Last week, a 17-year-old Rockingham, N.C., student was arrested and charged with bringing a firearm onto school property, the Richmond County Daily Journal reported.

The student’s name and some information about the arrest were available publicly, because the student was charged as an adult. But school administrators balked at many of the questions posed by the Daily Journal. Among the questions that Superintendent George Norris would not answer:

1. How many weapons did the student have?
2. What kind of weapons, including caliber or length?
3. Were the weapons loaded or was ammunition nearby?
4. Where were the weapons found?
5. Did the student cooperate?
6. Who was the student (including date of birth, address and specific charges)?
7. Why did the student bring the weapon to school?
8. Was bullying an issue in this case?

“All of the information that we have about these questions will be contained in educational records that cannot be released because they are confidential under FERPA,” Norris told the Daily Journal.

Source: Richmond County Daily Journal, Student accused of carrying gun. (May 20, 2013)

Executive Director Frank LoMonte: I suppose it’s possible that telling the public how many guns a student brought to school is equivalent to giving away the student’s name. If the student’s name is “Two-Gun McGillicuddy.” (And if that’s the case… really, Mr. and Mrs. McGillicuddy, what were you thinking?)

FERPA protects only information that is confidential and that, if disclosed, would be linkable to a known individual student. So let’s take a piece of information like Request #4, “Where were the weapons found?” Unless the school’s response is, “Why, they were found right in Two-Gun McGillicuddy’s car trunk, just where he left them,” exactly how would release of that fact compromise a student’s privacy?

(1) Let’s suppose we’re concerned about the knowledge of the people inside of the school, who know McGillicuddy was caught with guns and will consequently know which student the school is talking about, even if his name is not mentioned. Remember, these people already know McGillicuddy is the gunman. At that point, what privacy interest is compromised if the school issues a statement: “Student X kept the guns in the trunk of a car.” Will his classmates suddenly say, “This completely changes my opinion of T.G. Sure, I was going to forgive him if he kept guns in his locker like a normal kid. But the trunk of his car?”

Or would the McGillicuddy family have grounds to complain to the Department of Education that little T.G.’s privacy was violated? “We were perfectly fine with everyone in school knowing that T.G. liked to carry guns. But now that they know where he hides them, why, it’s just not safe for T.G. to come to school anymore — he’s completely lost the element of surprise.” 

(2) Let’s suppose we’re concerned, instead, with the knowledge of people outside of the school — people with no idea who McGillicuddy is. Again, the school issues a statement: “Student X kept the guns in the trunk of a car.” Exactly how will that revelation be the “a-ha” piece of information causing people outside of the school to link that information to McGillicuddy? 

Will the neighbors say, “I saw that McGillicuddy boy loading shotguns into the trunk of his Trans Am and heading off in the direction of the school, and then later I saw a bunch of police cars outside his family’s house, and I saw on the news where a kid got arrested for bringing guns into the school — but until that TRUNK part, why, I never would have made the connection!”

So in other words, the set of audience members for whom disclosure of the location, number or caliber of the weapons or ammunition would reveal something previously unknown about McGillicuddy is a big fat empty set of zero. The school indisputably could have answered, at least, all of the factually descriptive questions without implicating FERPA at all.

Here’s how you know the school doesn’t get it. Their own answer tells you so: ”All of the information that we have about these questions will be contained in educational records that cannot be released because they are confidential under FERPA.” 

That’s wrong.

There’s a vast difference between asking for access to a student’s records (nope) versus asking for facts that might appear in those records.

For example: Johnny’s attendance file says he was absent from school on Tuesday the 21st because of the flu. You walk into the front office and say, “Hey, what was Tuesday’s date?” Should the secretary tell you, “I’m sorry, I can’t tell you Tuesday’s date, because that information appears in Johnny’s confidential FERPA file.” 

Well yes, it appears in a confidential education record — but that’s not how you know it. The Department of Education, before it was completely taken over by nitwits, used to understand this distinction very well, as evidenced by a 2006 DOE opinion letter issued to a Maryland school district:

FERPA applies to the disclosure of tangible records and of information derived from tangible records. FERPA does not protect the confidentiality of information in general, and, therefore, does not apply to the disclosure of information derived from a source other than education records, even if education records exist which contain that information.

