Guidelines presented in this document are based on information obtained from a variety of sources and represent the best practices currently used in the relevant subjects. These include published books and reports, as well as policies and procedures adopted at the national level. This 2004 edition highlights the changes in legal requirements made in the years following the first edition published in late 1997. For example, the No Child Left Behind (NCLB) Act of 2001 requires state education agencies to have a procedure in place to facilitate the transfer of disciplinary records, with respect to a suspension or expulsion, by a school district to any private or public school. The law also gives parents more rights with regard to the surveying of minor students, the collection of information from students for marketing purposes, and certain nonemergency medical examinations. The same law also allows the disclosure of directory-type information (students’ names, addresses, and telephone listings) to military recruiters. The Patriot Act of 2001 allows the U.S. government, via an ex parte court order, to collect and use education records relevant to investigations and prosecutions of specified crimes or acts of terrorism (domestic or international). These laws, and others that may affect a school, district, or state education agency’s handling of education records, are discussed in Section 2: Summary of Key Federal Laws.
While this document intends to sort out the very complex issues related to the privacy of student records, it is not a “one-size-fits-all” manual that provides direct and simple answers to all the questions. Users need to understand the issues presented in this document, but resolve them by developing policies and procedures pertinent to their state or district. This document is intended to provide guidance and references for this purpose.
This document will be most useful for staff in state and local education agencies who are responsible for maintaining student records. It will help them to understand the legal requirements, as well as implement proper management procedures and controls at the state or district level when they collect personally identifiable student information. Additionally, the document can help identify ways to ensure that data providers and users are informed of their rights and responsibilities when handling personally identifiable, as well as aggregate, data.
The document is divided into five remaining sections containing general guidelines and examples of effective practices, sample forms, and references to other sources.
Section 2 describes federal laws protecting the privacy of students that have implications for the maintenance and release of student data by state and local education agencies. Readers are encouraged to identify relevant state laws and local regulations that also apply.
Section 3 describes appropriate procedures for collecting individual information about students.
Section 4 describes the management controls and policies needed to maintain and use data within the agency or school. This section addresses the issue of assessing who in an agency or school has a “legitimate educational interest” in specific information about an individual student.
Section 5 pertains to procedures for providing access to a student’s education record by the eligible student or the parent.
Section 6 suggests procedures for handling external requests (made by the public, researchers, and other service professionals) to release information from individual student records.
Readers are encouraged to search for and include in this section their states’ laws or statutes that further govern the privacy of education records.
Other resources and tools that may help readers are provided. They include the following:
There are a number of URLs cited in this guide. Every effort has been made to verify their accuracy at the time of publication. If a URL is no longer working, try using the root directory to search for a page that may have moved.