Kelly Field reports:
The Education Department will issue a final rule today [yesterday – Dissent] that will make it easier for states to track students’ academic progress and evaluate education programs.
The rule allows state and local education officials to share student information more widely without violating federal privacy law. It also makes lenders, guarantors, and other agencies with access to student records subject to the law, known as the Family Educational Rights and Privacy Act of 1974, or Ferpa.
Supporters say the changes will help researchers measure the effectiveness of government-financed education programs. They say Ferpa has hampered such research because states and schools have been unsure about what information they can legally share.
But privacy advocates say the rule undermines longstanding student protections. They expressed disappointment that the department did not adopt many of their proposed changes to its draft rule, which came out in April.
Read more on The Chronicle of Higher Education.
The education sector has yet to really adequate secure students’ (and their families’) personally identifiable information. Now it will be shared among more entities? What could possibly go wrong, right? Don’t be misled by the DOE’s guidance on protecting student information. Guidance is not a regulation or “thou shalt not.” If you look at the language, it is “You may want to” or “you may wish to.”
Where is the regulation that imposes enforceable privacy and data security obligations on entities that has some teeth and that provides a remedy or cause of action for those who may be harmed by a privacy or security breach?
Image credit: Cooluser, Wikimedia, used under Creative Commons License