Section Six

Managers of education records at the state, local, or school level receive numerous requests for information. Every day, they make decisions about releasing information. Requests come from the news media, businesses, relatives, agency staff, law enforcement units, attorneys, private investigators, the governors' or legislators' offices, or researchers.

This section supplements Section 2 of this document, which discusses the federal laws that govern the release of education records. Many states have laws or statutes that further restrict the release of these records. School, district, or state education agency staff should contact their agencies' legal counsel or counsel assigned to their agency by the state attorney general's office for legal opinions about confidentiality requirements and recommended procedures. This section outlines some general guidelines for deciding whether to release information.

COMMONLY ASKED QUESTIONS

Q. Who (other than parents) must a school official allow to see an education record of a student?

A. School officials are not required to allow anyone other than the parents to see the education records of a student; the exceptions are circumstances stipulated by federal or state laws such as governmentrequired audits, evaluations, or court orders. See Section 6, Guidelines D; see a detailed discussion of the federal statutes in Section 2, Guidelines B.

Q. Which public officials have access to education records without consent of a parent?

A. School officials and other identified categories of people with a "legitimate educational interest" in the information have access to education records without specific consent ofparents or eligible students. Policies defining officials who may receive information without prior consent must be accessible to parents for review. Among those officials are teachers and school officials associated with school entrance or transfer; state and local education officials who conduct audits or review records in compliance with federal laws; and court officials.

In some cases, which must be defined by local policy, third parties acting on behalf of schools may also have access to education records. Third parties generally include officials in state, local, and intermediate administrative units, researchers, psychologists, lawyers, or medical practitioners who work for or are under contract to schools.

Q. If a parent makes information about a student public, must school officials keep that piece of information confidential?

A. Yes, school officials should still keep the information private. See Section 6, Guidelines C.

Q. Must a school official release a student's record to a family lawyer?

A. A school official does not have to release a record of a student to his or her family lawyer unless there is a prior written consent from the parent. See Section 6, Guidelines D.

Q. What penalties apply to the misuse or improper disclosure of confidential information?

A. The penalty for non-compliance with the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA) can be withdrawal of U.S. Department of Education funds from the institution or agency that has violated the law. This applies to schools, school districts, and state education agencies. The Family Policy Compliance Office of the U.S. Department of Education, charged with reviewing and investigating complaints, seeks to promote voluntary compliance with the law. To date, findings of non-compliance have not resulted in such action.

A third party who improperly discloses personally identifiable information from student records can be prohibited from receiving access to records at the education agency or institution for at least five years. State laws on privacy may also apply penalties.

Q. What are the liabilities of a third party's misuses of education records?

A. School officials are not liable for misuses of data by a third party. However, it is important to implement and follow proper procedures in good faith to protect the agency or school as well as the students and their families. See Section 6, Guidelines G.

Q. Can student records be transmitted electronically, via the Internet and facsimile?

A. The law requires agencies to prevent the unauthorized release of personally identifiable information from education records. Thus, when student records are transmitted electronically, confidentiality must be protected both by the sender and receiver of information. Agencies must establish procedures for releasing information, and they mustcontinually train officials and clerical staff about their obligation to treat personally identifiable information confidentially.

Various experts in the application of FERPA and the uses of electronic data exchange consider facsimile machines to be less secure than the electronic transmission of records. If facsimile machines are to be used, the institutions involved with the exchange of student information must establish security procedures that meet the privacy obligations set out in FERPA. See Section 6, Guidelines I.

GUIDELINES

A. Types of Information Release

When a district or school staff member receives an information request, the first question he or she needs to consider is what type of information is being requested. Generally, information requests about one or more individuals can be categorized as non-personally identifiable information or personally identifiable information.

Non-personally identifiable data do not reveal specific information about a particular individual. They usually describe a group of persons (e.g., the aggregate number of students participating in extracurricular activities) without identifying any one student. Or, they consist of individual records stripped of any information that would make it possible to identify the person described.

Release of non-personally identifiable data is generally allowed. A district or school may determine how this type of information is released. However, it is advisable to designate appropriate officials within the agency to review the compiled data, making sure that no single individual can be identified by a combination of several pieces of nonpersonally identifiable information.

