The Milwaukee Journal Sentinel recently received 2 years worth of grading data from the University of Wisconsin-Milwaukee. You can search the data here, which provides specific grading details (but not student names or identifiers) for any particular class or instructor from fall 2006 to fall 2008. Here’s a sample listing in the database:
I’ve already written about the limited usefulness of such grading data for students looking to organize their curriculum, and there are a variety of possible explanations for why certain courses/majors/schools have particular GPAs. But what concerns me about this particular data release is whether it might violate FERPA.
The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. Generally, schools must have written permission from the parent or eligible student in order to release any information from a student’s education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR § 99.31):
- School officials with legitimate educational interest;
- Other schools to which a student is transferring;
- Specified officials for audit or evaluation purposes;
- Appropriate parties in connection with financial aid to a student;
- Organizations conducting certain studies for or on behalf of the school;
- Accrediting organizations;
- To comply with a judicial order or lawfully issued subpoena;
- Appropriate officials in cases of health and safety emergencies; and
- State and local authorities, within a juvenile justice system, pursuant to specific State law.
The release to the Milwaukee Journal Sentinel doesn’t appear to fit any of these conditions. So how was the grading data release justified?
It is likely that UW-M’s Office of Assessment and Institutional Research felt compelled to provide the grading data under Wisconsin’s public records law. Other public universities have been successfully sued to release similar data, and it appears to be standard thinking that “anonymous” grade data isn’t covered by FERPA, since this is how services like CampusBuddy have apparently received over 80 million grades at universities across the US & Canada.
Some of my colleagues, however, have raised the specter that under certain conditions a student’s grade could become identifiable in this dataset. Consider the following scenario:
Alice is in a class of 5 students. She earned a B+. Alice proceeds to lookup that particular class in the database and discovers that only one B+ was earned, while all the other students earned a B. Alice now knows the grade of each student within the class.
In this scenario, grade confidentiality is lost, thanks to the “anonymous” data released by UW-M. Given this, was FERPA violated?
Much of this hinges on how FERPA defines “personally identifiable information” (PII), for only if an educational record was improperly released with PII attached do we likely have a FERPA violation. PII is defined at 34 CFR § 99.3 (revised in December 2008):
Personally Identifiable Information
The term includes, but is not limited to—
(a) The student’s name;
(b) The name of the student’s parent or other family members;
(c) The address of the student or student’s family;
(d) A personal identifier, such as the student’s social security number, student number, or biometric record;
(e) Other indirect identifiers, such as the student’s date of birth, place of birth, and mother’s maiden name;
(f) Other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty; or
(g) Information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates.
As we can see, FERPA views PII as much more than just a student’s name, address, or SSN. Focusing on item (f), FERPA recognizes that other information that is linkable to a specific student could also be considered PII, but only if it could be linked by someone “who does not have personal knowledge of the relevant circumstances.” Thus, in our scenario above, Alice did have personal knowledge of the circumstances: she was able to surmise the grades of her fellow students only because she knew her own grade. If a random person came across that same dataset, he wouldn’t be able to link any of the grades to a particular student.
We can think of similar scenarios:
Bob is pursuing an evening graduate degree, and in order to have his employer subsidize his tuition, he submitted a schedule of courses to his human resources department. Someone in HR proceeds to search the grade database and discovers that one of Bob’s courses is an independent study with a professor with only one grade posted, presumably Bob’s. The employer now knows Bob’s grade.
While I consider this a violation of Bob’s privacy, under the current definition of PII, it doesn’t appear to be a violation of FERPA. It was only because the employer had “personal knowledge of the relevant circumstances” that Bob’s grade became identifiable.
There was much discussion surrounding the definition of “personally identifiable information” in the most recent version of the FERPA regulations. Originally, the definition included this condition:
(e) A list of personal characteristics that would make the student’s identity easily traceable.
But that was changed to the current condition (f):
(f) Other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty
The reason for the changed related mostly to the imprecision of the phrase “easily traceable”. Under the old version, I feel FERPA would have been violated in this data release. But given the current
“reasonable” test that exempts those with “personal knowledge of the relevant circumstances,” it appears these data releases are acceptable under a strict reading of FERPA — even when students’ grades can be identified by outside people.
Are there any FERPA experts out there who can shed more light on this?
MichaelZimmer.org 
There is a big legal difference between ‘is identifiable’ and ‘could be identifiable’. the data you represent above may be in the ‘could be’ category, but is not in the ‘is identifiable’ category under current practices. it is unassociated from student identification and to associate it, someone would have to break the ferpa rules and release identifiable information. Information is not considered ‘easily traceable’ if the tracer has to break the law to trace it.
The strange thing is… that when I accessed the UWM record system for my class in the fall. To do that i had to pass a test on Ferpa…. UWM is the only organization i’ve had that has done that. Interesting no?
The difference between “is” and “could be” is the essential point, which is why conditions like (f) above, stating “is linked or linkable” is so important. But the linkability isn’t necessarily tied to further breaking of FERPA.
I’m unsure if other universities require online FERPA training to access student record data, but they should.
@Michael Zimmer
is linked in this case, is contextual. it is not linked in the reported information above, there is no link to any individual students. There is always a link though in the universities private databases and perhaps elsewhere even. However, that there are links, does not matter, it is whether the links are released to the public.
FERPA NON-DISLOSURE AS IT STANDS TODAY IS HOAX
MAKE IT MEAN EXACTLY WHAT IT SAYS N O N D I S C L O S U R E !!!