While it’s true that information about T.G.’s weapons might appear in the disciplinary writeup in his FERPA-protected school file, that information would appear in any number of other non-FERPA-protected records, such as police officers’ notes. The most likely way for the school P.R. spokesman to get the information requested by the news media here would not have been to dig out T.G.’s disciplinary file — it would’ve been to ask the cops. And information coming out of the mouth of a cop is not “FERPA information.”

So this seems like an open-and-shut case of a rogue, judgment-impaired school district misapplying federal confidentiality law, right? Ah, not so fast.

Common sense tells you — and the common law of privacy agrees — that there is no “privacy interest” in being arrested on criminal charges. It does not compromise any legitimate privacy interest to reveal the name of anyone — even a minor — accused of a serious crime; in fact, the Supreme Court has told us that there is a constitutional right to publish the names of juveniles charged with criminal offenses. 

But common sense and FERPA are only distant acquaintances. 

In 2008, Department of Nitwits Education issued a jaw-dropping interpretation of FERPA that comes right out and says that FERPA secrecy overrides the public’s right to know which kids are bringing guns to school and how they are being punished:

[I]t might be well known among students, teachers, administrators, parents, coaches,volunteers, or others at the local high school that a student was caught bringing a gun to class last month but generally unknown in the town where the school is located. In these circumstances, a school district may not disclose that a high school student was suspended for bringing a gun to class last month, even though a reasonable person in the community where the school is located would not be able to identify the student, because a reasonable person in the high school would be able to identify the student.

In other words, it is the stated, official position of a powerful federal government agency run by highly educated people not only that a school can’t tell you the names of the kids who brought guns to school — but that the fact that guns were brought into the school is none of the public’s business.

Because of a law protecting “education records.”

Unless the kid is enrolled in, I don’t know, “A.P. Calculus and Marksmanship,” this of course makes no sense except on Planet D.O.E., that parallel universe where laws of physics (and logic) cease to apply. 

Since schools are all about grading on the curve, let’s give this one a generous “Two Arnes” grade, recognizing that the Rockingham superintendent was — while acting in defiance of common sense, sound judgment and North Carolina’s open-records law — acting perfectly consistently with a nonsensical DOE interpretation that, the first time it is challenged in court, will be flattened like a spider in a “Garfield” cartoon. 

(Oh, and finally, in a fact that matters everywhere except Planet D.O.E., it’s worth noting that nothing about what happened at Richmond County Transitional School is the least bit confidential, because it all came out in police and court records, and everything — including the student’s name and photo — was carried by the local media. The fact that information is already widespread public knowledge means that it by definition is no longer “private.” But neither the broken FERPA statute, nor the equally broken DOE regulations interpreting it, make any allowance for universally known facts.)

Last month, when U.S. News and World Report released its list of best high schools in the country, students, parents and administrators at Lakeridge High School in Oregon were surprised to learn they didn’t make the cut. For the past three years, they’ve been ranked a “silver medal school” from the publication. Students’ test scores were even higher than a rival high school that was ranked.

It turns out the school was excluded because of how the Oregon Department of Education records students’ test scores. When more than 95 percent of students at a school pass state math and reading tests, the state doesn’t record specific scores because doing so might identify students who didn’t pass. This is a policy put in place to avoid violating the Family Educational Rights and Privacy Act.

Source: The Oregonian, Lakeridge High goes unranked in national top schools list because test scores were too high. (May 3, 2013)

SPLC Executive Director Frank LoMonte: I don’t even.

Can I stop there?

You know that part in Hannibal where the guy eats his own brains? That’s this. This is FERPA eating FERPA. “We’re keeping test scores secret, because if it got out that 98 percent of the people who took the test passed … then … that wouldn’t be secret anymore. And that would be bad … because, secrets … need to be secret.” 

I would invite you to follow the logic, but let’s face it, we’re beyond that. 

Suppose it gets out that 99 percent of all kids in Oregon passed the exam. FERPA applies only to the disclosure of information about identified individuals. How does the percentage lead to the identity of any individual? Jackson Pollock on acid couldn’t connect these dots. 

Let’s say it turns out that only two kids in all of Oregon failed the high school proficiency test. Even if you know that you are one of them, so you know there’s only one other kid out there — how does the number lead you to the individual? (Unless the other guy has already told you, in which case the statistic isn’t giving away anything confidential.) If you are some algorithmic prodigy capable of extrapolating from a statistic into the name of the other person — well then, you wouldn’t have failed the Oregon high school proficiency exam, would you?