For instance, in reporting test scores for certain racial or ethnic groups in a school, if a school has only one student in a particular racial or ethnic group at a certain grade level, then that student's score could be made public by combining two separate pieces of information. It is important to be aware of the possibility of inadvertently disclosing personally identifiable information even when there is more than a single record in a category.

In planning and producing analyses and tabulations, the general rule is that there should be no cell (or category) published in which there are fewer than three respondents, or in which personal information could be obtained by subtraction or other simple mathematical manipulations. However, this should be adjusted based on the factors unique to the district or school, such as the size of the school or community population. You must also be careful not to allow information to be disclosed through subsequent cross tabulation of the same data with other variables.

Personally identifiable data may or may not identify a person directly, but contain information that would make students' identities and any related information about them easily recognized. This information is more sensitive than grouped information or summarized data and therefore requires more attention and care before release. Personally identifiable information, including the identifying data listed below, must be maintained in education records that are protected with appropriate security. It is important that state or local education agencies establish policies that define personally identifiable information and list specific examples. This will avoid confusionwhen actual information requests are handled.

Personally identifiable data include identifying data that directly associate with a person, such as the following:

A person's name
The name of the student's parent or other family members
The address of the student's parent or other family members
The telephone number of a person
A photograph of a person
An identifier, such as a person's social security number or an identification number assigned by the school
A list of personal characteristics (e.g., apparent disability, a birthmark, or race and ethnicity) that would make the person's identity easily traceable
Other information that would make the person's identity easily traceable

Some types of identifying data may be defined as part of the directory information in a district's education records policy. Staff should check with the policy for the proper release of this type of information. Section 6, Guidelines B discusses directory information and its proper release.

B. Release of Directory Information

If information requests are related to personally identifiable student information to be obtained from the education records, the first question you should ask is whether the request is for directory information as defined in the district's education records policies. Section 2 of this document contains definitions of education records and directory information, as well as federal regulations that relate to the release of this information.

Agency or school staff should refer to federal, state, and local laws and regulations about the types of data that may be released without consent of the parents. State and local laws may specify data items considered directory information. Section 2, Guidelines B includes the types of items that are typically considered directory information by local policies.

As required by FERPA, annual notification should be given to allow parents to request that all or portions of directory information not be released. Exhibit 6-1 contains a sample notification form. Upon receipt of an information request, district or school staff need to verify that there is an appropriate, prior consent to release that piece of information about the student(s).

C. Release with Prior Consent

When requested by a third party (e.g., from a relative, family lawyer, or a news reporter) for individual information not authorized by FERPA or other federal laws such as the National School Lunch Act (NSLA), the requester should be required to present written consent from the parent. If information requested from the record is not considered directory information but is personally identifiable, it can be released if the parent provides a written, signed, and dated consent document. The document must:

Specify the information that may be released
State the purpose of the release
Identify the individuals or entities to whom the release may be made

Staff processing the request should make sure that the consent is genuine and should be ready to contact the parent for verification if there is any question or doubt about its authenticity.

Unless otherwise allowed by federal or state law, or local policies, agency or school staff should not assume that if parents openly discuss information included in their child's education records, the parents are giving "implied" consent for staff to release that information. Written consent foragency or school release from the parent is required by FERPA.

D. Release without Prior Consent

Without prior written consent from the parent, personally identifiable information may be released to particular individuals or entities outside the agency or school. Such release must be allowed by an established policy. Agency or school staff should be familiar with federal and state laws as well as local policies established in this regard, and understand that they are not required to release information unless otherwise specified by these laws or policies, but are given the option to do so. Section 2 lists these outside individuals or entities to whom student records may be released. Examples of these individuals include designated, authorized representatives from state and local education agencies, the juvenile justice system, and health or safety personnel in case of an emergency. Exhibit 6-2 includes a form that an agency or school could use to monitor this type of release.

Within the agency or school, education records may be released and used by personnel who are considered to have a legitimate educational interest or need-to-know without prior written consent of the parent. Section 4 contains guidelines regarding this type of release. Examples of personnel who may have authorized access to the student records include research and evaluation directors and service providers or coordinators of special programs in which the students participate.

