Valerie Strauss writes about EPIC’s lawsuit against the U.S. Education Department over changes to FERPA:
The U.S. Education Department is being sued by a nonprofit organization for promoting regulations that are alleged to undercut student privacy and parental consent. The rules allow third parties, including private companies and foundations promoting school reform, to get access to private student information.
The Electronic Privacy Information Center has been fighting for the department over 2011 regulations involving the Family Educational Rights and Privacy Act, also known as FERPA, a law that is supposed to protect the privacy of student education records at all schools that receive federal education funds. FERPA was passed to give parents specific rights in regard to their children’s education records, rights which transfer to the student he/she becomes 18 or goes to a school beyond the high school level.
Read more on Washington Post.
In a blog post yesterday, Peter Fleischer wrote:
The US privacy law narrative is convoluted. That’s a pity, since almost all of the global privacy professionals with whom I’ve discussed this issue agree with me that the sum of all the individual parts of US privacy laws amounts to a robust legal framework to protect privacy. (I didn’t say “perfect”, since laws never are, and I’m not grading them either.)
If Peter thinks we have a “robust” legal framework, I would encourage him to look at the abysmal failure of the government’s implementation of FERPA and the ongoing erosion of student privacy rights. According to the most recent census figures, almost 24% of the population is under 18 years of age. Their education and school records – which often contain a wealth of health and other information – are in need of stringent data security and protection from sharing. Yet the government, spurred on by commercial entities that stand to make huge profits, has moved towards greater data collection and data sharing.
Almost 24% of the population not only does not have “robust” privacy protection, but they barely have any privacy protection left at all. And sadly, that seems to be just fine with the U.S. Department of Education, that continues to do a great impersonation of an ostrich when it comes to breaches of student information.