On Monday, the DoE clarified FERPA regulations to allow for "greater flexibility."  You can read the full text of the FERPA Amendment here, but the Chronicle of Higher Education summarizes it this way:

The U.S. Department of Education proposed new rules on student privacy today that would clarify when colleges can release student information in the interest of health and safety. The proposed changes to the Family Educational Rights and Privacy Act of 1974 would also give greater flexibility to college administrators in making such decisions.

The obvious driver of these changes are instances such as the Virginia Tech shootings, where the school could not share information with local law enforcement that might have identified a student's potential to be a threat.

However, this still ignores a larger issue that is at best nebulous in the current FERPA requirements.  The added "flexibility" assumes, of course, that protected student information is always communicated in an intentional way.  The tricky part of FERPA (as with many other privacy regulations) is the potential blind spot of overheard, unintentional communications. 

For example: in most larger universities, it's pretty common for an overworked departmental receptionist to answer questions from a long line of students - particularly at registration time.  It's not difficult to overhear what classes, grades, registration blocks or other protected information the student in front of you may be facing. 

So - in summary - the new changes are sure helpful to administrators trying to weigh the safety of their students with the need to protect their private information.  However, administrators and educational employees - especially those working in acoustically-challenging work environments - will still need to take additional steps to protect against unintended audiences overhearing students' private information.

The Family Educational Rights and Privacy Act of 1974, known by the acronym FERPA, is a set of guidelines for educational institutions. It is a federal law that specifically protects the privacy of student education records. Under the act, students have certain rights with regards to the release of such records, and the law requires that educational institutions adhere to the guidelines very strictly.

FERPA provides student the right to access their records. They have the right to demand that their records only be disclosed with their consent. They have the right to amend their records. And they have the right to file a complaint if the school discloses their records in a way that is in violation of FERPA.

Educational records that are protected by FERPA include such records as written documents that deal directly with their program of education, computer media, film, audio and video tapes, photos, and microfilm. All of these types of media are protected if maintained by the school or by an organization acting on the school’s behalf.

Since the laws governing student records are so strict, it’s imperative that your employees are all made very aware of the law, and that they know every part of the law inside an out. It’s also very important that your school’s records are kept in a closed area of the building, which can’t be easily accessed by outside parties.

If a school’s employees are working in an open office environment, the distractions around them may cause them to inadvertently leak student information in violation of FERPA. If a secretary is distracted when she receives a telephone call asking for information about a student’s records, she might mistakenly give the information out, believing there was no violation. 

Employees can’t be distracted when dealing with documents that are strictly protected by law. The government takes the privacy rights of students very seriously, especially with regards to their student records. Your institution can’t afford to take chances with the security of your students’ private information.

Always be sure to train employees thoroughly on every aspect of FERPA. Test them several times to ensure that they have thorough knowledge of the law, and exactly how it applies to many common situations.

Be sure student records are stored securely. Keep student records in locked filing cabinets, or at least behind a locked door. Make sure records stored on computer are encrypted, or at least protected by a very strong password. Don’t allow records to be faxed or printed without permission directly from the student.

Also, be sure your employees are free from distractions. Install a good sound masking system to be sure employees don’t get distracted by excessive noise. Noise is one of the most common causes of errors in the workplace, and sound masking systems can help convert distracting noise into sounds that can simply be tuned out as if they don’t exist.

Your institution can’t afford to risk giving out student records improperly. Be sure to equip your employees with everything they need in order to protect that information!