The NSLA allows the release of free and reduced-price school meal eligibility without consent of the parent for certain purposes. We discuss this issue in Section 2. Agencies or schools should establish written guidelines to permit such release.

E. Release to Researchers

In some cases, researchers who are not employed by the agency or school may be authorized to conduct data processing or research and evaluation studies through contractual arrangements. If these efforts are initiated by and performed on behalf of the agency or school, researchers may be considered school officials who have a legitimate educational interest. We discuss these situations in Section 4. However, researchers outside the agency or school often request individual information for their own research agendas. More often than not, the requested information includes more than one data item from the education records or student database. These requests should be handled case-by-case. Agency or school officials should establish criteria for considering such requests. These criteria may take into consideration the perceived benefits of the research, the potential invasion of students' privacy, the reputation of the requestor, or the availability of staff to monitor the process of the release and the research activities.

In general, the release of data to researchers outside the agency should be considered as a loan of data (i.e., recipients do not have ownership of the data). Agencies or schools could request that these data be returned or copies destroyed when the researchers complete their work.

Before considering these data requests, agencies should establish written guidelines and procedures to allow the on-site access or off-site loan of personally identifiable data by appropriate individuals or organizations. In 1993, the National Center for Education Statistics (NCES) of the U.S. Department of Education published a manual, called Field Restricted Use Data Procedures, to ensure the implementation of proper procedures before releasing any of its data sets. The following items, adapted from the NCES manual, could be included in an agency's policies and procedures regarding the loan of data:

Description of all the federal and state laws and regulations governing the access to thedata and penalties for violation
Procedures to request access to or loan of data and name of the official designated to handle the request
Criteria for accepting or denying requests
Minimum expected security requirements
Allowance for unannounced, unscheduled inspections of the data user's site
Other relevant requirements

Organizations that intend to obtain access to personally identifiable data could be required to submit a formal, written application on the organization letterhead including:

Type of data (with specific items listed) requested
Reasons for requesting the data
A description of how the data will be used and analyzed
A description of how analyses will be presented and reported
Name and titles of (1) the official(s) with the authority to bind the requesting organization to the agreement; (2) the official(s) in charge of the day-to-day operations involving the use of the data; and (3) the professional and support staff who conduct the research and analysis as well as those who may have access to the data
Estimated amount of time the data are needed
Desired medium of release (e.g., paper or media format)

In addition, the organizations requesting access or loan of data should submit a security plan addressing all applicable security procedures. These procedures may include:

Computer security--use and update passwords; implement log-on procedures with automatic security data access shut-down function; assign access security levels; integrate warning statements; prevent external access to any modems connected to the system while processing data on a computer; and use additional procedures to safeguard the data in networked environments. If a one-time complete backup copy of the data will be needed, the applicant should also explain the security procedures surrounding the backup copy of the data, including those backup copies that are created automatically while downloading.
Physical handling and storage of data--catalogue and storage with lock and key; minimal allowance and secured storage of printed copies; and additional restrictions on copying of data.
Transportation of data--ideally by a bonded courier and notice of confidentiality and restricted use.

Agencies must proceed with caution before releasing portions of databases containing individual education records. Under most cases, the release of database information with personally identifiable information is restricted by law. If a request is approved, agency or school staff should extract only the data approved for release and make sure they are non-personally identifiable. However, as mentioned earlier in this section, non-personally identifiable data may become potentially personally identifiable.

Before a data set is released across agencies or to researchers or research institutions, appropriate agreements must be signed to ensure that all records will remain private, the conditions of release and re-release are well defined and limited, and penalties for inappropriate records use or release of records are stated clearly. Individuals employed by the agencies who are authorized and who will have access to the individually identifiable information also could be required to sign an affidavit of non-release. Exhibit 6-3 contains a sample form.

In most cases, information indicating that an education record has been released must bedocumented in the record and retained there until the education record is destroyed.

