Directory Information - FERPA Information

Owned by Patricia Donohue
Last updated: Dec 01, 2019
4 min read


  • “Directory Information” includes, but is not limited to:
    • the student's name;
    • address;
    • telephone listing;
    • electronic mail address;
    • photograph;
    • date and place of birth;
    • major field of study;
    • grade level;
    • enrollment status (e.g., undergraduate or graduate, full-time or part-time);
    • dates of attendance;
    • participation in officially recognized activities and sports;
    • weight and height of members of athletic teams;
    • degrees, honors and awards received; and
    • most recent educational agency or institution attended
    • CCCID, SSID, User ID or other unique personal identifier used by the student for purposes of accessing or communicating in electronic systems

  • “Directory Information” also includes a student ID number, user ID, or other unique personal identifier used by the student for purposes of accessing or communicating in electronic systems, but only if the identifier cannot be used to gain access to education records except when used in conjunction with one or more factors that authenticate the user's identity, such as a personal identification number (PIN), password, or other factor known or possessed only by the authorized user. 


  • Directory Information” DOES NOT include a student's social security number or Taxpayer Identification number

  • Pursuant to the /wiki/spaces/OPENAPPLY/pages/958365961(FERPA, 20 U.S.C. § 1232g), you have the right to withhold the public disclosure of all “Directory Information.” 


According to: National Law Review, December 1, 2019

U.S. Department of Education Amends its FERPA Regulations to Allow for Certain Additional Student Disclosures

According to: National Law Review, December 1, 2019

Monday, January 2, 2012

The United States Department of Education (DOE) has completed its administrative procedures and has enacted new regulations that amend current regulations enforcing the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. section 1232g. These new regulations, which are effective on January 3, 2012, allow for greater disclosures of personal and directory student identifying information and regulate student IDs and e-mail addresses, among other issues. The new regulations are found at 34 CFR, Part 99, sections 99.3, 99.31, 99.5, 99.6 and 99.37. Colleges and universities need to quickly consider the impact of these new regulations upon their current student privacy policies and existing notices. Failure to do so may result in complaints and DOE enforcement proceedings.

FERPA

FERPA is a longstanding federal statute which provides that a parent or eligible student, if over the age of 18, has a right to inspect and review the student's education records and to have them amended and withdrawn, under certain circumstances. FERPA is applicable to all public K-12 school districts and virtually all post secondary institutions, as they receive federal funds under programs administered by the DOE. FERPA generally prohibits the disclosure of personally identifying information (PII) contained in "education records," without aparent's or student's written consent, to certain third parties. There are a number of statutory exceptions for emergency medical and health reasons and for law enforcement activities, among others. PII includes a student's name, social security number, parents' names, family addresses, birth dates, place of birth, a parent's maiden name, and any other data that make a student's identity easily traceable.

FERPA makes a distinction between PII and "directory information." DOE regulations allow for the disclosure of directory information, without needing a student's or parent's consent, unless the parent or student has opted out of such disclosure. A school subject to FERPA must provide a written notice to parents or students setting forth its disclosure policies concerning directory information with the procedures for opting out and contesting the student's education records.

The New Regulations

A. Directory Information and Student IDs

The new regulations clarify that an institution may, under certain circumstances, designate and disclose student ID numbers, or other unique personal identifiers, as directory information to be displayed on a student’s ID card or badge as long as the ID card is not the sole method of obtaining access to the student’s education records and is used with other credible identifiers. The regulations also provide that a parent or student may not opt out of the disclosure of such directory information.

The DOE left it up to the schools to determine what specifically should be included on a student ID. It also stated that FERPA does not require schools to force students to wear IDs. With regulations enacted in 2008, institutions may use directory information to access online electronic systems and to allow a school to require a student to disclose his/her name, identifying information and institutional e-mail address in and out of class. The DOE further clarified that an institution need not make directory information available on student IDs, but may do so if it so chooses.

B. Studies and Audit and Evaluation Exceptions

The new regulations also allow for the disclosure of PII, without student or parent consent, where institutions have contracted with organizations to conduct studies or audits of the effectiveness of education programs. However, the regulations require a written agreement with the organization containing mandatory provisions intended to guard the privacy of student records. The regulations also provide institutions with detailed, required provisions aimed at preventing PII from ending up in the hands of persons or entities not intended or permitted to receive them, and guidelines for addressing data breaches. A careful review of the regulations is necessary before an institution enters into any agreement to provide PII access to an organization that is conducting a study or an audit and evaluation.

C. Notices

The new regulations contain a model notification of rights form for post secondary institutions to provide to students and parents. Given the changes in the DOE's regulations described in this Alert, current notice forms must be re-examined to determine whether they are in compliance. Also, the DOE's model form has a number of optional provisions that each institution should evaluate based on their specific needs.

Conclusion

FERPA and the DOE's regulations are complex and create the potential for administrative sanctions. The new regulations give expanded authority to institutions to make disclosures, but a careful approach to crafting policies and disclosures is necessary to avoid administrative penalties, as well as possible lawsuits by students and parents. 

©2019 Greenberg Traurig, LLP. All rights reserved.

ABOUT THIS AUTHOR

Stephen A. Mendelsohn, Greenberg Traurig Law Firm, Boca Raton, Litigation Attorney
Stephen A. Mendelsohn
Shareholder

Stephen A. Mendelsohn concentrates on all aspects of commercial litigation through trial and appeals, with an emphasis on financial institutions, securities and real estate. He represents broker-dealers, registered investment advisors, hedge funds and private equity funds in securities litigation, and he defends officers and employees in Securities and Exchange Commission investigations of public companies.

Stephen also counsels manufacturers, restaurant chains, retailers, nonprofits and contractors, among others, on all facets of employment law...

mendelsohns@gtlaw.com
561-955-7629
www.gtlaw.com