Today Inside Higher Ed wrote an excellent article about the relationship of the Family Educational Rights and Privacy Act (FERPA) and the recent doxing of Harvard students. In short, it was easy to dox the students based on information the college published — legally — about them. FERPA was supposed ...
WPF is pleased to announce a new project examining the intersection between poverty and privacy in the United States. In the United States, the prevailing discussions about privacy rarely contemplate the poor, or how — or where — the poor or financially stressed may experience privacy challenges. This is also true of many legislative discussions regarding data governance, data protection, and privacy; there is generally not routine scrutiny of the intersection and impacts of proposed statutory language or approaches regarding those who live at or below the poverty level.
The COVID-19 pandemic has presented unprecedented challenges to the nation's K-12 education system. These challenges certainly include the impacts of school closures, and the range of multi-layered, complex questions of whether to reopen school buildings and how to operate them safely if they do reopen. The pandemic has also highlighted ...
Without Consent is the first major benchmarking privacy report to examine school directory information practices and related privacy issues in a multi-year study across more than 5,000 schools at the primary, secondary, and postsecondary levels. The research found troubling and challenging student privacy problems that need to be urgently addressed. The report contains extensive findings and recommendations regarding student privacy, and includes best practices, sample forms, and resources for schools, parents, and students.
A Baltimore mom was surprised and unhappy recently when her son came home from school missing three teeth. The source? A mobile dental clinic at a Baltimore city public school had extracted some of her son’s teeth that day. The mother didn’t realize it, but she had already consented to the dental work through signing a permission slip/release form.
This week a judge ordered that the approximately 10 million records of California students held by the California Department of Education will not be turned entirely over to a group of community nonprofits in the Morgan Hill case. Instead, the judge ordered that several smaller databases may be turned over ...
Update for March 3, 2016: This week a judge has ordered that the approximately 10 million records of California students held by the California Department of Education will not be turned entirely over to a group of community nonprofits in the Morgan Hill case. Instead, the judge ordered that several ...
The World Privacy Forum filed comments to the US Department of Education regarding its student health privacy guidance published August 18, 2015. The World Privacy Forum supports the DoE guidance, which clarifies how universities and colleges are to handle sensitive student medical records in cases of non-medical litigation. The guidance ...
Most parents and students do not know that under the law as it is now, Directory Information about students can be shared with third parties without parental or student consent. The Family Educational Rights and Privacy Act determines what kinds of information schools can share with third parties. Although directory information may sound innocuous, it can include information about each student that is quite detailed. Directory information can include:
Schools increasingly provide students with more health services. Health clinics, counselors on site, administration of drugs, and vaccinations are among the types of healthcare offered on school campuses ranging from kindergarten through graduate school. Given that schools may have sensitive health information, what law covers health record privacy for school records? The answer is important. It is also messy, because two laws can apply to this information. In some cases, no privacy law applies to the health records.
President Obama has announced that the White House will propose legislation for educational privacy reform. The administration needs to start with the basics and get FERPA right once and for all, because currently, FERPA is not doing the job it was intended to do. Here's a backgrounder on this educational privacy cornerstone.
WPF is attending the Consumer Electronics Show in Las Vegas this week. We're focusing on privacy and health and fitness technology, smart home tech/Internet of Things, and education and kid tech. Throughout the week we will be bringing you a stream of thoughts, images, and short videos via our Twitter ...
Educational Privacy -- The Family Educational Rights and Privacy Act of 1974, FERPA, has been amended substantially. The proposed amendments have been published and are open for comment until May 23, 2011. The current changes impact students' medical, educational, and informational privacy interests. WPF will be filing detailed comments on FERPA, including how the proposal interacts with California privacy laws. We will be posting additional materials on commenting soon.
FERPA -- The U.S. Department of Education has published proposed changes to its FERPA regulations, FERPA standing for the Family Educational Rights and Privacy Act. FERPA is a significant regulation that controls how students' school records and "directory" information may be shared. The proposed regulations have one item the WPF is supporting, which is that SSNs are not considered part of the directory information. However, other aspects of the proposed regulation still need work to adequately protect students' and parents' privacy interests. The WPF commented in particular that schools should not be allowed to request and then store a full tax refund from parents in order to prove students' eligibility. The Forum also requested that students' electronic identifiers are not included in the definition of directory information. One area of substantial concern is that the Department of Education has not expressly provided that students who opt-out of having their directory information shared should not be penalized for opting out. Currently, the proposed regulations may be read to suggest that schools may be able to deny benefits, services, or even required activities to students who have exercised the right to opt-out of the publication of directory information. FERPA comments may be filed until close of business Eastern time May 8, 2008.
FERPA comments: WPF is concerned about the U.S. Department of Education's proposed changes to its FERPA regulations, FERPA standing for the Family Educational Rights and Privacy Act. FERPA is a significant regulation that controls how students' school records and "directory" information may be shared. The proposed regulations have one item the WPF is supporting, which is that SSNs are not considered part of the directory information. However, other aspects of the proposed regulation still need work to adequately protect students' and parents' privacy interests. The WPF commented in particular that schools should not be allowed to request and then store a full tax refund from parents in order to prove students' eligibility. The Forum also requested that students' electronic identifiers are not included in the definition of directory information. One area of substantial concern is that the Department of Education has not expressly provided that students who opt-out of having their directory information shared should not be penalized for opting out. Currently, the proposed regulations may be read to suggest that schools may be able to deny benefits, services, or even required activities to students who have exercised the right to opt-out of the publication of directory information..
e-Government /CIPSEA -- The World Privacy Forum submitted comments to the Office of Management and Budget regarding proposed guidance on Title V of the e-Government Act. The proposed guidance did not address the relationship between CIPSEA and the USA PATRIOT Act Section 215, and guidance regarding identifiability and the Privacy Act of 1974 needs to be further refined. WPF suggests that OMB consider developing a formal statistical confidentiality seal controlled by a federal agency. The purpose would be to provide an identifiable marker that would tell individuals if the information they provide will receive the highest degree of confidentiality protection available under law.
