Privacy ≠ Confidentiality
Though often confused, there is a distinction between privacy and confidentiality. “Privacy refers to an individual’s right to withhold information, that is, not to divulge information to anyone else. Confidentiality refers to the handling of information that has been obtained by a second party.”
To reach their potential, LDSs must be used to collect, maintain, and make student- and staff-level data available
to a wide variety of audiences. Teachers, students, principals, legislators, researchers, postsecondary administrators,
and others can benefit from access to longitudinal data (see chapter 5 of Book One: What is an LDS?). However,
while these data can greatly enhance the ability to efficiently allocate resources and improve programs, instruction,
and achievement, the sensitivity of personally identifiable information and the need to protect it cannot be overstated.
Individual privacy must be safeguarded in compliance with federal and state laws and regulations; and unauthorized and unlawful access must be prevented. Procedures should therefore be developed to allow secure and appropriate data sharing with organizations and users throughout the education community and beyond. While there has been debate and uncertainty over how best to protect privacy without limiting research and data access, many states have demonstrated that an effective balance can be struck. This chapter provides a basic overview of issues and relevant laws about data protection.
Don’t take it from us!
|Information offered here on these federal laws should not be considered legally binding interpretations. Given the complex and dynamic nature of these laws, specific questions about student record confidentiality should be referred to the appropriate federal office (e.g., the Family Policy Compliance Office), or your agency’s legal or administrative agents. For additional resources on privacy issues, see Appendix C.|
Before reviewing the privacy laws of import, which data are affected should be clarified. These privacy laws put no restrictions on data sharing if all individually identifiable information is removed from the records. According to the FERPA regulations, “personally identifiable information” includes, but is not limited to, the following *:
|NCES has more detailed information...|
...about protecting education data:
|The Forum has more detailed information…|
...about FERPA and HIPPA::
Note: A revised Forum publication on privacy is being developed.
The Family Educational Rights and Privacy Act of 1974, commonly referred to as FERPA, is a federal law intended to protect the
privacy of student education records. The law applies to all education institutions that receive federal funding under programs
administered by the U.S. Department of Education.
FERPA has increasingly become an important issue in the education community, especially recently because of the emerging implications of LDS development and data sharing. As a result of the rapid advance of technology and the expansion in data collection and demand, a rising level of uncertainty has surrounded the law’s implementation. FERPA generally prohibits agencies from sharing personally identifiable information without written consent (though a number of exceptions are made), and many agencies have been reluctant to share data in some instances for fear of infringing on their students’ rights. While this hesitancy is often justifiable, in some cases agencies may be overly cautious and withhold information based on too strict an interpretation of the law. This roadblock to data access has been a continuing source of frustration for many potential users, primarily education researchers. And, it might be possible to use FERPA as an excuse not to release data that might portray the education system in an unfavorable light (Viadero 2006).
Written when most individual education records were maintained on paper at the local level, FERPA’s authors did not consider modern electronic records or statewide LDSs. To keep up with the evolution of technology and culture, the U.S. Department of Education has offered subsequent interpretations of FERPA, allowing the education community to progress while still honoring the law. In 2008, for example, a revised interpretation of FERPA was issued to clarify many of the ambiguities and remove some of the roadblocks that existed in previous regulations. Of major significance were expanded disclosure rights to state education agencies, effectively paving the way for easier access to statewide student-level data (previously, only districts were granted disclosure rights, a limitation that, among other concerns, hindered researchers seeking to compile significant samples of student data). Additionally, the new regulations refined guidance concerning disclosure of student information to parents, third parties, former schools, state auditors, and research institutions; recordation (recordkeeping for each disclosure); data sharing among K–16 education institutions; de-identification of shared records; and the use of Social Security numbers.
While the new regulations were intended, at least in part, to strike a balance between the protection of student privacy and the facilitation of valuable research, questions about the law remain. These uncertainties center primarily on the particulars of sharing P–12 data with researchers, postsecondary institutions, students’ former schools or districts, and other state agencies such as workforce and social service agencies (Education Counsel 2008). Further clarifications may be necessary to reconcile the law with the federal government’s goal of fostering the development and effective use of statewide, student-level LDSs.
The Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is intended to protect the confidentiality of individual health records. In general, elementary and secondary schools and districts are not subject to HIPAA, because even if they qualify as a “covered entity,” any health-related data they maintain are considered “education records” subject to FERPA. FERPA takes precedence even for records created by school nurses or other healthcare providers, if they are under the direct control of the school. Most schools and districts must comply with HIPAA only when they request medical records from an outside health care provider. Once those data are received from the outside health care provider and in the education institution’s possession, they are considered education records and become subject to FERPA. Private schools that do not receive funding from the U.S. Department of Education are the most common exception. In this case, any health-related data about students or others who receive health care services are considered “protected health information” and must be protected in compliance with HIPAA.
Records on students in special education programs are subject to the privacy requirements of the Individuals with Disabilities Education Act (IDEA). The IDEA requirements include many of the same protections provided by FERPA, with a few differences related to the handling of student records and several additional requirements. For instance, information on a student’s disability cannot be shared without parental consent. Institutions subject to both FERPA and IDEA must comply with the privacy provisions of both laws. Considerable overlap between the laws simplifies this task.
Data on students’ eligibility for free and reduced-price meals, and information obtained as part of the National School Lunch Program of the U.S. Department of Agriculture, are covered by confidentiality restrictions in the National School Lunch Act (NSLA). While also subject to FERPA, the privacy restrictions of the NSLA are stricter in two cases: free and reduced-price meal eligibility. The sharing of individually identifiable information obtained during the eligibility process is, with some exceptions, prohibited without parental consent. However, in some cases, eligibility and other information about the student’s household may be shared with select individuals and programs, such as some assessment programs (e.g., the National Assessment of Educational Progress). In most states, though, these data may be made available to users if all personally identifiable information has been removed.
Many states have established their own laws and policies that either mirror, or expand on, the basic guidelines
provided by federal laws. For instance, some states have issued laws dealing with areas within FERPA they considered
ambiguous. They may, for example, have defined authorized disclosures more specifically, established a process for
approving disclosures through written agreements, specified roles and responsibilities for protecting privacy, or
allowed the use of Social Security numbers as student identifiers. Other states have passed laws that explicitly
permit certain data sharing between the K–12 and postsecondary sectors, among state education agencies, or with
other state agencies such as workforce or social service agencies. On the other hand, some states have enacted
laws that are more stringent than the federal laws. For instance, they may prohibit data sharing that would be
permitted under the current interpretation of FERPA, such as disclosures from the state education agency to
districts receiving a transfer student, or to teachers about their students. To ensure a balance is struck,
states should review their existing privacy laws, regulations, and guidelines so that they will not inhibit
effective use of the student-level data they intend to make available through their LDS.
(Sources: DQC 2007, Hill 2008, and Nunn et al. 2006)