F. Release to Other Service Agencies

There are increasing needs for education and other service agencies to develop coordinated data systems that enable them to more effectively and efficiently serve children and their families. Many agencies, such as education, health, social service, and labor agencies, are seeking means to facilitate the automatic accessibility of information from student records mainly for these purposes:

To facilitate agency program planning and evaluations of education programs
To protect the health and safety of students in schools
To increase the efficiency of services, especially supportive services for children and youth
To conduct evaluations of education programs and studies of workforce preparedness, and school-to-work links

Institutional sharing of information requires that agencies establish memoranda of understanding or legal agreements among agencies to confirm what and how data will be exchanged and used, and that they maintain records of what information has been shared and the authorization for sharing it. In addition, agencies must adequately train the staff who use the information and specify how they secure both electronic and paper files. The following examples are strategies for protecting the confidentiality of information used across agencies:

Agencies that collaborate for in-take procedures, direct service, or research explicitly spell out procedures for obtaining informed consent and define in advance what data will be shared, how they are used, and the means of ensuring privacy if they are released from the originating agency.
When research studies are to be conducted, information from several agencies can be analyzed within the education agency, following adequate privacy safeguards, so that no identifiable information is available to individual researchers or analysts.
Data are matched electronically so that personally identifiable information from several data sources is connected within the computer and not actually seen. In these cases, personal information is only used to produce aggregate results for groups and programs.

Cross-agency partnerships have been developing during the past decade. Although they are limited by some practical, political, technical, and regulatory barriers, service providers and policy analysts agree that the following benefits and efficiencies can be gained from sharing data for at least these three well-defined purposes:

Providing children with supportive services--Counselors and health services providers may need information about an individual's social, educational, and health status to diagnose a problem and develop and implement a treatment plan. Records kept in schools (e.g., attendance information, family background, and reports of academic and behavioral achievements or problems) can contribute critical information for case planning and management. Some information may help law enforcement officials locate youth involved in the juvenile justice system who may need assistance or who may be a danger to themselves or those around them.
Increasing access to social and educational service--Sometimes agencies need to seek or verify eligible program participants. Often there are children in schools whose families may not realize they are eligible for certain assistance (e.g., free or reducedprice lunch, health, or welfare services) that is available through school or community agencies. Records of several service agencies may need to be cross-checked to increase the efficiency of deciding whatservices are available and to ensure those services reach the individuals who need them.
Conducting policy planning and evaluation studies--Student records that are part of education agencies' administrative structures can inform statistical studies for improving management of services and evaluating outcomes. A start toward using integrated electronic records systems for management and outcomes evaluation is occurring in several states. In each instance, the states' legislatures have encouraged the development of integrated data systems to strengthen, evaluate, or manage integrated public services or to improve access to evaluation and planning information to support workforce development programs. The systems are emerging very slowly, typically following an investment in consensus-building procedures that include members of all contributing agencies in planning. No exchange of information occurs until appropriate memoranda of agreement are in place, along with procedures for obtaining the consent of participating individuals or verifying that such consents are unnecessary because no confidential or personally identifiable information is used at the individual case level.

Education agencies are finding new ways to support services integration for students while they meet their legal and ethical obligations to restrict the release of information from student records. One way this occurs is for agencies to guide data sharing with well-defined policies for gaining consent to use records across agencies at the time that records are initially established. In general, information about students can be released only with the signed consent of parents or eligible students who have been told, in language they understand, what information is to be used across agencies, why, and how that sharing will occur.

In any instance of data sharing, agencies must be especially careful to maintain a clear distinction between the data collected for research, evaluation, and regulatory purposes, and data collected for clinical uses. The protection of privacy and data accuracy are essential to any data coordination efforts. However, these protections do not have to be absolute barriers to data coordination. A first step to cross-agency coordination of services and policy analysis is to establish well-defined procedures that maintain distinctions between different types of data and their uses and ensure that education agency managers and staff who work with student records understand confidentiality restrictions and procedures for handling private, personally identifiable information. A thorough knowledge of the rationale behind federal, state, and local privacy laws and an understanding of what the laws allow and disallow, are the building blocks of widely sought interagency data coordination.

