Best Practices for the Release of Data Under FERPA During School Emergencies

"A delicate balance exists between privacy and security in schools," a recent federal report on school safety noted. "On the one hand, there is the legal requirement to protect the privacy of student education records. On the other hand, it is critical to recognize that some education records may contain information that, if disclosed to appropriate officials, could help prevent students from harming themselves or others."

Finding the appropriate balance between disclosing information during a school emergency and adhering to the regulations of the Family Educational Rights and Privacy Act (FERPA) is the subject of a new two-page guide released by the Future of Privacy Forum (FPF). FPF is a nonprofit that advocates for privacy leadership and research in support of emerging technologies. According to the organization, the guidance is intended to help school personnel understand when and what to disclose. The goal is to be able to "distinguish between disclosures in response to specific, articulable threats and general school surveillance programs."

The guidance came out in response to the "Final Report of the Federal Commission on School Safety," which, FPF asserted, failed to address how to implement security measures while also including appropriate privacy protections. "For example," FPF noted, "the report recommends the use of 'appropriate systems to monitor social media and mechanisms for reporting cyberbullying incidents' but does not mention the privacy implications of such monitoring or appropriate privacy protections."

During the deliberative process, FPF testified about privacy issues and recommended better communication to stakeholders about current privacy laws [and] the importance of "creating 'privacy guardrails' in the context of school safety plans" and encouraged the Commission to develop specific guidance for schools on how to set up those guardrails.

"Unfortunately, the report offers little practical guidance to school officials on how to consider privacy safeguards as they implement programs to monitor threats, harden schools or train personnel," FPF said in a statement. "Privacy doesn't seem to have been a top concern for the Commission, even though its members heard testimony about ways to have both security and privacy."

As an example, FPF stated, the Commission's report advised the use of "appropriate systems to monitor social media and mechanisms for reporting cyberbullying incidents." It failed, however, to cover the privacy implications of those forms of monitoring or the appropriate privacy protections.

The FPF guidance offered four best practices for deciding whether to disclose student information and answered five "frequently asked questions" about FERPA requirements on sharing information during emergencies.

Among the best practices was this one: to "carefully consider potential unintended consequences, such as disproportionate effects on vulnerable populations, and balance those risks with the benefits of monitoring and disclosing student information." While complying with FERPA, the guidance pointed out, "schools must also avoid sharing information that could stigmatize students, make them feel that they can't share their feelings with school staff or incorrectly label them as a 'threat.'"

The federal report is openly available on the U.S. Department of Education's website.

The FPF guidance, "Disclosing Student Information During School Emergencies: A Primer for Schools," is available on its website.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • Training the Next Generation of Space Cybersecurity Experts

    CT asked Scott Shackelford, Indiana University professor of law and director of the Ostrom Workshop Program on Cybersecurity and Internet Governance, about the possible emergence of space cybersecurity as a separate field that would support changing practices and foster future space cybersecurity leaders.

  • modern college building with circuit and brain motifs

    Anthropic Launches Claude for Education

    Anthropic has announced a version of its Claude AI assistant tailored for higher education institutions. Claude for Education "gives academic institutions secure, reliable AI access for their entire community," the company said, to enable colleges and universities to develop and implement AI-enabled approaches across teaching, learning, and administration.

  • AI microchip, a cybersecurity shield with a lock, a dollar coin, and a laptop with financial graphs connected by dotted lines

    Survey: Generative AI Surpasses Cybersecurity in 2025 Tech Budgets

    Global IT leaders are placing bigger bets on generative artificial intelligence than cybersecurity in 2025, according to new research by Amazon Web Services (AWS).

  • university building surrounded by icons for AI, checklists, and data governance

    Improving AI Governance for Stronger University Compliance and Innovation

    AI can generate valuable insights for higher education institutions and it can be used to enhance the teaching process itself. The caveat is that this can only be achieved when universities adopt a strategic and proactive set of data and process management policies for their use of AI.