No court has ever held that the release of a statistic is a violation of FERPA. The only person (inside the Oregon Department of Education or outside of it) who would be able to figure out the identity of an individual test-taker from a statewide data set is someone who already has access to those names anyway. 

A state that overthinks FERPA this badly doesn’t deserve to be on anybody’s “best anything” list. 

Florida A&M University’s student government president recently was removed from the college’s board of trustees. But no one will say why. Officials told the student newspaper, The Famuan, that the matter is confidential under FERPA, the Family Educational Rights and Privacy Act.

The Famuan published a strongly worded column criticizing the university’s decision to withhold information about the trustee’s removal. 

“However, people need to realize that by putting yourself into the position of a public figure and joining the BOT, you are subject to scrutiny, and your actions have to be made publicly,” Managing Editor Jorge Rodriquez-Jimenez wrote. “For the university to try to protect a public figure by screaming FERPA makes me question what other lines they are willing to blur to save face.”

Source: The Famuan, Stop hiding behind FERPA, (March 22, 2013)

SPLC Executive Director Frank LoMonte: 

So, here’s the thing. In January, the editor of the FAMU student newspaper vanished — and the university wouldn’t say why. Then in March, the student representative on FAMU’s board of trustees disappeared — and again, FAMU wouldn’t explain why.

There’s only one logical explanation.

Killer sinkholes.

Florida’s full of these suckers, they’re fast, they strike without warning — and they’re hungry.

So… on the remote possibility that the campus is NOT full of killer sinkholes — that, instead, FAMU’s student body president was disqualified from the board for academic or disciplinary reasons — is there any reason FAMU can’t say so?

Well, for starters, a Tallahassee TV news station reported March 21 that the former trustee, Marissa West, “resigned” from student government. A resignation from elected office is not a piece of confidential education information, so FAMU clearly can (but apparently won’t) confirm that much.

And FAMU probably can say quite a bit more. By way of reminder, FERPA protects the confidentiality of records — not of facts. If FAMU’s information about the former elected official comes from a source other than education records (for instance, from city police reports), then that information is not FERPA-protected. 

As even universities themselves admit (when admitting it serves their self-interest), FERPA does not apply to one-off disclosures — it penalizes schools that have a “policy” of releasing confidential records. What “policy” might conceivably exist here? “Every single time we fire the student member of the Board of Trustees, we tell people why” isn’t (let’s hope!) a routine practice. 

The fact that we’re even arguing about this at all illustrates how hopelessly dysfunctional FERPA is. When you run for the highest-profile office on your campus, and agree to sit on the university’s governing board, you implicitly waive a degree of privacy as it relates to your job performance and your fitness to serve.

But because the FERPA statute doesn’t provide for a “waiver by conduct,” it’s literally possible that you could get your grade-point average tattooed on your forehead (by the way, don’t) and yet file a FERPA complaint if the college discloses it.

Bottom line: FAMU legally can (and ethically should) say something about why its students no longer are represented by the elected trustee of their choice. And unless disclosing the basis for the departure necessarily requires giving away a piece of confidential information gleaned from education records, then the college legally can (and ethically should) give the public a full explanation.

Just to be safe, Florida needs to get cracking on plugging those killer sinkholes. Starting with the information sinkhole that is Florida A&M University.

Last week, a candidate for Duke University’s student government dropped from the race after flyers were hung around campus that said he had been suspended from campus for a semester for sexually assaulting another student, The Duke Chronicle reports.

The candidate has denied the accusations, but the incident has prompted students on campus to ask whether student government has any means of learning whether candidates or elected students have been found responsible for sexual assaults or other disciplinary action.

The school’s incoming student body president, Stefani Jones, told the paper that student government would have no way of learning about a candidate’s disciplinary history.

“Even if we wanted to create a policy about [those found responsible for sexual assault or harassment], it would be impossible,” Jones told the paper, citing FERPA. “We would never know which students were in violation of that policy…. If it existed, it could never be enforced.”

Source: The Duke Chronicle, Duke student government cannot access candidates’ history (April 8, 2013)

SPLC Attorney Advocate Adam Goldstein: Obviously, we need to talk about this topic in the abstract—since I’m not a prosecutor looking to make my reputation, I don’t want there to be any confusion about the fact that I’m talking about hypotheticals.

