2016-30: Colleges Want Access to In-Progress Applications

Request No.2016-30
Date of Request5.4.16
RequesterCACCRAO Memo

Standard Application
International Apps 

Section / Page

Submitted Applications

Steering Approval StatusDeferred
Steering Hearing Date5.11.16
Proposed Change to Download FileNo
Proposed Change to Residency LogicNo

Problem / Issue

CACCRAO Issue #7:  "No visibility into in-progress applications – Again – practically every college requested a string need for this access."

This is a recurring request from colleges.

Santa Rosa Jr. College (and many other colleges) has long wanted the ability to identify students who have started applications but never submitted them in order to contact these students to better understand why they stall out on completing the applications.

For example, if the student has a residency restriction, they may realize that the admissions application questions are collecting information to classify them as non-residents, the college can reach out and provide information about state and federal financial assistance and services that the student may not realize exist, or have access to. Santa Rosa College expressed interest - again - in finding a creative way to get around FERPA restrictions. See Notes below for more on this request.

Note:  This is a known issue and requests for access to pending applications has been heard and declined several times over the past years (since OpenCCCApply implementation in 2012). Xap Control Center DID/DOES allow access to this data; however it's been determined that this is not legal and OpenCCCApply has stated it will not provide this ability without CCCCO Legal consent.

Reason why colleges cannot access in-progress applications:
State and federal privacy laws (FERPA) protect the disclosure of student personal information and application data - before and during the application process - restricting individual CCC colleges/districts from accessing this data UNTIL the student gives their consent to release at the end of the application process (Consent & Submit pages). Consent is authorized only when they "submit" the application. 


Proposed Solution

Unfortunately, it is not possible (illegal) for colleges and/or CCCApply to view or have knowledge about pending applications due to FERPA and state privacy laws. However, in 2014 Steering Committee deferred a change request to send out an auto-message to students of unsubmitted application and "nudge" them to complete or delete their in-progress applications.

Implement Deferred Change Request: 2014-40: Implement Auto-Message to Students of Unsubmitted Application Pending in My Applications

  • Implement a recurring, automatic sweep of the In-Progress database looking for applications that were started but never submitted (after a period of time TBD, suggested 3 days) - and send an email from OpenCCC - a State entity - nudging the student to complete their application or contact the college for assistance. (Note: During the May 2016 Steering meeting this issue was discussed and members said they would want a way to customize that email for their college in order to suggest services and provide contact information. This complicates the solution and may or may not be feasible.) 

  • Consult with CCCCO Legal and get an official Legal Opinion or memo confirming the restrictions so that colleges can better understand why we cannot provide this functionality in CCCApply.



Discussion wiith DT: This is a FERPA issues and one of the areas where colleges need to better understand the mandates and regulations that CCCApply operates under. Diane immediately gets this and agrees that there's nothing we can do to get around FERPA. However, we discussed an idea that was brought up at the last Steering meeting from Santa Rosa College - what is preventing us from moving the release of application data consent confirmation to the end of the OpenCCC application? This way, students have already consented to release of "directory" information before they even begin the application process. I spent some time reviewing the FERPA laws and I need some guidance. Who is our "go to" Legal expert for interpreting FERPA and other federal and state privacy laws? From what I read, a minimal amount of student PII can be released to educational insitutions prior to signing a consent form - it's called "directory information" and it includes: Name, DOB, Email, and a unique identifer that is associated with a student, but that doesn't lead to more PII (so CCCID would be out, but what about the App ID, which is created during in-progress status).

2.22.16: Mitch Leahy, Santa Rosa JC, added, "Thank you Tim. I remember the email nudging now and that’s excellent. However, what might also help us in this discussion is stats on how many students do not complete their application for each given district within a year.

Our district is keenly interested in personally following up with these students to see what we can do to assist them. Maybe they got stuck on a question on the application. Maybe they are a Dream Act/ DACA student who is fearful of self-declaring their status on an application. Maybe they became afraid of committing to college after thinking about the required investments of time and money. Maybe they just need personal attention that might go beyond an automated email.

Whatever the case, we want to find out the reason and provide whatever assistance we can to get them started/interested again. I am sure other districts who are chasing enrollment would be interested this recruitment opportunity."

Supporting Documentation

FERPA Information

From: https://www.law.cornell.edu/uscode/text/20/1232g


For the purposes of this section the term “directory information” relating to a student includes the following: the student’s name, address, telephone listing, date and place of birth, major field of study, participation in officially recognized activities and sports, weight and height of members of athletic teams, dates of attendance, degrees and awards received, and the most recent previous educational agency or institution attended by the student.


