From the ashes of the Watergate scandal rose Ferpa, the Family Educational Rights and Privacy Act, passed in 1974 in response to the fear that the government was keeping secret and inaccurate files on students, which could be harmfully disclosed. In the words of Ferpa’s architect, James L. Buckley, a U.S. senator from New York, the law was enacted to “protect the rights of students and their parents and to prevent the abuse of personal files and data in the area of federally assisted educational activities.” Signed into law less than two weeks after the resignation of President Richard Nixon, it was ostensibly written to protect students at government-funded educational institutions from the hidden abuse of their files.
Yet in its current form, Ferpa is a privacy statute that doesn’t protect privacy, a rights statute that creates no enforceable rights, and an access statute that allows colleges to conceal information that would invite bad press. It has been invoked to stifle police investigations into campus crime and cover up scandal after scandal concerning college athletics, cronyism in admissions practices, and administrative malfeasance.
Through a caustic combination of poor enforcement, flawed court decisions, and nonexistent guidance from the Department of Education, Ferpa has fallen from a noble attempt to safeguard student privacy to a distorted excuse for institutional stonewalling.
Restoring common sense to the law will allow it to fulfill the overarching purposes of its passage.
Ferpa prohibits colleges receiving federal funds — in other words, almost all of them — from having a policy of disclosing the “education records” of students, or the “personally identifiable information” contained therein, without their consent. The law also requires those institutions to allow students and the parents of minor students access to their records, as well as a mechanism for correcting inaccuracies. It is primarily up to colleges themselves to comply with Ferpa, tasked as they are with interpreting and applying these inherently malleable terms.
That is where the problem lies. Colleges have used Ferpa to prevent the release of newsworthy information despite the records’ having nothing to do with student education.
For example, at the University of North Carolina at Chapel Hill, administrators erroneously cited Ferpa in denying a newspaper’s request for records related to an athletics scandal. This interpretation is bizarre considering that the requested records concerned employee communications and parking tickets — not student records. Elsewhere, the University of Illinois cited Ferpa in trying to cover up administrators’ communications about the so-called “clout list,” a system in which well-connected but academically subpar applicants received preferential admissions treatment.
Demonstrating a disregard for student rights, several colleges have cited Ferpa in refusing to investigate students’ rape accusations and threatening discipline against them unless they sign confidentiality agreements about the allegations. It took a ruling from the Department of Education to stop those colleges from imposing gag orders as the price for utilizing campus judicial systems. These are only a few of the divergent and egregious ways that colleges have misinterpreted the statute.
The drive to use Ferpa to conceal damaging information about an educational institution has dire consequences for student safety. According to the Center for Public Integrity, which tracks Ferpa abuses, colleges routinely cite Ferpa to hide statistics on how violent crime is reported and dealt with on campus. For example, Oklahoma State University cried Ferpa in response to widespread criticism for failing to notify law-enforcement officials of allegations that a fraternity member had sexually assaulted several students — despite its legal obligation to report this information under the Clery Act and Ferpa’s explicit exclusion of crime records.
The proliferation of Ferpa misinterpretations is the product of decades of nonenforcement by the Department of Education. The department has never punished a college for violating or misapplying Ferpa, despite having the power to do so. The law authorizes the Education Department only to take all federal funding away from a college — a draconian measure — or to take none at all. Rather than reduce colleges to financial ruin, the Education Department has chosen to not enforce the statute, allowing colleges to violate it with impunity.
Furthermore, the U.S. Supreme Court held in Gonzaga University v. Doe (2002) that individuals and organizations cannot sue to enforce Ferpa. The flawed decision effectively closed the courts to the students, parents, and newspapers harmed by Ferpa fouls. Colleges have no rational reason to comply with a statute that cannot be enforced by litigation and will not be enforced by the federal government.
Ferpa’s problems are fixable. In a new law-review article, my colleague Adam Goldstein and I suggest a series of statutory and judicial fixes. Addressing the overclassification of records, lawmakers should add an “unwarranted invasion of personal privacy” clause to the definition of an education record. This well-established legal standard will ensure that colleges apply Ferpa solely to private student records rather than to whatever information may cast the institution in a negative light. Other proposed revisions include amending the statute’s exceptions to include college applications, which are currently left unprotected by Ferpa, and empowering the Education Department to impose a sliding scale of financial penalties for colleges that violate its provisions.
For example, by allowing the denial of funding to only a portion of a college’s educational programs, such as those responsible for misapplying Ferpa, the department can enforce Ferpa without resorting to an all-or-nothing approach. It will be able to tailor its remedies to the severity of the violation and create a financial disincentive for abusing Ferpa. That should deter both the overdisclosure of private information and the frivolous invocation of Ferpa to frustrate open-records laws.
Overall, lawmakers should seek to clarify Ferpa’s definitions, harmonize it with other laws affecting higher education, such as the Clery Act and state open-records laws, and enable parties to hold institutions accountable through the courts for erroneous and malicious misinterpretations. Restoring common sense to Ferpa will allow it to fulfill the overarching purposes of its passage: safeguarding student privacy and granting students and their parents access to their education records.
A law without consequences for defiance is no law at all. A statute professing by name and by purpose to create enforceable privacy rights for students and family members should do just that.
Zach Greenberg is a legal fellow at the Foundation for Individual Rights in Education.