But it turns my stomach to hear people assert that FERPA would be an obstacle to learning whether someone has been suspended for rape. Partially because that’s incorrect; FERPA does not prevent an institution from disclosing the final result of a disciplinary proceeding where someone has been found responsible for a rule infraction that is also a crime of violence. See 20 U.S.C. Sec. 1232g(b)(6)(B). 

Mostly, however, this upsets me because it suggests there’s some kind of academic right of privacy in rape. There isn’t. At all. Ever. 

There are four valid answers Duke could give the student government if it requested copies of the outcome of a disciplinary proceeding against a candidate:

1. “Here’s a copy of the final outcome.” This would apply if the person was found to have committed a crime of violence.
2. “I can’t give you those records because of FERPA.” This would apply if the person was not found responsible, or they were found responsible of a non-violent offense (for example, if they were found to have tresspassed).
3. “There are no such records.” Meaning there never was a disciplinary proceeding.
4. “We aren’t going to tell you because Duke is a private institution and we don’t have to.” If Duke feels an overwhelming urge to protect the rapists in its school, I suppose it’s legal to do this. It’s a pathetic, shameful answer, but it’s legal.

Nobody has a right of privacy in being a perpetrator of sexual assault. That’s an asinine position. That’s like saying you should have a right of privacy in robbing banks, or a right of privacy in treason. The entire point of criminalizing conduct is that we want to find those people and remove them from the streets.

I know that people are going to tell you that, in the name of campus safety, it’s important that we work hard to keep secret the names of rapists on campus. I suggest you find those people and ask them what the hell are they thinking. 

Here’s a first: After earning FERPA Fact’s “Not protected by FERPA” rating, one California college has reversed its position.

Last week, we gave a Triple Duncan rating to Saddleback College’s use of FERPA. The school cited the Family Educational Rights and Privacy Act (before citing the Health Insurance Portability and Accountability Act) when denying student journalists at the Lariat access to public records about a former student who went on a shooting spree that killed three in February.

This week, the college has reversed its position. In an email sent Thursday, the school’s spokeswoman told Lariat editor Angie Pineda that after consulting with the school’s lawyers, the school would be releasing records relating to Ali Syed.

“The opinion of legal counsel is that based on the U.S. Department of Education’s interpretation of the Family Educational Rights and Privacy Act (FERPA), it is within the discretion of the district to decide whether to release the documents in this highly unusual circumstance,” McCue wrote. “The college and district take student privacy rights and laws protecting those rights seriously. Given that it is within our discretion to release the documents in this circumstance, the college and district have made the decision to honor the Lariat’s request.”

Pineda said she and her staff never expected administrators to provide the records. ”We were all stunned,” she said. Read the documents here.

Last month, 20-year-old Ali Syed went on a shooting spree killing three before killing himself. Student journalists at Saddleback College’s Lariat quickly learned that Syed had attended the school and began seeking more information about his attendance, Editor-in-Chief Angie L. Pineda said.

The Lariat reporters talked with a professor who taught Syed but has had difficulty getting any more information about him from school administrators. At first, school administrators said their request — for records relating to whether Syed was in the school’s programs for disabled students or those with special needs — could not be released because the records are private under FERPA, Pineda said. When she followed up, a school spokeswoman told her that HIPAA, the Health Insurance Portability and Accountability Act, protected the records from release. Pineda said the staff seeks the records because they are crucial to their reporting about what prompted Syed’s shooting and whether there were warning signs before.

Source: interview with Angie L. Pineda, Lariat editor-in-chief (March 6, 2013)

SPLC Attorney Advocate Adam Goldstein: We’ve heard this song and dance before from Ohio State employees, who cited FERPA and HIPAA as a basis for refusing to disclose disciplinary outcomes after sexual assault reports. Somehow, Saddleback College has managed to come up with something even dumber, here.

As the Department of Education has pointed out, FERPA does not protect the records of dead students. Syed killed himself. I’d have thought that was enough for Saddleback employees to piece it together themselves, but apparently, they’re still struggling. I’d explain it to them in smaller words but I don’t understand what part they don’t understand.

