Dale King, Senior Policy Advisor, Student Privacy Policy Office (SPPO), U.S. Department of Education, provided an update on the Department’s efforts around protecting the privacy of students’ education records, as well as the reorganization at the Privacy Office.
Throughout this session, Mr. King spoke on the history of SPPO, changes made within the organization, the complex relationship between SPPO, PTAC, and FERPA, and answered several questions from AACRAO representatives and members.
SPPO, formerly the Family Policy Compliance Office (FPCO), administers the Family Educational Rights and Privacy Act (FERPA) for the Department.
Rumored FERPA Updates
Though Mr. King could not officially comment on any updates or changes to FERPA until a notice had been issued, he did confirm that FERPA was included in the Quarterly Unified Plan. Mr. King also confirmed that a Unified Agenda should be released “this spring”.
When speaking about the Unified Agenda Mr. King cautioned that anything on the agenda would be “Subject to change” and that it should serve as a best guess as to what agencies intend to be regulating and a possible time frame.
Privacy and COVID-19 Considerations
Several questions from members came in during the session regarding a variety of issues directly related to changes institutions have made in response to COVID-19.
Camera use and anonymity have been of particular concern for higher-education institutions recently and Mr. King responded that while students cannot be anonymous in class, access to any recording, or data, should be restricted. Mr. King also made the distinction that if camera use is required by an institution that no PII may be in view or recorded. Finally, Mr. King reminded members that “FERPA is a law that protects records, not confidentiality”.
In a similar vein, when asked about mandatory photo identification, Mr. King responded that nothing in FERPA disallows such a requirement so long as the requirement doesn’t disallow students from receiving an education.
Data Disclosure and Health & Safety
Towards the end of the session, a few additional questions came up regarding data disclosure. Emergency contact data, COVID-19 information and testing, etc. For each of these questions, the answer remained consistent, if the data is being disclosed as a matter of Health & Safety then it is allowed, but for most other circumstances that data would be protected information.