September 25, 2003
Ms. Corlis P. Cummings
Senior Vice Chancellor for Support Services
Board of Regents of the University System of Georgia
270 Washington Street, S.W
Atlanta, Georgia 30334
Dear Ms. Cummings:
This responds to your letter of September 19, 2003, in which you asked for an official opinion whether the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g, permits the Board of Regents of the University System of Georgia (Board) to release certain information from education records to the Atlanta Journal-Constitution. You asked for expedited consideration because the newspaper submitted its request pursuant to Georgia's Open Records Act. This Office administers FERPA and provides technical assistance to educational agencies and institutions to ensure compliance with the statute and regulations codified at 34 CFR Part 99.
Inquiry: The Journal-Constitution asked the Board to provide the following information for every student who completed an application for Federal student aid for the past two academic years: Georgia HOPE scholarship eligibility, Pell Grant eligibility, Pell Grant amount, and Federal expected family contribution. The information must also be categorized by the student's secondary institution, college or university, and county of residence. The newspaper has not asked for the student's name, social security number, or other personally identifiable information and has agreed to allow the Board to follow its policy of not releasing information in cohorts of 10 or fewer students. However, the newspaper insists that the information must be released in student-level rather than aggregated form.
The Board believes that FERPA precludes it from releasing the information in the format requested because a recipient would be able to identify individual students and their families with relative ease by cross-referencing information provided in the listings by secondary school, college, and county. The Board asks whether it may provide the information as requested by the newspaper consistent with its obligations under FERPA.
Discussion: An educational agency or institution subject to FERPA may not have a policy or practice of disclosing education records, or non-directory, personally identifiable information from education records, without the written consent of the parent or eligible student, except as provided by law. 20 U.S.C. § 1232g(b); 34 CFR Subpart D. "Education records" are defined as records that are directly related to a student, and maintained by an educational agency or institution or by a party acting for the agency or institution. 34 CFR § 99.3 ("Education records"). The information requested by the newspaper (each student's Georgia HOPE scholarship eligibility, Pell Grant eligibility, Pell Grant amount, and Federal expected family contribution) clearly falls within the definition of "education records" under FERPA.1
Under the FERPA regulations, "disclosure" means "to permit access to or the release, transfer, or other communication of personally identifiable information contained in education records to any party, by any means, including oral, written, or electronic means." 34 CFR § 99.3 ("Disclosure") (emphasis added). The regulations define "personally identifiable information" so that it includes, but is not limited to:
- The student's name;
- The name of the student's parent or other family member;
- The address of the student or student's family;
- A personal identifier, such as the student's social security number or student number;
- A list of personal characteristics that would make the student's identity easily traceable; or
- Other information that would make the student's identity easily traceable.
34 CFR § 99.3 ("Personally identifiable information") (emphases added). That is, FERPA-protected information may not be released in any form that would make the student's identity easily traceable. E.g., September 27, 2002, letter from this Office to Kennesaw State University at page 2-3. Conversely, student-level information from education records may be disclosed, without consent, if "personally identifiable information," as defined above, has been removed. This has been referred to as de identified or anonymous data.
In the case of standardized tests, this requirement can usually be met by removing the student's name, address, identification numbers, and "other information that would make the student's identity easily traceable," such as the alphabetical or other testing order. Courts have affirmed these procedures in cases such as Bowie v. Evanston Community Consolidated School District #65, 522 N.E.2d 669 (Ill. App. I Dist. 1988), aff'd, 538 N.E.2d 557 (Ill. 1989) and Kryston v. Board of Education, East Ramapo Central School District, 77 A.D.2d 896, 430 N.Y.S.2d 688 (App.Div. 2nd Dept. 1980). Similarly, in a case involving disciplinary records, Miami University redacted not only the student's name and student ID number but also the exact date and time of the alleged incident. The Court of Appeals later observed that these court-imposed redactions rendered the disclosure compliant with FERPA requirements.State ex rel. Miami Student v. Miami University, 680 N.E.2d 956, 959 (Ohio 1997), cited in United States v. Miami University, Ohio State University, 294 F.3d 797, (6th Cir. 2002).
Occasionally a student's identity may be "easily traceable" even after removal of nominally identifying data. This may be the case, for example, with a highly publicized disciplinary action, or one that involved a well-known student, where the student would be identified in the community even after the record has been "scrubbed" of identifying data. In these circumstances, FERPA does not allow disclosure of the record in any form without consent because the irreducible presence of "personal characteristics" or "other information" make the student's identity "easily traceable."
These principles apply equally to the disclosure of aggregated information. That is, the FERPA prohibition on disclosure of "personally identifiable information" allows agencies and institutions to aggregate data and disclose statistical information from education records, without consent, so long as the student's identity is not "easily traceable." Just as the removal of names and identification numbers is not always adequate to protect against personal identification with student level data, there are circumstances, such as those described in your letter, in which the aggregation of anonymous or de-identified data into various categories could render personal identity "easily traceable." In those cases, FERPA prohibits disclosure of the information without consent. This is true whether personal identity is revealed through a single request or through a series or combination of requests that are available to those in possession of the data.
Because of the wide variety of data compilations, configurations, search requests, and other factors related to the disclosure of anonymous data, it is neither possible nor desirable for this Office to take a categorical approach regarding the minimum size of cohorts or other restrictions applicable to the release of aggregated or student-level information necessary to avoid personal identification of an individual. However, any agency or institution that releases aggregated or anonymous student-level information from education records must first review the details of the resulting datasets to ensure that personal identity is not easily traceable. Clearly, agencies and institutions themselves are in the best position to analyze and evaluate these requirements based on their own data, and under FERPA the burden is on the agency or institution not to release aggregated or de-identified student level data if it believes that personal identity is easily traceable based on the specific circumstances under consideration. Indeed, this Office will initiate an investigation of any complaint that provides specific allegations of fact giving reasonable cause to believe that FERPA is violated by the release of aggregated or de identified student level information.
In summary, based on the information you provided, we are unable to conclude that the disclosure in question would not render a student's identity easily traceable and, therefore, would not violate FERPA. Further, under FERPA, the Board should not disclose anonymous or de-identified data in aggregation that it believes could make a student's identity easily traceable.
LeRoy S. Rooker
Family Policy Compliance Office
1. Information submitted by an individual who is applying to an educational agency or institution and who does not become a student at that educational agency or institution is not protected by FERPA. However, other laws, such as § 501 of the Gramm-Leach-Bliley Act (Public Law 106-102, November 12, 1999), might apply to the financial information contained in these applications. See 67 Fed. Reg. 36484 (May 23, 2002).