Education Dept. proposes new privacy, data sharing rules

Share this article:
As part of a broad effort to better safeguard student privacy, the U.S. Department of Education (DoE) on Thursday proposed several clarifications to its Family Educational Rights and Privacy Act (FERPA) and hired its first-ever chief privacy officer.

The agency has proposed that enforcement provisions contained within FERPA, a federal law enacted in 1974 to protect the privacy of student education records, be strengthened to ensure anyone with access to them use the data only for authorized purposes.

In addition, the proposed changes would allow states to share data with other districts to measure the effectiveness of school programs.

“Data should only be shared with the right people for the right reasons,” U.S. Secretary of Education Arne Duncan, said in a news release. “We need common-sense rules that strengthen privacy protections and allow for meaningful uses of data. The initiatives announced today will help us do just that.”

Currently, FERPA applies to entities that enroll students, both in K-12 and higher education.

However, there has been confusion about whether agencies and service providers which do not enroll students, but have received permission to work with pupil data as part of research projects, should be held responsible for complying with the law. The newly proposed changes would extend the law to all entities with access to sensitive student data.

Educational data increasingly is being used to measure quality of learning among students, Donald Houde, an independent education technical consultant and former chief information technology officer at the Arizona Department of Education, told SCMagazineUS.com on Friday.

But the risk of information compromise has increased, he said. As a result, schools are now dealing with the challenge of “managing the risks versus utility."

The proposed FERPA changes are the first step toward fostering a meaningful discussion about how to balance the effective use of data while protecting privacy, Lyndsay Pinkus, director of federal policy initiatives at Data Quality Campaign, a Washington, D.C.-based nonprofit that seeks to improve student achievement.

“For too long, it has been positioned as either-or, and the regulations say we can do both,” she told SCMagazineUS.com on Friday. “No regulation is going to solve every problem, but we think these proposed regulations do a good job of providing state policymakers with clear instructions on how they can share data with appropriate individuals while also putting in place tighter provisions around privacy.”

Pinkus encouraged those from the data security and privacy communities to comment on the DoE's proposal. The department is seeking feedback through May 23.

Meanwhile, the DoE appointed a chief privacy officer, Kathleen Styles. She formerly worked at the U.S. Census Bureau as head of the Office of Analysts and Executive Support, where she managed tasks related to data confidentiality, acquisition, management and policy, the department said.

“She will head a new division dedicated to advancing the responsible stewardship, collection, use, maintenance and disclosure of information at the national level within the Education Department,” according to a statement.

In her new role, Styles will work with states and districts to implement privacy precautions, such as minimizing the collection of personal information.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.