Skip Navigation
Forum Guide to Protecting the Privacy of Student Information: State and Local Education Agencies

Section 6: Releasing Information Outside an Agency


Managers of education records at the state, local, or school level receive numerous requests for information. Requests could come from the news media, businesses, relatives, agency staff, law enforcement units, attorneys, private investigators, the governorís or legislatorsí offices, or researchers.

This section supplements section 2 of this document, which discusses the federal laws that govern the release of education records. Many states have laws or statutes that further restrict the release of these records. School, district, or state education agency staff should contact their agenciesí legal counsel or counsel assigned to their agency by the state attorney generalís office for legal opinions about confidentiality requirements and recommended procedures. This section outlines some general guidelines for deciding whether to release information.


  • Distinguish between different types of information and discuss the release procedures of each of them
  • Recommend ways to safeguard information that is released outside of the agency
  • Discuss the benefits and risks of sharing information with other agencies and suggest ways to ensure the privacy of individual records during the process
  • Discuss electronic options of transferring data in a secure way

Key Points

  • Personally identifiable data are those that contain information that would make the studentís identity easily recognized. Release of this type of data is subject to established policy in the school district, as well as state and federal laws.
  • State and local laws may specify what types of information are considered directory information, which may be released without prior consent. However, parents must be informed of what is considered directory information and given the opportunity to withhold its release.
  • Nondirectory information can be released with written consent from the parent. The consent should specify the information that may be released, the purpose of the release, and the recipient.
  • Examples of those to whom information from education records may be released without seeking consent from parents include authorized representatives from state and local education agencies, and health or safety personnel in case of an emergency.
  • Requests from researchers should be handled on a case-by-case basis. Schools or districts should establish a set of criteria, application procedures, and written guidelines for making the decision.
  • Many agencies are developing strategies that establish the kinds of privacy standards and procedures that would ensure the confidentiality of information while allowing restricted use of information for specific and pre-approved purposes.
  • Interagency sharing of information from studentsí education records generally requires a signed consent by parents or eligible students, regardless of whether the records originate in schools, health centers, or employment or social service agencies.
  • As a final security control, a designated official should review the compiled data and verify that local procedures have been followed before approving the release.
  • Recipients should be required to sign an affidavit that they will not release any personally identifiable information received.
  • It is important to document data release whether or not prior consent was required. This information should remain in the record as long as the record is maintained.
  • Agencies should establish policies to cover instances in which information may be released through electronic means. A variety of methods can be used to safeguard the data, including encryption and passwords, and careful logging of a transfer.