Compliance Management, Privacy

Education Dept. proposes new privacy, data sharing rules

As part of a broad effort to better safeguard student privacy, the U.S. Department of Education (DoE) on Thursday proposed several clarifications to its Family Educational Rights and Privacy Act (FERPA) and hired its first-ever chief privacy officer.

The agency has proposed that enforcement provisions contained within FERPA, a federal law enacted in 1974 to protect the privacy of student education records, be strengthened to ensure anyone with access to them use the data only for authorized purposes.

In addition, the proposed changes would allow states to share data with other districts to measure the effectiveness of school programs.

“Data should only be shared with the right people for the right reasons,” U.S. Secretary of Education Arne Duncan, said in a news release. “We need common-sense rules that strengthen privacy protections and allow for meaningful uses of data. The initiatives announced today will help us do just that.”

Currently, FERPA applies to entities that enroll students, both in K-12 and higher education.

However, there has been confusion about whether agencies and service providers which do not enroll students, but have received permission to work with pupil data as part of research projects, should be held responsible for complying with the law. The newly proposed changes would extend the law to all entities with access to sensitive student data.

Educational data increasingly is being used to measure quality of learning among students, Donald Houde, an independent education technical consultant and former chief information technology officer at the Arizona Department of Education, told on Friday.

But the risk of information compromise has increased, he said. As a result, schools are now dealing with the challenge of “managing the risks versus utility."

The proposed FERPA changes are the first step toward fostering a meaningful discussion about how to balance the effective use of data while protecting privacy, Lyndsay Pinkus, director of federal policy initiatives at Data Quality Campaign, a Washington, D.C.-based nonprofit that seeks to improve student achievement.

“For too long, it has been positioned as either-or, and the regulations say we can do both,” she told on Friday. “No regulation is going to solve every problem, but we think these proposed regulations do a good job of providing state policymakers with clear instructions on how they can share data with appropriate individuals while also putting in place tighter provisions around privacy.”

Pinkus encouraged those from the data security and privacy communities to comment on the DoE's proposal. The department is seeking feedback through May 23.

Meanwhile, the DoE appointed a chief privacy officer, Kathleen Styles. She formerly worked at the U.S. Census Bureau as head of the Office of Analysts and Executive Support, where she managed tasks related to data confidentiality, acquisition, management and policy, the department said.

“She will head a new division dedicated to advancing the responsible stewardship, collection, use, maintenance and disclosure of information at the national level within the Education Department,” according to a statement.

In her new role, Styles will work with states and districts to implement privacy precautions, such as minimizing the collection of personal information.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.