|NUMBER 313||THE NEWSPAPER OF EDUCATION RIGHTS||FEBRUARY 2012|
|Privacy Law Gutted to Track Your Kids|
Would you mind if your state department of education and labor agency evaluated your son's academic record to see if he should be "encouraged" to leave high school early and go to trade school? How about if a state health agency looked at your daughter's health records to see how she responded to an STD and pregnancy prevention program? What if this information was also shared with federal agencies without your knowledge or consent?
Congress itself helped pave the way for the power grab when it passed the 2009 economic stimulus bill. The American Recovery and Reinvestment Act required states to beef up their longitudinal student data systems according to federally dictated standards if they wanted a piece of the stimulus pie, and gave states $250M to do so. Now, according to the sixth annual survey of the Data Quality Campaign, "without exception, every state in the country has robust longitudinal data that extend beyond test scores." (See the March 2010 issue of Education Reporter to learn about data tracked by some states, including family wealth indicators, student disciplinary records and some health information.)
So while there is no physical database housed and operated by federal agencies, those agencies now have ready access to data that the federal government requires the states to collect and maintain. That's how the Departments of Labor and Education could end up with your son's academic record and the Centers for Disease Control could end up with your daughter's health records. Parents need not grant permission or even be notified about these disclosures under the new rules.
The revised FERPA rules give the Department of Education and other federal, state, and local government agencies carte blanche to allow practically anyone to access personal student information for any reason, as long as the disclosure purports to support the evaluation of an "education" program. The new rules define "education program" very broadly and explicitly include bullying, substance abuse and violence prevention programs, as long as an educational agency or institution administers them.
Other programs such as dropout prevention and recovery programs, after-school programs designed to improve academic performance, college test tutoring, and high school equivalency programs are included "regardless of where or by whom they are administered." Persons who might be authorized to access data include contractors, consultants, volunteers and other outside parties who are conducting audit, evaluation or compliance activities on behalf of a government official or agency — in other words, pretty much anyone.
The regulations, effective since early January (which, ironically, is designated as Data Privacy Month), drew sharp criticism when they were first proposed last April. The American Association of College Registrars and Admissions Officers (AACRAO) called the proposed changes "a wholesale repudiation of fair information practices" that undermine "well-settled principles of notice, consent, access, participation, data minimization, and data retention."
The AACRAO also charged that the Department of Education lacks the legal authority to implement most of the "radical changes" proposed through this regulatory action, particularly since some of the changes "clearly conflict with congressional intent." The Department responded by claiming broad authority to make whatever regulation changes they deem necessary to "manage the functions of the Secretary [of Education] or the Department."
Rep. John Kline, Chairman of the U.S. House Committee on Education and the Workforce, expressed his objections in a letter back in May, requesting that Education Secretary Arne Duncan rescind the proposed regulations because they "violate Congressional intent" and constitute "an assault" on student privacy. In contrast to the bold language of Kline's protest letter, the Committee's response to the Education Department's ultimate regulatory power grab was muted. A spokeswoman said the Committee will be "monitoring the implementation of the new rule carefully" to determine whether the Department of Education is "taking appropriate steps to protect student privacy."
The Department received 274 comments from parents, privacy advocates, researchers, professional associations and various education representatives. In the end, they rejected almost all of the suggested changes, releasing the final regulations with very few substantive modifications. The changes they did incorporate generally loosened restrictions and further broadened access with the effect of reducing privacy protection.
Several commenters specifically expressed concern that the new rules create a "de facto nationwide database" of confidential student information. While Department officials acknowledged that states might choose to link their data systems with other states, they denied that such a system of interconnected databases would be national because the federal government "would not play a role in its operation."
McGroarty and Robbins protest that this denial is disingenuous since the Department would have access to data from all 50 states and could share it with whomever they choose. "Unless Congress steps in and reclaims its authority, student privacy and parental control over education will be relics of the past," concluded McGroarty and Robbins. (NYPost.com, 12-28-11)