And as we’ve discussed in that Ohio State post, HIPAA only applies to organizations that are primarily in the business of providing health care. It doesn’t apply to law enforcement, it doesn’t apply to fire departments, and it doesn’t apply to university life offices. A person with basic literacy skills who is permitted to operate her own shoelaces and buttons would be able to figure this out from any summary of HIPAA anywhere, so to cite this is both a complete abdication of the basic obligation to meaningfully respond to public records requests, and evidence of someone possessing the intellectual curiosity of a cream cheese danish.  

(I apologize, that was a completely uncalled for thing to say about danishes, which are proud and noble pastries, rich with history, that have never once improperly withheld a record.)

Now, far be it from me to cast aspersions on Saddleback’s motivations, here, but I have a hard time taking them at their word that they are refusing to disclose information related to this person’s education due to an overwhelming concern with the completely imaginary privacy rights of a dead murderer. Do you think it might be possible—I mean, could it be the case—that Saddleback just doesn’t want anyone to know what services this person was or was not offered?

Let’s not forget that this same path was walked by Pima Community College in Arizona, when they cited FERPA as a basis for withholding e-mails related to their former student, Jared Loughner, who murdered six people in Tucson in January 2011. Out of their overwhelming desire to protected Loughner (and not at all out of, say, a desire to avoid anyone finding out what they knew and when they knew it), Pima Community College refused to disclose Loughner’s records, citing FERPA.

Pima lost the case, and when they finally did hand over the records (which showed that, while Pima struggled to figure out what to do, it was trying very hard to do the right thing), they also ended up handing over $25,000 in attorney’s fees.

The only real difference between Saddleback’s situation and Pima’s situation is that Loughner is still alive.  Take a minute to process that. 

A little less than two years after a court says FERPA doesn’t protect e-mails about the mental state of a campus shooter who is alive, Saddleback is citing FERPA (and the even more laughable HIPAA) as a basis for refusing to confirm the enrollment details of a campus shooter who is dead, and thus categorically exempt from FERPA.

It may be necessary to find local counsel to get a judge to order them to comply with the law. And then probably it’ll be necessary to hire some cartoonists or puppeteers to translate the judge’s order into something even a Saddleback administrator would understand.

In the meantime I’m just going to cross my fingers and hope that there has to be somebody at the college smart enough to realize how stupid this looks. Is there somebody there who is in charge of the pointy-scissors and watching the paste to make sure the other administrators don’t eat it? Can you forward this to him, please?

Friday, Southern Connecticut State University released a statement announcing that it had placed its head baseball coach, Tim Shea, on immediate administrative leave due to allegations of NCAA violations. In the schools press release, the university says it cannot comment further because they cannot release any more information about Shea’s administrative leave because of FERPA.

Source: The Hartford Courant, Southern Connecticut baseball coach Tim Shea placed on administrative leave pending investigation of NCAA violations. (Feb 1, 2013)

SPLC Attorney Advocate Adam Goldstein: While it’s entirely possible that some of the NCAA violations in question touch on student behavior, that’s not why the institution can’t “provide further comment.” For most violations, disclosing the nature of the violation with identities redacted won’t disclose anything about students in the program.

SCSU basically looks like it’s fudging the details in its statement. The statement amounts to saying, “we won’t tell you anything, and that’s because of internal rules and FERPA.” So it’s not even quite saying that FERPA is the reason they won’t comment further. It’s a misuse of FERPA in that they’re using federal law to give a veneer of respectability to what is essentially a press release saying, “go to hell, we’re not answering your questions because we don’t have to.”

That said, is there any FERPA-protected information in play here? Possibly. It really depends on the violations. But that’s not why they won’t “comment further.” They could go farther than they did without going anywhere near FERPA’s rules. 

In essence, SCSU’s invoking FERPA to explain why they won’t disclose the nature of the violation is like a store owner invoking shoplifting law to explain why they won’t let anyone into the store. Yes, it’s possible someone would shoplift if they got in the store, but the line being drawn is so far away from the law being cited that it’s clearly not the real motivation for the action.

Because they fudged the details by invoking internal policy and FERPA in the same breath, they’re more guilty of intellectual dishonesty than FERPA wrongdoing.   

We rate this:

Warrick County School Superintendent Brad Schneider says he can’t discuss the results of the Indiana school district’s investigation into a threat made on Facebook by a high school student because FERPA prohibits doing so. Schneider brought up the threat, made at the beginning of the school year, when discussing another alleged threat made by a student on Facebook, this time following the shooting at Sandy Hook Elementary School. The results of the recent investigation aren’t clear, either.

