Recently proposed changes to the Family Educational Rights and Privacy Act (FERPA) could have an effect on university policies concerning the disclosure of personal information from educational files.
The Department of Education’s pending decision would allow electronic signatures to qualify as a form of written consent for disclosing personal information.
FERPA is a federal law instituted to protect students’ and parents’ privacy by requiring written consent, signed and dated, from parents or eligible students for disclosure of personally identifiable information from educational records. Under the new regulations, electronic forms of communication like e-mail and personal identification numbers would be considered valid forms of written consent.
In compliance with FERPA, the University Registrar currently requires handwritten signatures from the student before it will release any personal information from the Student Information System other than basic directory information. The Registrar also requires a handwritten signature from a student in order to bar access to basic directory information.
The Office of Student Conduct and UIS directed reporter’s inquiries to the University Registrar. The University Registrar did not return phone calls placed yesterday.
FERPA is often applied when students request the issuance of a transcript or other personal information from their educational records to an employer or when they enroll in a federal student loan program. This policy, however, has also been an integral part of recent discussion related to the disclosure of the results of disciplinary hearings.
Both FERPA and the Georgetown Office of Student Conduct cite sexual assault and other violent crimes as exceptions to the disclosure policy.
According to the university student handbook, “the university will disclose the final results of a disciplinary hearing (the name of the student, the violation committed and any sanction imposed by the university against the student) only to the respondent and . to a complainant or other individual who is the victim of the alleged violation.”
Before learning the results, victims are first required to sign a confidentially agreement included in the Disclosure of Adjudication Form, which prevents them from sharing the results of the hearing with anyone but their parents and the person who served as their student adviser during the process.
In recent years, some Georgetown students and parents have accused the school of taking advantage of FERPA’s emphasis on protection of personal information in order to protect the reputation of perpetrators of violent crimes. Opponents argue that forcing victims to sign a confidentiality agreement and keeping the results of disciplinary hearings private protects the accused and allows them to pose a future threat to unknowing students. Signing of the Disclosure of Adjudication Form has been at the center of this debate.
The Department of Education has requested the university to provide a written explanation of its disclosure policies after Kate Dieringer (COL ’05) and Security on Campus, Inc., a non-profit organization that raises safety awareness on college campuses, filed a complaint with the Department of Education in arch alleging violations of the Clery Act. The law applies to most institutions of higher education, both public and private, because the law is tied to participation in federal student financial aid programs. The Department of Education has not yet ruled on the matter.
Although the proposed changes regarding electronic signatures would not affect the actual policy laid out by FERPA or Georgetown, they could make the process both more efficient by allowing the use of new technologies and less secure by presenting more opportunities for fraud.
Recently passed legislation, including the Electronic Signatures in Global and National Commerce Act (E-Sign Act), have set a precedent for the use of electronic signatures as a way encouraging them as a more efficient way to keep records and conduct business more efficiently
Department of Education officials argue that these new regulations “are necessary to implement the law and give the greatest flexibility to local governments and schools [and they] minimize burden while protecting the rights of parents and students.”
If these changes were implemented, electronic signatures would have to meet certain standards of “reasonable security.” According to the Department’s report, the acceptance of electronic consents and signatures would be regulated by a process establishing the identity and authenticity of the originator of the message and verifying the integrity of the message itself. These changes would also be accompanied by some process for documenting the sender’s approval of the text in the message.
The Department would rely on its 2001 “Standards for Electronic Signatures in Electronic Student Loan Transactions” as a basic guide to the types of processes allowed under the new regulations. Valid forms of identification outlined in this document include personal identification numbers or passwords, the scanned image of a handwritten signature, a computer file or number that corresponds to a unique biometric measurement like a fingerprint or retinal pattern and a unique credential provided by a trusted third party, such as a cryptographic smartcard or a one-time password device. Under these regulations, audio recordings of oral statements would not be considered as acceptable electronic signature processes.