Fixing FERPA to Protect Marginalized Students

Classrooms and campuses across the country have undergone remarkable digitization in recent decades, ushering in a growing wave of privacy concerns.

U.S. education technology companies continue to gain traction, facial recognition software tracks student attendance and security, and even the U.S. Department of Education encourages public schools to use “big data” to improve achievement, enhance assessment, and promote innovation. But as schools across the country increasingly rely on cloud computing services, online applications, and data mining tools to support tasks such as teaching and student performance evaluation, some educators and families worry about the risk such technological advancements pose to equity and student privacy.

When the U.S. Congress enacted The Family Rights and Privacy Act, or FERPA, in November of 1974, legislators sought to protect the privacy of children attending publicly funded schools. The Act afforded parents access to their children’s educational records and gave them rights to request record amendments and control the disclosure of personally identifiable information. The legislators who enacted FERPA aimed to combat student harm caused by inaccurate or misleading information; indeed, FERPA’s legislative history demonstrates a concern by lawmakers that secret files and records kept by schools could negatively impact students’ educational opportunities.

Since its implementation, Congress has amended FERPA 11 times in response to continuously developing technology and emerging types of data use. Nevertheless, some parents and school actors are apprehensive about the degree to which FERPA currently aligns with its stated goal of data integrity and whether it actively harms the students it is designed to protect. Specifically, some critics argue that the current iteration allows for continued discrimination against marginalized students.

In this week’s Saturday Seminar, we collect scholarship exploring the ways in which gaps in FERPA affect vulnerable student populations.

• In a recent article published in the Washington and Lee Law Review, Najarian Peters of the University of Kansas School of Law argues that dirty data—or data that is inaccurate, incomplete, or misleading—in K-12 educational records catalyzes racial inequity. Specifically, Peters contends, FERPA permits educational records to include potentially erroneous discretionary input by school actors. This, she explains, negatively impacts marginalized students’ access to opportunities such as gifted and talented programs and leads to Black children’s overrepresentation in school disciplinary actions. Although FERPA enables parents and students over 18 to challenge inaccuracies, Peters submits, its current configuration still allows for subjective feedback by school actors that can cast marginalized, and especially Black children in a poor light. Thus, she recommends implementing a two-part process to address racially discriminatory data input that includes validating data before input and substantiating the reasoning behind a school actor’s decision before calcifying it in the educational record.
• In an article published in the University of Baltimore Law Review, Lynn M. Daggett of Gonzaga University School of Law discusses the ways in which FERPA inadequately protects female student patient privacy. FERPA allows nonconsensual disclosure of sensitive student health information to the parents of both male and female students, Daggett explains. She contends that female students, however, are disproportionately impacted because campus clinic centers have more female than male patients, and these students often receive care for instances of sexual assault. To remedy FERPA’s inadequate privacy protections, Daggett recommends amending FERPA to subject all student patient records to the HIPAA Privacy Rule, as well as enacting state laws and school policies to protect student patient privacy.
• According to a report by Claire Galligan and Hannah Rosenfeld, Molly Kleinman and Shobita Parthasarathy of the University of Michigan Ford School of Public Policy, the use of facial recognition technology by schools disproportionately burdens people of color, women, people with disabilities, and trans and gender-nonconforming people. FERPA offers a model of consent, Galligan and her coauthors argue, but it provides no individual remedies if a facial recognition platform authorized by schools violate student privacy. Consequently, students and parents must rely on political pressure, rather than FERPA, to object to a school’s facial recognition technology use, Galligan and her colleagues explain, which proves ineffective. Although Galligan and her coauthors recommend banning facial recognition technology in schools, they provide national, state, and local-level recommendations, such as establishing advisory committees to increase security when schools use this technology.
• In an article published in the Duke Law & Technology Review, Nila Bala of R Street Institute contends that the use of facial recognition technology in classrooms can harm students. Bala argues that this technology may harm Black children and children with developmental disabilities more than their peers because schools may apply facial recognition inequitably within or across classrooms, making it “another tool to police children of color.” Bala contends that biometric information, or biological information used to identify individuals, should be protected under FERPA in the same way as other kinds of student data. At present, however, FERPA fails to do so or specify how student data should be stored or managed, she explains. To respect students’ right to privacy, Bala recommends that facial recognition technology be kept outside of the classroom.
• In a recent paper, Marin Dell of Nova Southeastern University Shepard Broad College of Law discusses the privacy gap experienced by students who engage in a lawsuit against their university. Dell argues that FERPA contains a legal loophole which allows for the lawful disclosure of a student litigant’s university mental health records to university counsel without the student’s knowledge or consent. Dell explains that because FERPA allows for the disclosure of all “educational records,” university counsel can request mental health and counseling records under this classification, rather than strictly protected “treatment records.” To close this FERPA privacy gap, Dell advocates that Congress pass the Campus Litigation Privacy Act of 2015, a proposed FERPA amendment which seeks to limit record disclosure, place restrictions on attorney conduct in requesting records, and involve impartial parties. Dell also suggests that lawmakers discourage misconduct by imposing penalties for inappropriate record disclosure.
• In a recent article published in the Seton Hall Legislative Journal, Amelia Vance and Casey Waughn discuss the principles essential to creating effective, fair, and balanced education privacy legislation. Vance and Waughn find four major principles to be essential for proper legislation: trust, transparency and inclusion, context, and clarity. They contend that education privacy laws should encourage a culture of trust, as broken trust leads to public fear and hasty, reactionary policymaking. They further stress that transparency and inclusion, context, and clarity are vital to building public trust in education privacy legislation, and that policymakers should create laws that are comprehensive, versatile, and representative of public need. Vance and Waughn argue that these four principles can serve as a roadmap for policymakers, guiding them to create better laws that facilitate a culture of privacy within the education system.