Blog

ferpa

FERPA Compliance and Sexual Assault
Posted by On Thursday, June 2, 2016

The administrative burden placed on colleges and universities across the nation by the Family Educational Rights and Privacy Act (FERPA) “must not be understated,” and FERPA has been described this way: “the law was enacted hastily, poorly written, and, from its adoption, has begged review.” Salzwedel, M. & Ericson, J. “Cleaning Up Buckley.” Wisconsin Law Review, 2003: 1053, 1065. The stakes are also high: federal funds may be withdrawn from a school that has a “policy or practice” of releasing a student’s education records.

A recent case emphasizes the complexity of applying FERPA regulations and the importance of FERPA training. In an op-ed piece in the New York Times Magazine, Jon Krakauer, author of Missoula: Rape and the Justice System in a College Town, described his lawsuit against Montana’s Commissioner of Higher Education to force the release of education records from a disciplinary proceeding involving sexual assault allegations against a University of Montana football player.

But the issues involved are broader than Krakauer’s research for a new book. The US Department of Education filed an amicus brief in the Krakauer case to clarify FERPA principles at issue in the case, and journalists and news media organizations filed an amicus brief to defend freedom of the press.  Krakauer’s lawsuit challenges the school’s interpretation of FERPA — the University claims FERPA prohibits disclosing the football player’s private education records. Krakauer’s case was heard by the Montana Supreme Court on April 27th and the court’s decision will provide a rare high court interpretation of the labyrinth of FERPA regulations which school administrators, faculty, and staff must wade through.

The Department of Education’s amicus brief also argued that is has a “strong interest” in UM’s compliance with Title IX, noting UM’s 2013 resolution agreement with the Office for Civil Rights. In its 2014 Q&A on Title IX as well as the 2001 Revised Sexual Harassment Guidance, the Department pointed out the relationship between FERPA and Title IX regarding information about the outcome of a sexual harassment complaint and the due process rights of accused individuals.

Together with Title IX training, educating employees about basic FERPA principles allows them to recognize FERPA issues when handling education records, protecting student privacy rights, and helping schools comply with both their FERPA and Title IX obligations in a wide range of school activities.

Talk About It!Share on Google+Tweet about this on TwitterShare on FacebookShare on LinkedInShare on TumblrEmail this to someone

Weekly Roundup
Posted by On Friday, August 21, 2015

In this week’s roundup, confusion and guidance around confidentiality and the University of Texas system launches a study of campus sexual assault across all 13 of its campues.

Department of Education Seeks Input on Protecting Student’s Medical Records

On Tuesday, August 18th, The Department of Education’s (ED) Chief Privacy Officer, Kathleen Styles, requested input from the higher education community on protecting student medical records. The request, which was published on “Homeroom,” the ED’s official blog, accompanied a draft Dear Colleague Letter (DCL) addressing an exception under FERPA that allows a school to access a student’s medical records without consent if there is litigation between the student and the school.

The draft guidance follows a controversial incident earlier this year: after a student sued her university for allegedly mishandling her report of being raped, the university gave her therapy records to its attorneys to help defend itself against her lawsuit. One commentator argued the university’s decision — and the FERPA exception that allowed them to make it — left students “stuck between unaffordable therapy in a safe space and free therapy provided by an institution they are unsure they can trust.” The draft DCL offers guidance for these situations,

…without a court order or written consent, institutions that are involved in litigation with a student should not share student medical records with the institution’s attorneys or courts unless the litigation in question relates directly to the medical treatment itself or the payment for that treatment, and even then disclose only those records that are relevant and necessary to the litigation.

Public input is welcomed until October 2nd, and anyone interested can email comments to FERPA.Comments@ed.gov.

Controversial & Confidential Advisers

What’s controversial about confidential advisers? According to some experts, advocates employed by a college may have a conflict of interest when counseling alleged victims, rendering them unable to give students unbiased support. And without the protection of a legal privilege, advisers could be subpoenaed as part of a criminal investigation or by lawyers of accused students to disclose their communications with the alleged victim. Or, when helping a student move to a new dorm, information could be given to an employee who is required to report it to the Title IX coordinator. United Educators’ general counsel says simply hiring an adviser for every campus “is likely to cause more confusion and conflicts.”

