- Surveys & Programs
- Data & Tools
- Fast Facts
- News & Events
- Publications & Products
- About Us
- Preface
- Acknowledgments
- Task Force Members
- 1: An Overview
- 2: Summary of Key Federal Laws
- 3: Protecting the Privacy of Individuals During the Data Collection Process
- 4: Securing the Privacy of Data Maintained and Used Within an Agency
- 5: Providing Parents Access to Their Child's Records
- 6: Releasing Information Outside an Agency
- A. Types of Information Release
- B. Release of Directory Information
- C. Release With Prior Consent
- D. Release Without Prior Consent
- E. Release to Researchers
- F. Release to Other Service Agencies
- G. Review Prior to Release
- H. Avoid Misuse of Information by Nonintended or Secondary Users
- I. Document the Release
- J. Ensure the Security of Data in Electronic Transmission
- Commonly Asked Questions
- References
- List of Exhibits & Figures
- List of Acronyms
PDF & Related Info
Ghedam Bairu
Section 6: Releasing Information Outside an Agency
Overview
Managers of education records at the state, local, or school level receive numerous requests for information. Requests could come from the news media, businesses, relatives, agency staff, law enforcement units, attorneys, private investigators, the governor’s or legislators’ offices, or researchers.
This section supplements section 2 of this document, which discusses the federal laws that govern the release of education records. Many states have laws or statutes that further restrict the release of these records. School, district, or state education agency staff should contact their agencies’ legal counsel or counsel assigned to their agency by the state attorney general’s office for legal opinions about confidentiality requirements and recommended procedures. This section outlines some general guidelines for deciding whether to release information.
Goals
- Distinguish between different types of information and discuss the release procedures of each of them
- Recommend ways to safeguard information that is released outside of the agency
- Discuss the benefits and risks of sharing information with other agencies and suggest ways to ensure the privacy of individual records during the process
- Discuss electronic options of transferring data in a secure way
Key Points
- Personally identifiable data are those that contain information that would make the student’s identity easily recognized. Release of this type of data is subject to established policy in the school district, as well as state and federal laws.
- State and local laws may specify what types of information are considered directory information, which may be released without prior consent. However, parents must be informed of what is considered directory information and given the opportunity to withhold its release.
- Nondirectory information can be released with written consent from the parent. The consent should specify the information that may be released, the purpose of the release, and the recipient.
- Examples of those to whom information from education records may be released without seeking consent from parents include authorized representatives from state and local education agencies, and health or safety personnel in case of an emergency.
- Requests from researchers should be handled on a case-by-case basis. Schools or districts should establish a set of criteria, application procedures, and written guidelines for making the decision.
- Many agencies are developing strategies that establish the kinds of privacy standards and procedures that would ensure the confidentiality of information while allowing restricted use of information for specific and pre-approved purposes.
- Interagency sharing of information from students’ education records generally requires a signed consent by parents or eligible students, regardless of whether the records originate in schools, health centers, or employment or social service agencies.
- As a final security control, a designated official should review the compiled data and verify that local procedures have been followed before approving the release.
- Recipients should be required to sign an affidavit that they will not release any personally identifiable information received.
- It is important to document data release whether or not prior consent was required. This information should remain in the record as long as the record is maintained.
- Agencies should establish policies to cover instances in which information may be released through electronic means. A variety of methods can be used to safeguard the data, including encryption and passwords, and careful logging of a transfer.