Any educational agency or institution making public directory information shall give public notice of the categories of information which it has designated as such information with respect to each student attending the institution or agency and shall allow a reasonable period of time after such notice has been given for a parent to inform the institution or agency that any or all of the information designated should not be released without the parent’s prior consent.

FERPA makes a distinction between PII and "directory information." DOE regulations allow for the disclosure of directory information, without needing a student's or parent's consent, unless the parent or student has opted out of such disclosure. A school subject to FERPA must provide a written notice to parents or students setting forth its disclosure policies concerning directory information with the procedures for opting out and contesting the student's education records.

The New Regulations (2012)

A. Directory Information and Student IDs

The new regulations clarify that an institution may, under certain circumstances, designate and disclose student ID numbers, or other unique personal identifiers, as directory information to be displayed on a student’s ID card or badge as long as the ID card is not the sole method of obtaining access to the student’s education records and is used with other credible identifiers. The regulations also provide that a parent or student may not opt out of the disclosure of such directory information.

The DOE left it up to the schools to determine what specifically should be included on a student ID. It also stated that FERPA does not require schools to force students to wear IDs. With regulations enacted in 2008, institutions may use directory information to access online electronic systems and to allow a school to require a student to disclose his/her name, identifying information and institutional e-mail address in and out of class. The DOE further clarified that an institution need not make directory information available on student IDs, but may do so if it so chooses.

B. Studies and Audit and Evaluation Exceptions

The new regulations also allow for the disclosure of PII, without student or parent consent, where institutions have contracted with organizations to conduct studies or audits of the effectiveness of education programs. However, the regulations require a written agreement with the organization containing mandatory provisions intended to guard the privacy of student records. The regulations also provide institutions with detailed, required provisions aimed at preventing PII from ending up in the hands of persons or entities not intended or permitted to receive them, and guidelines for addressing data breaches. A careful review of the regulations is necessary before an institution enters into any agreement to provide PII access to an organization that is conducting a study or an audit and evaluation.

Directory information means information contained in an education record of a student that would not generally be considered harmful or an invasion of privacy if disclosed.

(a) Directory information includes, but is not limited to, the student's name; address; telephone listing; electronic mail address; photograph; date and place of birth; major field of study; grade level; enrollment status (e.g., undergraduate or graduate, full-time or part-time); dates of attendance; participation in officially recognized activities and sports; weight and height of members of athletic teams; degrees, honors, and awards received; and the most recent educational agency or institution attended.

(b) Directory information does not include a student's—

(1) Social security number; or

(2) Student identification (ID) number, except as provided in paragraph (c) of this definition. (SEE BELOW)

(c) In accordance with paragraphs (a) and (b) of this definition, directory information includes—

(1) A student ID number, user ID, or other unique personal identifier used by a student for purposes of accessing or communicating in electronic systems, but only if the identifier cannot be used to gain access to education records except when used in conjunction with one or more factors that authenticate the user's identity, such as a personal identification number (PIN), password or other factor known or possessed only by the authorized user; and  (I THINK THE CCCID WOULD BE ALLOWABLE, THEN, IN THIS CIRCUMSTANCE)

(2) A student ID number or other unique personal identifier that is displayed on a student ID badge, but only if the identifier cannot be used to gain access to education records except when used in conjunction with one or more factors that authenticate the user's identity, such as a PIN, password, or other factor known or possessed only by the authorized user.

(Authority: 20 U.S.C. 1232g(a)(5)(A))

From an FAQ on FerpaSherp

May an educational agency or institution disclose directory information without prior consent?

Education records that have been appropriately designated as "directory information" by the educational agency or institution may be disclosed without prior consent.  See 34 CFR §§ 99.31(a)(11) and 99.37.  FERPA defines directory information as information contained in an education record of a student that would not generally be considered harmful or an invasion of privacy if disclosed.  34 CFR § 99.3.

FERPA provides that a school may disclose directory information if it has given public notice of the types of information which it has designated as "directory information," the parent or eligible student’s right to restrict the disclosure of such information, and the period of time within which a parent or eligible student has to notify the school in writing that he or she does not want any or all of those types of information designated as "directory information."  34 CFR § 99.37(a).  A school is not required to inform former students or the parents of former students regarding directory information or to honor their request that directory information not be disclosed without consent.  34 CFR § 99.37(b).  However, if a parent or eligible student, within the specified time period during the student's last opportunity as a student in attendance, requested that directory information not be disclosed, the school must honor that request until otherwise notified.