or Toll-Free Phone: 855.249.3072.
- An SEA is authorized to conduct studies for or on behalf of the LEAs in their State. An SEA could, for example, study comparative program outcomes across districts to assess what programs provide the best instruction, and then duplicate those instruction techniques in other districts. Consistent with the previous regulations, an SEA would need to enter into a written agreement with the research organization conducting the study.
- An SEA or LEA could evaluate the preparedness of its high school graduates for postsecondary education by designating the postsecondary institution as its authorized representative through a written agreement. The SEA/LEA could then obtain information such as remedial courses their graduates had to take in college, or how long their graduates persisted in college.
- State or Federally-funded early childhood education programs could obtain information on how well their students performed in kindergarten by designating an SEA or LEA as their authorized representative through a written agreement.
Protecting Student Privacy
It is important, however, that stewards of education data ensure that students’ personal information is properly safeguarded, is used only for legitimate purposes, and is used only when necessary. To help LEAs and SEAs understand their obligations to carry out these activities in a safe, FERPA-compliant way, the Department is publishing: “The Family Educational Rights and Privacy Act: Guidance for Reasonable Methods and Written Agreements.” This document, also included as Appendix A to the final regulations, details the specific requirements for written agreements under both the audit and evaluation exception and the studies exception. It also provides best practices for other provisions that could be included in agreements, such as enforceable sanctions permitted under civil law. SEAs and LEAs are required to use “reasonable methods” to ensure to the greatest extent practicable that authorized representatives are FERPA-compliant. The document describes best practices for reasonable methods.
Under the new regulations, the Department has stronger, more specific enforcement authority. SEAs and other entities (such as student loan guaranty agencies, student loan lenders or nonprofits) that receive Department funds and violate FERPA (regardless if they have students in attendance) are subject to Departmental enforcement. The type of enforcement action the Department may take will depend upon the circumstances behind the violation, and whether the violating entity receives Department funds. The preamble to the revised regulations provides additional details to clarify what types of enforcement actions are possible under various circumstances.
SEAs’ and LEAs’ responsibilities to appropriately protect student personal information extend beyond FERPA. In determining how the new regulations affect your school or district, it is also necessary to consult State and local laws and to consider the best practices for privacy, confidentiality, and data security.
Ensuring the Safety of Students
Changes to the Directory Information exception
As in the past, if an LEA or school has a policy of disclosing directory information, it must give public notice to parents and eligible students of the types of information designated as directory information, and give them the right to opt out. The Department encourages LEAs and schools to properly designate directory information, as these designations make it easier to engage in mundane activities such as publishing yearbooks or creating graduation programs.
The revised regulations permit LEAs and schools to adopt limited directory information policies that allow the disclosure of directory information to specific parties, for specific purposes, or both. It is up to individual LEAs and schools to decide whether to adopt limited directory information policies and how to implement them.
- The Department has also changed the directory information exception to make clear that parents and eligible students may not, by opting out of directory information, prevent an LEA or school from requiring a student to wear or present a student ID or badge. The Department is not requiring LEAs or schools to establish policies mandating that students wear badges; these are individual decisions that LEAs and schools should make taking into account local circumstances.
Providing Technical Assistance to SEAs and LEAs
We recognize that SEAs and LEAs will need guidance to comply with the new FERPA regulations. The Department’s Privacy Technical Assistance Center is available to SEAs and LEAs as the one-stop shop for technical assistance on the applicability of FERPA to State longitudinal data systems; how to use education data to assess program effectiveness, while protecting privacy and remaining FERPA-complaint; and various other best practices for data security and governance. PTAC coordinates all of its FERPA-related work with the Department’s Family Policy Compliance Office (FPCO) PrivacyTA@ed.gov or Toll-Free Phone: 855.249.3072. This allows those seeking assistance from the Department on FERPA to get the benefit of the technical expertise of our FERPA-experts, with the ease of contacting the one-stop shop. If you would like technical assistance on this area of the law, or more information about the best practices for privacy, confidentiality, and data security, please contact PTAC at or Toll-Free Phone: 855.249.3072
For more information about FERPA, please see the Family Policy Compliance Office website: www.ed.gov/fpco.
School Board policies and accompanying regulations pertinent to student records, School Board Policies 5-31and 5-66 and Regulations 5-31.1, 5-31.2, and 5-66.1, are available to interested persons at each school’s administrative office and library, the School Administration Building, and the school division’s website: vbschools.com/policies/policy5.asp.