April 23, 2013 - If you have never heard of FERPA, you are not alone. It is actually the abbreviation for a 1974 law titled the Family Educational Rights and Privacy Act. Its main intent was to protect the privacy of student information and, according to its primary author, to prevent the government from sharing student data with government agencies that don't have a need for it or with outside third parties. But over the past two years, the Department of Education has implemented a new rule that appears to violate the law in a number of ways. The end result is that there are now a number of third parties that have access to student data and that large databases are now being accumulated with very little oversight. 

Tweet

When FERPA became law, its primary sponsor - Sen. James Buckley - laid out a wide variety of reasons that the law was needed. Based on his statements in the Congressional Record, he specifically wanted to prevent the linking of student academic information with other information that had nothing to do with education. Things such as information on health, familial status, records on behavior, family financial status and the student's personal value system. He also specified that the law would prevent the government from assembling large databases of student data that would be used to monitor students and which could be used to target individual students or their families for behavior or values modification.

Regardless of what FERPA says, or what its intent was, the Department of Education published a new rule in the Federal Register in 2011 that appears to violate the law in a number of ways. The rule allows data to be shared between government agencies that only have a tangential link to education, as well as with third parties with government contracts. The DOE and the Obama administration claim that the rule is in line with requirements in other laws, including the American Recovery and Reinvestment Act of 2009. The rule change has brought about a lawsuit by the Electronic Privacy Information Center (EPIC).

Unfortunately, even if EPIC wins its lawsuit, it may be impossible to stuff the genie back into the bottle. That's because a number of states have already started sharing student data with a nonprofit by the name of inBloom, Inc. - a company funded by the Gates Foundation. inBloom's database apparently includes student data from seven states and third party access is allowed according to an article by Valerie Straus of the Washington Post. And according to a Reuter's article, the inBloom database includes Social Security Numbers on many of the students included in it.

The new data sharing rules from the DOE went into effect more than a year ago. And the data that can now be shared is alarming in that much of it has nothing to do with education. It includes blood type, weight, family income, religious affiliation and even blood sugar levels. For the record, it is illegal to share health information without authorization under the 1996 Health Insurance Portability and Accountability Act (HIPAA). But FERPA supersedes HIPAA, providing a huge loophole in the law.

The ramifications of what the DOE is doing are many, and from what we can see, they are universally bad. They include enabling identity thieves who target children, and the release of other private information that could have life-long stigmatizing affects.

The federal government is attempting to have EPIC's lawsuit thrown out, claiming that they don't have standing to sue. You can read more about the history of the lawsuit on EPIC's website.

byJim Malmberg

Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.

Follow me on Twitter:

Follow ACCESS