However, as the White House Task Force Report pointed out, victims and survivors of sexual violence are more likely to seek help, rather than stay silent, if they have a place to go for confidential advice and support. The University of California has at least one adviser on each of its ten campuses. In fact, the UC Santa Barbara campus has five staff members to support victims through a campus or criminal investigation, or accommodations in academic and living situations, and the number of students seeking services from its confidential-advising program tripled after they increased the number of advisers.

California’s “Yes Means Yes” law requires campuses to have a confidential advising office for survivors. New York’s “Enough is Enough” law and the Campus Accountability and Safety Act now pending in the U.S. Senate both require confidential advisers on every college campus. Given the positive impact that a confidential adviser has on survivor reporting and recovery, it is likely we will see legislative action to protect advocate confidentiality.

Sexual Assault Climate Assessment at University of Texas

The University of Texas (UT) is undertaking a $1.7 million study of campus sexual assault across all 13 of its campuses.  Led by William McRaven, the chancellor of the UT system, the project is expected to take multiple years and will include an online student questionnaire, faculty and staff focus groups, and longitudinal studies of student experiences. This study is one of many sexual assault Campus Climate Survey projects sweeping the nation’s higher education institutions.

McRaven, who has been in his current role since January, is comparing his experience working with UT to his previous extensive experience with the military. McRaven is a retired four-star Navy admiral and a long-time Navy SEAL.  He is most known for his involvement in the operation that resulted in the death of Osama bin Laden in 2011. While in the Navy, McRaven says that he knew sexual assault was a problem, but until he conducted a survey of personnel, the extent and breadth of the problem were unknown. “Frankly, I was stunned by the results,” he said. “The problem was a lot more entrenched, and a lot broader, than I thought it was.”

This experience has helped him realize that “I don’t have enough data just yet” to understand how big the sexual assault problem is in the UT system. This project will happen in conjunction with the UT-Austin campus taking part in the AAU survey, for which aggregate results are expected to be published this Fall.

Talk About It!Share on Google+Tweet about this on TwitterShare on FacebookShare on LinkedInShare on TumblrEmail this to someone

Privacy vs. Safety: Does FERPA Apply to Sexual Assault Cases?
Posted by On Monday, November 25, 2013

Navigating the muddy waters between protecting student privacy and addressing complaints of sexual misconduct still causes confusion. Does FERPA prohibit disclosure of information about sexual assault cases? As one expert points out, many schools perceive a conflict between the confidentiality of student records under the Family Educational Rights and Privacy Act (FERPA) on the one hand, and the competing rights of sexual assault victims and other students under Title IX and the Clery Act on the other.

While this post is only intended to address whether FERPA prohibits disclosure of information about peer sexual assault complaints, a few basics are in order. As the Department of Education explained in a 2006 interpretation letter, FERPA protects “education records” maintained by or for the school which are tangible documents (including media and electronic data). FERPA does not, however, protect personal knowledge or observations:

FERPA applies to the disclosure of tangible records and of information derived from tangible records … As a general rule, information that is obtained through personal knowledge or observation, and not from an education record, is not protected from disclosure under FERPA.

Therefore, even if an education record exists containing the same information, FERPA doesn’t protect the confidentiality of information independently obtained from personal knowledge or observations.

In addition, the education records must contain “information directly related to a student” — in other words, they must directly or indirectly identify the student. So far this seems pretty straightforward. However, the various exceptions to FERPA protection when sexual assault is involved seem to cause confusion.

Starting with a clear exception, schools may disclose — without the accused student’s consent — the final results of a disciplinary proceeding involving alleged acts that, if proven, would constitute a violent crime or non-forcible sex offense:1

  • to anyone if the alleged perpetrator is found to have committed the offense
  • only to the alleged victim if the accused is not found responsible. In this case the victim must be told not to disclose the outcome to a third party

The result of a disciplinary proceeding is not final until after any appeals. Once the result is final the school may disclose the student’s name, the offense, and any sanction imposed, as indicated above. Another slightly more confusing exception allows disclosure of the investigative reports and other records2of campus police and security units involving sexual assault complaints if they are created for a “law enforcement purpose.” Whether the records qualify for this exception depends on (1) who created the records, (2) why they were created, and (3) who maintains them.

