Working with public education data means working with the Family Educational Rights and Privacy Act (FERPA), a federal law that protects the privacy of and access to personally identifiable information (PII) in student education records.
At the same time, Office of the State Superintendent of Education (OSSE) data is more than data – it represents important information about people, whether a child, student, parent/guardian or faculty or a staff member of a school or child development facility.
OSSE interprets its responsibilities under FERPA in OSSE and Federal Privacy Laws and in accordance with guidance issued by the US Department of Education’s Privacy Technical Assistance Center (PTAC). FERPA requires parent/guardian consent to release data from a student’s education records to a third party but also allows some exceptions to this consent requirement. Some of these exceptions apply to OSSE, as the state education agency (SEA) and local education agencies (LEAs) and schools; other exceptions apply only to LEAs and schools.
Over the years, stakeholders – from both inside and outside of OSSE – have brought the agency many interesting questions about FERPA, data sharing and student privacy. Here are some recent highlights.
Q: Can OSSE share student data as directory information?
A: No. OSSE does not have enrolled students, so it does not have “directory information,” as defined by FERPA. LEAs and schools can use this FERPA exception to the parent/guardian consent requirement but not OSSE.
Q: Can OSSE share data with other organizations, such as program evaluators, it designates as “school officials” under FERPA?
A: No. Only LEAs and schools can use this exception to FERPA’s parent/guardian consent requirement to share student data.
Q: Does FERPA permit OSSE to share information about a student’s immigration status?
A: OSSE does not collect information about a student or family’s immigration status, and therefore, cannot share data it does not have. Under FERPA, it would be illegal for a school or LEA to share that data without parent/guardian consent or a court order.
Q: Is OSSE required to share student information with military recruiters?
A: No, but there is a requirement for LEAs and schools that receive funds under the Elementary and Secondary Education Act (ESEA, as amended). Under the law, they are required to comply with a request by a military recruiter for secondary students’ names, addresses, and telephone numbers, in accordance with their policy on directory information.
Q: Can researchers with a data sharing agreement with OSSE retain data after their study is finished if they need it for another project?
A: No. FERPA requires researchers to destroy data from student education records “when no longer needed for the specific purpose for which it was disclosed and a time period for that destruction.”
Q: Is health information maintained by the school nurse protected by the Health Insurance Portability and Accountability Act (HIPAA)?
A: No. Joint guidance from the US Department of Education and US Department of Health and Human Services makes clear that health data in school records is, in most cases, protected by FERPA and not HIPAA.
Learn More
For more information about OSSE’s policies and practices, please visit our Data Governance and Privacy page.
For more information about the differences in FERPA requirements for SEAs and LEAs, please visit this page.
If you would like more information or ask questions, please email us at [email protected].