Section Summary:
 
A. Types of Information Release

• Non-personally identifiable data do not reveal specific information about an individual. Release of this type of data is generally allowed.
• Personally identifiable data are those that contain information that would make the student's identity and any related information about him or her easily recognized. Release of this type of data is subject to established policy in the school district, as well as state and federal laws.

• State and local laws may specify what types of information are considered directory information, which may be released without prior consent. However, parents must be informed of what is considered directory information and given the opportunity to withhold its release.

• Non-directory information can be released with written consent from the parent. The consent should specify the information that may be released, the purpose of the release, and the recipient.

• Personally identifiable information may be released as authorized in established policies and federal or state law or regulations.
• Examples of those to whom information from education records may be released without seeking consent from parents include authorized representatives from state and local education agencies, the juvenile justice system, and health or safety personnel in case of an emergency.
• Information about a student's eligibility for free and reduced-price school meals may be released only as authorized under the NSLA and its regulations.

• Requests from researchers should be handled case-by-case. You should establish a set of criteria, application procedures, and written guidelines for making the decision.

• Agencies are developing strategies which establish the kinds of privacy standards and procedures that would ensure the confidentiality of information while allowing restricted use of information for specific and pre-approved purposes.
• Interagency sharing of information from students' education records generally requires a signed release by parents or eligible students, regardless of whether the records originate in schools, health centers, and employment or social service agencies.

• As a final security control, a designated official could review the compiled data and verify that local procedures have been followed, before approving the release.

• Recipients should be required to sign an affidavit that they will not release any personally identifiable information received.

• It is important for you to document data releases whether or not prior consent was required. This information should remain in the record as long as you maintain the record.

• You should establish policies to cover instances in which information may be released through electronic means. You can use a variety of methods safeguard the data, including encryption and passwords, and careful logging of a transfer.

 
For questions about the content of this product, please contact Lee M. Hoffman.