Any organization creating, maintaining, using, or disseminating education records with personally identifiable data must assess the reliability of the information for its intended use and must take precautions to prevent misuse of data. When data are released to individuals or groups outside the agency, the recipients should be required to sign an affidavit stating that they will use the data in a way consistent with that described in their requests, and not to transfer or re-release the data to another individual or organization. Exhibit 6–5 contains a sample statement. Although school officials are not liable for a third party’s misuses of data, it is important to implement and follow proper procedures in good faith to protect the students and their families, as well as the agency or school.