Privacy of Student Records, Section 6 summary
Releasing Information Outside
A. Types of Information
B. Release of Directory Information
Non-personally identifiable data do not reveal
specific information about an individual. Release of this type of data
is generally allowed.
Personally identifiable data are those that
contain information that would make the student's identity and any related
information about him or her easily recognized. Release of this type of
data is subject to established policy in the school district, as well as
state and federal laws.
C. Release with Prior Consent
State and local laws may specify what types
of information are considered directory information, which may be released
without prior consent. However, parents must be informed of what is considered
directory information and given the opportunity to withhold its release.
D. Release without Prior
Non-directory information can be released
with written consent from the parent. The consent should specify the information
that may be released, the purpose of the release, and the recipient.
E. Release to Researchers
Personally identifiable information may be
released as authorized in established policies and federal or state law
Examples of those to whom information from
education records may be released without seeking consent from parents
include authorized representatives from state and local education agencies,
the juvenile justice system, and health or safety personnel in case of
Information about a student's eligibility
for free and reduced-price school meals may be released only as authorized
under the NSLA and its regulations.
F. Release to Other Service
Requests from researchers should be handled
case-by-case. You should establish a set of criteria, application procedures,
and written guidelines for making the decision.
G. Review Prior to Release
Agencies are developing strategies which establish
the kinds of privacy standards and procedures that would ensure the confidentiality
of information while allowing restricted use of information for specific
and pre-approved purposes.
Interagency sharing of information from students'
education records generally requires a signed release by parents or eligible
students, regardless of whether the records originate in schools, health
centers, and employment or social service agencies.
H. Avoiding Misuse of Information
by Non-Intended or Secondary Users
As a final security control, a designated
official could review the compiled data and verify that local procedures
have been followed, before approving the release.
I. Document the Release
Recipients should be required to sign an affidavit
that they will not release any personally identifiable information received.
J. Ensure the Security of
Data in Electronic Transmission
It is important for you to document data releases
whether or not prior consent was required. This information should remain
in the record as long as you maintain the record.
[Section 6 full text]
You should establish policies to cover instances
in which information may be released through electronic means. You can
use a variety of methods safeguard the data, including encryption and passwords,
and careful logging of a transfer.
For questions about the content of this product, please contact