November 18, 2004
Mr. Matthew J. Pepper
Tennessee Department of Education
Andrew Johnson Tower, 6th Floor
710 James Robertson Parkway
Nashville, Tennessee 37243
Dear Mr. Pepper:
This is in response to your November 5, 2004, inquiry in which you ask about the applicability of the Family Educational Rights and Privacy Act (FERPA) to the release of student level records to researchers. You state that the Tennessee Department of Education (TDE) routinely receives requests from researchers for student level data and you are attempting to develop a policy to allow the release of these records. You state that you plan to encrypt the records by changing a student’s social security number to a unique student identifier. You state that the "crosswalk" between the social security number and unique student identifier will not be released to researchers. You also ask about the release of small data cells where an individual can be identified by the research. This Office administers FERPA and is responsible for investigating complaints and providing technical assistance to ensure compliance with the statute and regulations. 20 U.S.C. § 1232g; 34 CFR Part 99.
As you know, FERPA generally provides that an educational agency or institution may not have a policy or practice of releasing a student’s education records, or personally identifiable information contained within those records, without the prior written consent of the student’s parent or parents. 20 U.S.C. § 1232g(b)(1). According to the Department’s regulations implementing FERPA, "personally identifiable information" includes a personal identifier, such as the student’s social security number or student number. See 34 CFR § 99.3. Education records may be released without consent if all personally identifiable information has been removed.
In addition to FERPA, Congress has also recognized that scientifically valid educational research, including applied research, basic research, and field-initiated research, can provide parents, educators, students, researchers, policymakers, and the general public with reliable information about educational practices that improve academic achievement. Such research can also provide important information about the effectiveness of Federal and other education programs. See sections 102(20) and 111(b) of the Education Sciences Reform Act of 2002. In particular, academic accountability is a central focus of the No Child Left Behind Act of 2001, and high-quality research is one of the ways to show whether the achievement gap is closing. A key component of such research is the use of longitudinal studies in which individual student performance is evaluated over a period of time.
To provide appropriate access to data for such studies, and consistent with the privacy protections of FERPA, the Department intends to promulgate regulations in the future defining this type of non-personally identifiable (anonymous) data, thus allowing disclosure, without parental consent, but with appropriate privacy safeguards. While the Department affirms FERPA’s requirements, data that cannot be linked to a student by those reviewing and analyzing the data are not "personally identifiable." As such, the data are not "directly related" to any students. Accordingly, a document containing only non-personally identifiable data, even when originally taken from a student’s education record, is not a part of the student’s education records for purposes of FERPA. Thus, because the document – established or created under the requirements below and given to a researcher – contains no personally identifiable information, it does not constitute a disclosure proscribed by the regulations. However, it should be noted that the establishment or creation of such a document by a district or State is voluntary. Nothing in this letter or the pending regulatory process should be construed to require that such a document be established or created.
Beginning immediately and during the pendency of our rulemaking process, the Department will refrain from any enforcement action under FERPA under circumstances where an educational agency or institution has established or creates an anonymous data file for the purpose of education research, and in which a student is identified only by a non-personal identifier and the following requirements are met:
1. the non-personal identifier itself –
a. is not a scrambled social security number or student number, unless such identifiers are protected by written agreements reflecting generally accepted confidentiality standards within the research community; and
b. cannot be linked to an individual student by anyone who does not have access to the linking key;
2. the anonymous data file is populated by data from education records in a manner that ensures that the identity of any student cannot be determined, including assurances of sufficient cell and subgroup sizes; and
3. the linking key that connects the non-personal identifier to student information is itself an education record subject to the privacy provisions of FERPA. In other words, the linking key must be kept within the agency or institution and must not be shared with the requesting entity.
These requirements do not limit or otherwise modify the FERPA exception for non-consensual disclosure of personally identifiable information from education records to organizations conducting studies for or on behalf of educational agencies or institutions under 34 CFR § 99.31(a)(6).
Please note that if this Office receives a complaint containing specific allegations that the above requirements have not been met and the allegations give reasonable cause to believe that a violation of FERPA has occurred, this Office will initiate an investigation into the matter.
As a reminder, in reporting information, if cell size or other information would make a student’s identity "easily traceable," that information would be considered "personally identifiable." See 34 CFR § 99.3. The educational agency or institution should use generally accepted statistical
principles and methods to ensure that the data are reported in a manner that fully prevents the identification of students. If that cannot be done, the data must not be reported.
The Department remains strongly committed to enforcing the requirements of FERPA and ensuring that personally identifiable information is protected. Anonymous data procedures will ensure that the data are not traceable to individual students. In addition, the regulations we intend to issue will provide parameters and safeguards to protect the rights of students and parents. In short, the Department’s regulations will ensure academic accountability in a framework that protects the identity and privacy of students.
Please feel free to contact me if you have any questions about FERPA in general or this issue in particular.
LeRoy S. Rooker
Family Policy Compliance Office