As cross-agency partnerships become established, many issues other than confidentiality requirements need to be addressed. As of the date of this publication, such efforts are either at the planning or early implementation stages. It is therefore premature to include best-practice guidelines consistent with the purposes of this document. The National Forum on Education Statistics will continue to work with state and local education agencies, exploring the issues and identifying effective practices of interagency data sharing in 1997. Results of this effort will be published in a separate document.

G. Review Prior to Release

As a final control, an appropriate official could review the compiled information or data for accuracy and to ensure they are within the scope approved for release. This official also may review the procedures to ensure compliance with all federal, state, and local statutes, rules, and regulations that apply to the release. Signatures of the appropriate and authorized persons should be required for every release.

H. Avoid Misuse of Information by Non-Intended or Secondary Users

Any organization creating, maintaining, using, or disseminating education records with personally identifiable data must assess the reliability of the information for its intended use and must take precautions to prevent misuse of the data. When data are released to individuals or groups outside the agency, the recipients should be required to sign an affidavit stating that they will use the data in a way consistent with that described in their requests, and not to transfer or re-release the data to another individual or organization. Exhibit 6-4 contains a sample statement. Although school officials are not liable for a third party's misuses of data, it is important to implement and follow proper procedures in good faith to protect the students and their families as well as the agency or school.

I. Document the Release

Agencies or schools should maintain records of access, retrieval, or release of records, including the names of persons retrieving records and the purposes for each release, and should maintain a list of personnel authorized to have access to the file. They should also maintain a record of user requests for data that have been denied or only partially fulfilled. Such information can be used for periodic reviews of agency confidentiality and data release policies.

Information about releases with or without prior consent of the parent should remain with the education record as long as the record is maintained. It is a good practice to document all access and release. However, it is not required if the request was made by, or release was made to:

The parent or eligible student
A school official who has been determined to have a legitimate educational interest
A requester with written consent from the parent or student
A requester seeking directory information only

J. Ensure the Security of Data in Electronic Transmission

Particular attention should be given to confidentiality when data are released through electronic means because of the increased potential for unauthorized access. For example, you cannot visually check the photo identification of a facsimile or electronic mail recipient. You must establish policies and procedures to address the issue of data forwarding via electronic means.

You should routinely embed various levels of encrypted codes into computerized databases. This will protect the confidentiality of the data as well as ensure the integrity and authenticity of the information. You should establish clear rules and procedures about who can send and who can receive and use data. In addition, you could specify the penalties for abuse or misuse of systems.

It is important for the electronic system to log the transfer of personally identifiable data in a security audit trail to account for releases of data by and to appropriate individuals. The use of electronic authentication programs can reassure the sending agency or school that the information has reached the appropriate recipient and that no changes to the contents have been made.

References

American Association of Collegiate Registrars and Admissions Officers. 1995. Guidelines for postsecondary institutions for implementation of the family educational rights and privacy act of 1974 as amended. Washington, DC: American Association of Collegiate Registrars and Admission Officers.

Council of Chief State School Officers (CCSSO). 1995. Interagency data systems for accountability: issue brief. Washington, DC: Author. (This document may be accessed online at: <http://www.ccsso.org/ibspr951.html> and <http://www.ccsso.org/ibspr952.html>.)

Hobbs, L.J. 1993. Second Edition. Tackling the confidentiality barrier: a practical guide for integrated family services. A special report for new beginnings. San Diego, CA: Department of Social Services, San Diego County, CA.

Morrill, W.A., and Marzke, C. 1996, June 6. Feasibility study for a national data coordination project: current efforts and lessons. Princeton, NJ: Mathtech, Inc.

National Forum on Education Statistics. 1994. Education data confidentiality: Two studies. Issues in education data confidentiality and access; and compilation of statutes, laws, and regulations related to the confidentiality of education data. Washington, DC: Government Printing Office.

National Center for Education Statistics. 1993. Field restricted use data procedures manual. Washington, DC: National Center for Education Statistics.

Panel on Confidentiality and Data Access [of the] Committee on National Statistics, Commission on Behavioral and Social Sciences and Education, National Research Council, and the Social Science Research Council. 1993. Private lives and public policies: Confidentiality and accessibility of government statistics. Washington, DC: National Academy Press.

For questions about the content of this product, please contact Lee M. Hoffman.