Source: Warrick Publishing, BHS, police respond to Facebook threat. (Jan. 2, 2013)

SPLC Executive Director Frank LoMonte: In the real world — that is, the world that you and I and everyone we know lives in — “privacy” refers to “things that are private.”

That is not the world inhabited by the legal geniuses at the Department of Education — which is the only reason that the answer to this FERPA scenario is not 100 percent obvious.

Let’s pay a brief visit to the real world. There, a principal’s statement that “we suspended a boy for 10 days for making a threat” would never in anyone’s wildest imagination be considered a release of confidential information, (a) because the statement tells us nothing about the kid, and (b) you give up the right to be indignant about your privacy anyway when you threaten violence against people, especially when you do it on Facebook. 

Judges, for the most part, occupy the real world. Thus, judges in Montana applied FERPA correctly and ruled that a newspaper could be told what disciplinary penalties were imposed on two students who shot at classmates with pellet guns, once the students’ names were withheld. 

If we stop there, then it’s nonsensical for the Warrick County school district to refuse to tell the public what was threatened and what penalty was imposed. Not just nonsensical, but affirmatively counterproductive to good education. With just Superintendent Schneider’s statement, there’s no way for the public to independently verify whether the school district used sound judgment — or grossly overreacted. 

Now let’s step through the funhouse mirror into “DOE Wonderland,” where when they use a word, it means just what they choose it to mean — neither more nor less. 

As of 2009, the Department changed its interpretation of FERPA to say that, if anyone within the school community might be able to match up the anonymous piece of information with a known student, then even the release of de-identified records can still violate FERPA.

It’s probably true that some people within the school know that Johnny Jones is the kid who made the Facebook threat. But those people also already know that he was kicked out of school for 10 days.

So a statement by the superintendent reassuring the public as to how threats are punished — reassurance to which the entire school community is kind of entitled — gives away nothing that Johnny’s friends didn’t already know. 

That is the fatal fallacy of the Department’s 2009 FERPA reinterpretation — that releasing information already known to an entire class (or even known to the entire school) can be an invasion of privacy. 

But being realistic, there is absolutely zero chance that the DOE would impose the “financial death penalty” on a school district because its superintendent, in a good-faith effort to inform the community, let the public know the nature of a threat and the severity of the penalty imposed. The department has never seen fit to sanction anybody for a FERPA violation — ever. It certainly would not start here.

While there is no indication of an ulterior motive in Warrick County, interpreting FERPA in this nonsensical way clearly invites mischief. A school district that grossly misuses its disciplinary authority — in ways that the public should know about — can conceal its wrongdoing behind “student privacy.” Unless the student and his family incur the embarrassment of “outing” themselves, citizens will never learn about, and put a stop to, disciplinary overkill.

It is utterly impossible to believe that Congress intended for FERPA to be used to keep the public in the dark about whether a threat of violence was or was not serious, and whether the school responded appropriately. Unless you work at the Department of Education, where they sometimes believe as many as six impossible things before breakfast. 

We rate this:

Among the details being shared now about the man behind the Dec. 14 shootings at Sandy Hook Elementary School are records about his attendance at Western Connecticut State University. A spokesman for the school district told the Associated Press that the shooter earned a 3.26 grad point average while taking classes as a teenager. He earned an A in a computer class, A- in American history and a B in macroeconomics, according to the AP’s report. 

Source: The Associated Press, School gunman went to Conn. univ. when he was 16. (Dec. 17, 2012)

SPLC Executive Director Frank LoMonte: Washington’s about to drive over a cliff. You can’t go anywhere without a bulletproof vest anymore. And we’re out of Twinkies. Let’s face it, America: 2012 sucked.

So let’s end it on a modestly positive note, by giving props to a college that put aside FERPA mythology and correctly honored a request for public records — without triggering the Mayan apocalypse. 

Normally, federal law makes students’ grades confidential, and that confidentiality survives graduation. But when a (present or former) student dies, FERPA privacy dies too — the U.S. Department of Education’s chief FERPA enforcer said as much in a December 1994 advisory opinion to Maine’s Bates College.

Not a lot about federal privacy law is consistent with common sense, but this is one time the two actually align. Courts have said for decades that the common-law right of privacy does not survive the individual’s death. It would defy logic to say that a writer was free after your death to publicize your drinking habits, your extramarital affairs and your embarrassing venereal diseases — but not that C-minus you got in Trigonometry.    

