But in 2011, regulations issued by the department changed FERPA to allow the release to third parties of student information for non-academic purposes. The rules also broaden the exceptions under which schools can release student records to non-governmental organizations without first obtaining written consent from parents. And they promote the public use of student IDs that enable access to private educational records, according to EPIC, a nonprofit public-interest center based in Washington D.C.
Government officials have defended the regulations. A government notice in the Federal Register says the rules are necessary
to ensure that the Department’s implementation of FERPA continues to protect the privacy of education records, as intended by Congress, while allowing for the effective use of data in statewide longitudinal data systems (SLDS) as envisioned in the America Creating Opportunities to Meaningfully Promote Excellence in Technology, Education, and Science Act (COMPETES Act) and furthermore supported under the American Recovery and Reinvestment Act of 2009 (ARRA). Improved access to data contained within an SLDS will facilitate States’ ability to evaluate education programs, to build upon what works and discard what does not, to increase accountability and transparency, and to contribute to a culture of innovation and continuous improvement in education.
But privacy advocates oppose the rule change because student data can be shared by local officials with private companies and foundations. Some say FERPA was loosened to make it easier for third parties to get access to student data by funding initiatives such as student data bases. Stephanie Simon of Reuters wrote in this story about a new $100 million database built in large part with Gates Foundation money that:
…already holds files on millions of children identified by name, address and sometimes social security number. Learning disabilities are documented, test scores recorded, attendance noted. In some cases, the database tracks student hobbies, career goals, attitudes toward school – even homework completion.
The database has files of students from at least seven states that have agreed to participate so far and is allowing access to third parties. According to Simon, the infrastructure for the database was built by the for-profit Amplify Education, which is run by school reformer Joel Klein and owned by Rupert Murdoch’s News Corp. The database is being run by a new nonprofit, inBloom Inc.,
“We think it is a very serious threat to student privacy,” said Marc Rotenberg, president and executive director of the Electronic Privacy Information Center. “Once the data gets out there it has all sorts of ramifications. It weakens the [FERPA] structure Congress put in place because Congress understands that a lot of student data can be stigmatizing, keeping people out of jobs, for example.”
The lawsuit, filed in federal court in Washington D.C., says:
Contrary to the agency’s contentions, Congress itself articulated specific reasons for precluding non-educational state agencies from accessing, altering, or storing records containing the personally identifiable information of students. The law’s chief sponsor Senator James L. Buckley specifically intended that FERPA would prevent linking academic data to non-academic data for the purpose of measuring schools’ impact. Senator Buckley’s statement in the Congressional Record describes FERPA as a safeguard against “the dangers of ill-trained persons trying to remediate the alleged personal behavior or values of students,” which include “poorly regulated testing, inadequate provisions for the safeguarding of personal information, and ill-devised or administered behavior modification programs.”40 In support of his concern, Senator Buckley entered into the Congressional Record a Parade magazine article decrying “welfare and health department workers” accessing student records that included “soft data” such as “family, . . . psychological, social and academic development . . . personality rating profile, reports on interviews with parents and ‘high security’ psychological, disciplinary and delinquency reports. Congress has yet to alter its stance on FERPA legislative safeguards, a prerequisite for the agency’s tracking of ‘soft data’ and other non-academic characteristics, charting them with SLDS, and sharing the results with non-academic institutions. Still, the agency asserts that the most cursory mention of SLDS in the ARRA constitutes “intent . . . to have States link data…”
Correction: The name of the nonprofit operating the database is inBloom, Inc., not Bloom, Inc.