FERPA, a Brief Overview for School Organizations
With millions more students relying on online tools for virtual education, we need to be extra diligent in maintaining students’ data privacy. As a PTA or PTO leader, you play a large role. Did you know that even the title of the photos the parent teacher association posts on FB could be subject to data privacy laws? The federal law in this area is the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g. Here is a brief overview of FERPA, based on a recent episode of The Multipurpose Room, so that you can spot any issues and create policies to keep you within FERPA.
FERPA – The Basics
FERPA or the Family Educational Rights and Privacy Act is a law that was passed in 1974 aimed at protecting student privacy. It must be kept top of mind for elementary, middle and high schools as it can also affect school funding received from the U.S. Department of Education.
Who Needs to Worry about FERPA?
In short, it’s the educational leaders that should be aware of FERPA, that is, the school administrators, school teachers, and PTA and PTO leaders. In addition, parents also need to be in the loop.
We can look at each of these and their role in relation to FERPA in more detail:
FERPA gives parents access to their child's records, with jurisdiction to both view them and edit them. These records typically include the child’s name, address, date of birth, and contact details as well as assessments, grades, pictures. It can even include things such as handwriting, but of course, the most important components are any details that could help identify the child as these need to be the most well-protected.
A lot of the work that school administrators do in relation to FERPA is with the parents. They are responsible for making parents aware of the existence of FERPA on an annual basis, usually through formal notices. Administrators also have to guide parents about their directory policy (using information related to students) and their release policy (using the student’s name and photographs in regular school events). Parents have the option of having their child opt out of any or both of these policies, and so it is essential that school administrators take this permission.
Additionally, school administrators also have to oversee contracts that the school has with any organizations that may have access to student records. In 2020, with the shift to virtual education, this has come up with new technology providers now supporting schools. While FERPA demands prior written consent before any student information is shared, it does carry an exception where a third party is offering an extension of the school’s educational services. However, schools should ensure any providers meet the exception criteria before contracting. In addition, in those contracts, school should ensure there are clauses covering confidentiality of protected information, and safe disposal of said information upon termination of the agreement.
PTA and PTO Leaders
The first thing that PTA and PTO leaders need to be aware of is that the school’s directory policy impacts them. This means that parents who have decided to opt out of the directory cannot be contacted by the PTA or PTO. PTAs and PTOs should always publicize a way that parents can sign up to receive the PTA information directly so that parents who have opted out of the directory can “opt in” to receiving PTO information. In addition, PTA and PTO leaders should look at ways parents can receive this information in other ways. For example, keeping their website updated or having a Facebook group, can ensure all are staying informed.
With respect to PTA or PTO actions that FERPA may cover, social media posting is the most common. PTAs and PTOs should have a social media policy that is compliant with FERPA. For example, posting photos of children and photos of classrooms with children’s work, are both allowed only if parents have signed a photo release with the school. In addition, any tags that include children’s names or even the metadata of a photo that includes a child’s name may be covered. So, things such as pictures, videos, names, handwriting should all be avoided unless they’ve been authorized by the parent in the form of written consent. In addition, there should be a mechanism by which the social media administrator receives photo release information from the school.
Although not an onerous law, it is key to be aware of it. There are some great guides available by the US Department of Education, including an FAQ, as well as a position statement by the National PTA. When in doubt, connect with your school district as they are well versed in this law and can help.