Six years ago, the author of the Family Educational Rights and Privacy Act said it was being stretched beyond all recognition: “I do know college administrations have played a lot of games with it. There’s a lot of stonewalling going on.”
The stonewalling has arguably become even worse.
According to Zach Greenberg, legal fellow at the Foundation for Individual Rights in Education, FERPA “is a privacy statute that doesn’t protect privacy, a rights statute that creates no enforceable rights, and an access statute that allows colleges to conceal information that would invite bad press.”
He writes in The Chronicle of Higher Education that “poor enforcement, flawed court decisions, and nonexistent guidance from the Department of Education” have provided colleges “a distorted excuse for institutional stonewalling” on matters such as sexual-assault reports, “cronyism” and “administrative malfeasance.”
In order to disingenuously invoke FERPA, administrators across the country have claimed that employee communications, lists of “well-connected but academically subpar applicants” and even sexual-assault allegations are “student records” protected from disclosure by the law, Greenberg says.
One problem is legislative and the other is judicial, he says. The Department of Education has no leeway over FERPA penalties, so rather than strip all funding from a college in violation, the feds are “allowing colleges to violate it with impunity.”
A 15-year-old Supreme Court decision blocked individuals and organizations from suing under FERPA: “Colleges have no rational reason to comply with a statute that cannot be enforced by litigation and will not be enforced by the federal government.”
Greenberg offers recommendations from his recent law review article with a FIRE colleague on how to fix FERPA.
The law should be “harmonize[d]” with the Clery Act and state open-records laws, and it should explicitly open the courts to parties to sue. Lawmakers can ensure the law applies “solely to private student records” by adding an “unwarranted invasion of personal privacy” provision, as well.
Perhaps most importantly, a revised FERPA should offer a “sliding scale of financial penalties” for regulators to apply to colleges in violation, Greenberg says. Individual programs that violate or misapply FERPA, for example, could be targeted with penalties, rather than the entire college:
That should deter both the overdisclosure of private information and the frivolous invocation of Ferpa to frustrate open-records laws.