On February 5, 2019, the U.S. Department of Education (ED) released new and important regulatory guidance entitled “School Resource Officers, School Law Enforcement Units, and the Family Educational Rights and Privacy Act.” This guidance document was prepared and issued in response to the December 2018 final report of the Federal Commission on School Safety (the Commission), which was established following the February 2018 shooting at Marjory Stoneman Douglas High School in Parkland, Florida. Among the findings of that final report was the following, which concerns threat assessment efforts in the nation’s schools:
“Suspicious activity reporting programs must incorporate appropriate privacy protections to ensure compliance with the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA). However, confusion remains in some localities about whether and when student records can legally be shared during a health or safety emergency. Reducing this confusion can lead to greater compliance and appropriate reporting of threats to the safety of students and schools.”
The report further noted that with regard to identifying potential threats to school safety, multiple witnesses before the Commission reported frequent confusion regarding what information legally can be shared, and with whom, when it involves the behavior or mental health history of a student. Thus, one of the report’s specific recommendations was that ED clarify the parameters of information sharing between school staff, school resource officers (SROs) and school safety officers (SSOs), with special consideration and training regarding the privacy requirements of FERPA and HIPAA.
Intending to give school officials a better understanding of how FERPA specifically relates to circumstances that threaten the health or safety of individuals, and thus to empower such officials to act more quickly and decisively when challenges arise, the February 5, 2019, guidance from ED consolidates multiple prior guidance and technical assistance documents into a single resource. Among its more important points are the following:
- SROs and other outside law enforcement officials are not automatically within the FERPA exception for “school officials” with “legitimate educational interests” in student records, but they may be designated as such if a school complies with the FERPA requirements for sharing student information with entities that perform outsourced institutional services or functions.
- Schools may share with law enforcement officials any student information that has been properly designated as “directory information” under a FERPA-compliant directory information policy, provided that those students (or their parents if the students are under 18 years of age) have not opted out of such disclosures.
- Under FERPA’s exception for health and safety emergencies, school administrators may disclose a student’s education records (or personally identifiable information contained in those records) to “appropriate parties” in order to address a specific and articulable threat. Moreover, this exception to FERPA’s general consent requirement permits such disclosures when necessary to protect the health or safety of the student or other individuals. Note, however, that this exception is limited to the period of the “significant and articulable emergency” and does not allow for a blanket release of personally identifiable information from a student’s education records. Additionally, an “appropriate party” under this exception is anyone whose knowledge of such information is necessary to protect the health or safety of the student or other persons.
- FERPA applies to the disclosure of education records and personally identifiable information from education records that are maintained by the school, but does not prohibit a school official from releasing information about a student that was obtained through the school official’s personal knowledge or observation rather than from the student’s education records.