Student-privacy laws complicate schools’ ability to prevent attacks
Via: The Seattle Times
This story continues the myths surrounding state and federal student records privacy laws. Persistent misperceptions exist about the role of FERPA in the safe schools movement. This need not be. Every educator needs to understand FERPA and its impact on interagency collaboration—especially after Columbine. It is still true that FERPA remains focused on what Congress in 1974 saw as growing evidence of abuse of access to student records. Attracting specific concern were incidents of access to student records without parental notice or consent, lack of a consistent system for governing access to records by other agencies, and failure to disclose disciplinary information to parents. It is equally clear that FERPA provides a strict framework to deter abusive practices by conditioning the availability of federal funds to schools that comply with its regulations.
However, both Congress and the courts have clarified what constitutes a violation of FERPA’s privacy provisions. Congress has refined a list of the circumstances when disclosure is permitted without prior written consent. It includes disclosures that are made:
• To comply with a judicial order or lawfully issued subpoena, 34 CFR 99.31(a)(9);
• In connection with a health or safety emergency, 34 CFR 99.31(a)(10);
• To provide “directory information” (student name, address, date of birth, dates of attendance, etc.), 34 CFR 99.37;
• To state and local officials in compliance with a state statute that requires or authorizes information sharing, 34 CFR 99.31(a)(5), 99.38;
• To provide information from the school’s law enforcement unit records file that is usually maintained by the SRO, 34 CFR 99.3, 99.8;
• To other school officials, including teachers, within the school or school district, 34 CFR 99.31(a)(1);
• To officials of another school, school system, or postsecondary institution where the student seeks or intends to enroll, 34 CFR 99.34; and
• To teachers and school officials in other schools when the information concerns disciplinary action taken against the student for conduct, 34 CFR 99.36.
A majority of States now permit or require school officials to share information when it is in the best interests of campus safety and child protection. It is not a matter of whether educators can share. Instead it is a matter of when, to whom, and under what circumstances. FERPA is simply not the impediment most think it to be.
As to HIPAA, it is difficult to conceive of a school district to which its privacy regulations apply. It simply does not control the question of records dissemination policies. See Joint Guidance on the Application of (FERPA) and (HIPAA) to Student Health Records.