FERPA is Worthless at Protecting Student Data


Louisiana education politics blogger Crazy Crawfish has a great article on FERPA entitled “FERPA Does Not Protect Student Privacy and Never Did.”  He explains how the law is outdated and how it has been gutted through U.S. Department of Education rule changes.

Money quote:

This means US ED has no authority over vendors or use or misuse data, that it must first try and convince abusers to stop abusing and disclosing the data they have received, and that their only recourse is to forbid school districts from providing data to them directly for 5 years or more. However if they obtain the data from another source, say another vendor, agencies can bypass even this very minor censure. Additionally, since DOE has no enforcement mechanism provided by FERPA, agencies can ignore this decision with impunity. This is why inBloom is not going out of business with no one officially committing to provide data to them. They intend to get this data secretly other ways and through other avenues. FERPA does allow schools, school districts and states to state their own civil penalties in their contracts, but most, if not all, fail to do so. What this means is any vendor for any data system in any school district that has access to data can currently use that data however they want if their only restriction written into their contract is that they will comply with FERPA. FERPA does not restrict or target vendors, only schools and school districts. State agencies are also largely excluded from many of the provisions of FERPA although references to them have been sprinkled in throughout the years. Most of the sanctions and wording it directed at local school districts, not state agencies who subsequently acquire the data.

Additionally, parents do not have the right to sue or take actions against vendors, state agencies, local school districts, or individuals who use, misuse or abuse their children’s data, or their own data under FERPA. All enforcement actions are handled through FPCO (the Family Policy Compliance Office), if they so choose. Parents may make a formal complaint, but those complaints can be ignored and parents have no further recourse.

Be sure to read the whole thing.

Photo credit: Die4Kids via Wikimedia Commons (CC-By-SA 3.0)

2 thoughts on “FERPA is Worthless at Protecting Student Data

    1. That was a settled case with a high profile political figure. FERPA can get violated all day long without serious repercussions and without individuals having right to prevail in court. Also, if the university accepted federal funds or grants those could be in jeopardy if well connected politician made enough of a stink. Vendors who obtain data and disclose can only theoretically be denied data under FERPA, but all entities can recieve bad PR and lose business and choose to settle rather than allow such a case to fester in news. That does not mean FERPA provided any protection or recourse other than a philosophical one. A normal parent would likely be ignored

Comments are closed.