Under FERPA, if the records are created “exclusively for the purpose of a possible disciplinary action against the student” those records would be “education records.” However, the ED Secretary has said that it “expects such occasions to be very rare, especially when incidents involv[e] criminal conduct by students at postsecondary institutions.” Thus, if a student reports a sexual assault to campus police and other security staff their records are probably not protected from disclosure by FERPA.

A couple of cases illustrate how FERPA has been misapplied at the expense of student safety. Last year Oklahoma State University did not alert campus or local police when a victim reported to Student Affairs that he’d been molested. Over the next month the accused molester committed more assaults. Finally, a student newspaper reporter received an anonymous tip and contacted police, which led to the perpetrator’s arrest. In September, Nathan Cochran pled guilty to three criminal counts of sexual battery for fondling and performing oral sex on other male students while they slept in his fraternity house. Cochran was suspended from OSU for three years.

When the OSU victim first came forward, no tangible education record existed relating to the accused student. LeRoy Rooker, the ED’s chief FERPA enforcer for 21 years, said “Just forget FERPA at that point.”

And even if an education record existed a third exception, FERPA’s health and safety exception likely applied. Again, Rooker provides guidance in ED’s 2006 interpretation letter:

This provision allows an educational agency or institution to disclose personally identifiable information from education records, without prior written consent,in connection with an emergency [to] appropriate persons if the knowledge of such information is necessary to protect the health or safety of the student or other persons. 20 U.S.C. §1232g(b)(1)(I); 34 CFR §§99.31(a)(10) 99.36.3

In another case, Swarthmore College’s disciplinary proceeding found the accused student responsible but the victim felt the sanction did not protect her or other students in part because the accused’s identity was never revealed by the school. Though her assailant was found responsible for rape and suspended, he will be allowed to re-enroll after she graduates. In the meantime, his suspension wasn’t made public so he continues to visit the campus and present a safety risk.

When Liz Braun, Dean of Students at Swarthmore, asked for student feedback about the school’s College Judiciary Committee process, the victim described the CJC process as “unnecessarily torturous.” She asked a valid question in her response to Dean Braun: “Should the outcomes of CJC hearings and appeals be made public with identifiable names of perpetrators?” In fact, the accused student’s name could be made public if the CJC’s final decision found him responsible. This would not violate FERPA and could help protect other students.

Responding to a question about obtaining information from schools regarding sexual assaults against college students, ED Secretary Arne Duncan encouraged journalists to seek assistance from Department of Education staff if they encounter schools misapplying FERPA. While participating in a conference call organized by the Education Writers Association, Duncan stated, “Where districts or schools are — I’m not saying they are — but if they’re sort of hiding behind FERPA and not sharing simple information, we’re happy to try and assist there.”

A journalist from Student Press Law Center said she plans to follow up with ED’s chief privacy officer, Kathleen Styles. We’ll be looking for further guidance on this issue but hope that in the meantime this post provides some explanation of what is and isn’t a legitimate use of FERPA when it comes to protecting the privacy of students accused of committing sexual assault.


1. While this post focuses on sexual assault complaints, this exception to FERPA protection covers a number of violent crimes and non-forcible sex offenses listed in 34 CFR §99.39 and 34 CFR §99.31(13)and (14) covers the conditions that allow disclosure of information without consent.

2. 34 CFR §99.8(b)(1) defines “law enforcement records” as “records, files, documents, and other materials that are — (i) Created by a law enforcement unit; (ii) Created for a law enforcement purpose; and (iii) Maintained by the law enforcement unit.” While FERPA allows disclosure, the confidentiality of records maintained by a school’s security staff may be restricted by the school’s policies or applicable State law.

3. 34 CFR §99.31(10) provides that prior consent not required to disclose information where “The disclosure is in connection with a health or safety emergency, under the conditions described in §99.36.”
Talk About It!Share on Google+Tweet about this on TwitterShare on FacebookShare on LinkedInShare on TumblrEmail this to someone