Earlier this month I wrote a post about a lawsuit against the U.S. Education Department that charges the agency with promoting regulations that undercut student privacy and parental consent. The suit was filed some time ago by the nonprofit Electronic Privacy Information Center over 2011 regulations involving the Family Educational Rights and Privacy Act, also known as FERPA, a law that is supposed to protect the privacy of student education records at all schools that receive federal education funds.

The lawsuit argues that 2011 regulations issued by the department changed FERPA in a way that effectively allows more individuals and both private and public entities to have access to sensitive student records. Third parties already could get student data from school districts and state education agencies under certain conditions under rules finalized in 2008.

The issue has gained attention because of a new $100 million database built in large part with Gates Foundation money that holds detailed files on millions of schoolchildren and that is being run by a new nonprofit called inBloom. Critics fear that private information in the database will be given to private third parties in part because of the 2011 regulations.

But inBloom counsel Steve Winnick says that critics are misinterpreting the 2011 FERPA regulations. Following is a piece he wrote about the issue. Winnick is senior counsel   at EducationCounsel LLC, and has significant experience working on FERPA issues as the former deputy general counsel of the U.S. Department of Education and at EducationCounsel.

By Steve Winnick

Since the launch of non-profit inBloom earlier this month, there has been much discussion regarding the privacy and use of student data and the role of the Family Educational Rights and Privacy Act (FERPA). In particular, the 2011 FERPA regulatory amendments were discussed in Valerie Strauss’ earlier post. She has given us the opportunity to address some misunderstanding about inBloom’s service and its compliance with FERPA.

Technology needs to do a better job helping teachers and parents with the important mission of educating our children. inBloom is working to make it easier for teachers, parents, and students themselves to see a coherent picture of student progress and give parents more options to be involved in their children’s education.

Data-driven instructional technology has been available in classrooms for over a decade. School districts that purchase these systems are burdened with the expense and complexity of connecting these tools to the systems they already have. inBloom eases this burden by providing a secure service to help school districts manage their instructional data. Only school districts can make decisions about how information about students can be used.

As an example, one of the inBloom pilot districts has implemented over 30 different online learning systems. The time it takes for a teacher to login and download results from each of these tools steals time from their busy day and makes it difficult to have important conversations about student learning with parents. With inBloom, districts can provide teachers and parents with better instructional tools and the information they need to help students succeed.

The disclosure of student records to the inBloom data services is allowed by two different provisions in FERPA. The first provision allows schools to disclose student records to school officials with a legitimate educational interest in the records, including private contractors hired by a school district, when the student records are needed to provide the contracted services. This applies to inBloom, which is contracted by school districts to provide technology services for school administrators and teachers. USED spelled out rules authorizing disclosure of student records to school district contractors in 2008 (see section 99.31(a)(1)(B)); however, this type of disclosure was consistently allowed long before it was codified in 2008 (for example, see this 2004 USED advisory opinion).

The second FERPA provision allows disclosures of student records to authorized representatives of state or local education officials for the purpose of evaluating, auditing or complying with federal- or state-supported education programs. This is not the primary purpose of inBloom, but is a secondary benefit of states’ participation in inBloom.

As I mentioned at the beginning of this post, many people have misinterpreted the 2011 USED regulations. Prior to 2011, FERPA did not allow state or local education agencies to designate non-education state agencies (for example, the state workforce agency) as authorized representatives for evaluating public education programs. Anyone evaluating these programs had to be “under the direct control” of a state or local education agency, i.e. “an employee or contractor,” as stated in a 2003 directive from the Department.

As explained in the preamble to the 2011 regulations (page 75616), USED through those regulations reversed that interpretation and began allowing education agencies to designate any entity—including other state agencies—to assist in the evaluation of education programs, and to receive student records for that purpose. In other words, other state and local agencies could now assist the education department—and access student records for that purpose—in the same way that outside contractors could.

Even more importantly, the 2011 regulations do not in any way affect the 2008 regulations that permit disclosures of student data to private contractors to perform educational services for a school district (under significant conditions), which relates to the core mission of inBloom.

inBloom’s work with states and districts fully complies with the law, with or without the 2011 regulations. inBloom has adopted data privacy and security protections that meet the highest industry standards, exceed FERPA requirements, and are designed to ensure that student data are used only for agreed-upon education purposes and not further disclosed.

inBloom is committed to protecting the privacy and security of student records while helping states and school districts to more effectively use student data for legitimate educational purposes, in particular to provide a more customized education for all of our children. FERPA historically has been the subject of multiple myths that get in the way of effectively using data for these critical educational objectives. It is important that there be an accurate public understanding of what FERPA means and how it is being addressed.