Eagle-eyed readers may note that Newtown shooter Adam Lanza attended college starting at age 16, and may wonder whether that changes the rules. It doesn’t — but if you noticed that, then you’re probably a terror at “Where’s Waldo.” 

When the student is a minor, the right of FERPA confidentiality belongs to the parent, not the student — except if little Doogie goes to college early. The FERPA statute, 20 U.S.C. Sec. 1232g(d), provides that the right to consent to the release of confidential records belongs to the student and not the parent “whenever a student has attained eighteen years of age, or is attending an institution of postsecondary education” (emphasis added).

So the answer remains — the right to object to the release belongs to the college student, and with his death, the right to object dies as well. Western Connecticut State acted consistently both with FERPA and with common sense in fulfilling the AP’s request. 

It’s pretty pathetic when you have to pop a champagne cork to celebrate a college not acting irrationally and not violating the open-records act — but consistent with 2012 as the year of lowered expectations, we’ll take it. 

With wishes for a more transparent 2013,

We rate this:

Thousands of documents, including many emails, concerning Aurora theater shooter James Holmes were released earlier this month by the University of Colorado, a month after a judge ruled some records could be released if they were public under Colorado law. The university said it redacted about 2,000 of the documents about Holmes because of FERPA and medical privacy reasons. 

Source: Associated Press, James Holmes emails reveal brief romance, few friends (Dec. 6, 2012). 

SPLC Executive Director Frank LoMonte: It’s depressing to have to say this — and doubly so, given the events of Dec. 14 at Newtown, Conn. — but we’ve been down this road before.  

In 2011, The Arizona Republic tried to get public records from Pima Community College about its former student, Jared Loughner, after Loughner was arrested for the shopping-center shooting spree that killed a federal judge and left congresswoman Gabrielle Giffords gravely wounded. 

Pima College, predictably, said everything it had on Loughner was confidential under FERPA.

A state-court judge didn’t see it that way. 

Superior Court Judge Stephen C. Villarreal explained that FERPA covers only records that a college “maintains” about its students. An email from one professor to another, commenting that a particular student might be dangerous, is not a record “maintained” by the school. It doesn’t appear in the student’s permanent file, and it is subject to being deleted by the recipient at any time.

Judge Villarreal’s common-sense application of FERPA is consistent with the way the Department of Education has explained the statute’s purpose: If a record is a FERPA record, then (a) it must be produced when the student shows up and demands to inspect his FERPA records and (b) the student has the right to challenge the accuracy of the record, to insert corrective material into the record, and to have a hearing if the college declines to make the correction.

None of those descriptions applies — heck, none of them even makes sense — when talking about employee emails.

Now, fast-forward to Aurora, Colorado. 

In its initial records production, the University of Colorado appears to have disclosed mostly documents created after the July 20 movie-theater shooting, such as correspondence about responding to journalists’ inquiries. As media reports have characterized the records, very few pertain to Holmes’ actual attendance at the university.

Undoubtedly, some of what the university has in its “James Holmes” file — his college application, grades, records of minor disciplinary incidents and the like — are “education records.”

But two thousand pages’ worth?

Let’s see, the University of Colorado has 30,000 students at any given time. If the “James Holmes file” is typical, then Colorado has 60 million pages of FERPA “education records” — just on its current students.

Sixty million pages is how much the Library of Congress adds to its collections every year. Sixty mission pages is the size of the entire collection in the Ronald Reagan Presidential Library.

In other words, nah. Colorado doesn’t have 2,000 pages of FERPA records about James Holmes. It has 2,000 pages of something — but relatively few of those pages are “education records.” 

Judge Villarreal had it right in the Arizona Republic case. If documents aren’t centrally “maintained,” they aren’t covered by FERPA. 

Postscript: To the extent that Colorado insists some of the documents are covered by “health care privacy,” that exception — like FERPA — is much narrower than schools commonly claim.

If Holmes was consulting a health-care professional such as a university psychiatrist, then records of his treatment legitimately are protected by the federal Health Insurance Portability and Accountability Act (“HIPAA”). But the opinions of non-medical laypeople about Holmes’ mental state are not HIPAA records — nor, see above, are they legitimately within the scope of FERPA.

We rate this: