Your academic records, privacy laws and FERPA regulations
I bet you haven’t thought much about the privacy of your academic records, but hey, who wants their grades available to anyone who wants to see them? Not me or you. Privacy laws, such as the ones enforced by Family Educational Rights and Privacy Act regulations, ensure that the information in your records is handled appropriately by colleges and universities and not viewed by those who don’t have authority. But with technology like cloud computing services, that information could be anywhere and seen by anyone. Here’s what you should know to protect your academic information.
Provisions of FERPA
Family Educational Rights and Privacy Act (FERPA) regulations were enacted in 1974 to protect the privacy of student academic records. There are other provisions included in the act:
- The law applies to schools that receive federal funds from the U.S. Department of Education.
- Parents (and students once they reach the age of 18) have the right to view their children’s academic records.
- Records may be corrected if they are inaccurate or misleading.
- Schools must have written permission from parents and over-18 students before disclosing those records to third parties.
There are numerous exceptions to that last provision. Schools may disclose information without permission, including:
- to schools where students are transferring,
- to officials for evaluation purposes,
- to comply with legal proceedings such as a subpoena,
- in cases of emergency or health and safety.
Risks involved in cloud computing
This all seems like common sense so far, but what happens when modern technology is added to the mix? Today, colleges and universities increasingly use cloud computing when they outsource the job of managing personal data. This saves the school time and money and gets administrative tasks done more efficiently. However, these outsourced destinations are sometimes to foreign countries that do not have laws protecting private information.
In one example, “a university medical center outsourced transcription of its medical records to a company in California, which then subcontracted with a person in Florida, who subcontracted with a person in Texas, who ultimately subcontracted with a person in Pakistan,” reported Daniel J. Solove of the Huffington Post in “Educational Institutions and Cloud Computing: A Roadmap of Responsibilities” on November 18, 2012. Unfortunately, FERPA regulations do not cover how and with whom schools can outsource cloud computing services.
FERPA involved in high-profile cases
FERPA regulations and compliance have been involved in recent cases:
- In the University of North Carolina at Chapel Hill’s alleged case of under-reporting sexual assault on campus, the school claims that “in accordance with… FERPA, we are unable to discuss the specifics of an Honor Court [student-run legal process] case or related allegations involving students,” representatives reported in “UNC Sex Assault Victim Faces Possible Expulsion for Speaking to Media,” February 25, 2013 in Campus Safety.
- The Iowa Supreme Court cited FERPA when it allowed the University of Iowa to withhold records on sexual assault on campus requested by a newspaper.
- The University of Virginia used FERPA to exonerate the editor of the student paper for revealing a student journalist who plagiarized.
Using FERPA as it was intended
Controversy arises when advocates of open government claim that colleges and universities are using FERPA to shield unfavorable internal operations from the public. In the case of the University of Alabama, the school incorrectly cited FERPA when it refused to release information related to the resignation of a Student Government Association president. However, the U.S. Department of Education (DOE) said FERPA is only intended to protect education records. “Universities have discretion in deciding whether or not records maintained by a student government are considered educational records protected by FERPA,” reporter Tray Smith explained, summing up the position of Jim Bradshaw, a spokesman for DOE, in October 6, 2011 article “FERPA overused, law’s author says” for The Crimson White. In this case the university was subject to Alabama public records law, not FERPA.
Are you concerned that your academic records might be seen by unauthorized personnel?