Mind-boggling. While many schools improperly use FERPA to withhold information, at least one university is just handing information without ensuring that it has signed waivers or consent to do so.
Clark Kauffman reports:
The University of Iowa has been quietly sharing federally protected student information with Johnson County law enforcement officials who handle gun permit applications — an arrangement that one national organization calls a “license to snoop.”
The information includes some data on classroom achievement that by law can’t be considered by sheriffs when processing permit-to-carry applications and are normally protected from disclosure by the federal Family Educational Rights and Privacy Act.
Mark Braun, chief of staff for U of I President Sally Mason, said that in some cases the information speaks to a student’s perceived status as a “troublemaker,” but could also include information on failing grades or signs of depression or anger.
This is unbelievable. The Register also found that:
University officials never see the privacy waivers they are relying on to disclose personal information on students and faculty. The U of I’s attorney says the university operates on the assumption that the individuals have signed the sheriff’s permit application, which includes a privacy waiver.
They assume? Wow. As it turns out the waiver signed by gun applicants doesn’t apply to the university’s personnel or student education records:
The sheriff’s office doesn’t tell permit applicants that the waiver authorizes the disclosure of academic information on students and personnel information on school employees. In fact, the sheriff’s office tells applicants the waiver applies only to criminal records. Under federal regulations, a waiver authorizing access to FERPA-protected student information must specify the precise type of education records being disclosed.
And this has reportedly been going on for years.
The federal government has the authority to cut off all federal funds to the university for FERPA violations. I’ve never known them to actually use that authority, but this seems like a pretty egregious FERPA violation to me.
Not covered in this report is any investigation into for how long the sheriff’s office retains any information sent by the university and how it secures it. The paper has filed additional public records requests and hopefully they’ll also inquire about the data retention and data security concerns.
Read more of the Des Moines Register’s investigative report here.