State lawyers and education agency lawyers often have to make up their own interpretations of how FERPA policy dictates data-sharing, she explained, adding: “This often leads to policy differing from state to state. So while state X can do one something with data sharing, state Y can’t.”

Guidera also said that many times data can’t be linked across K-12 and higher-education sectors because of misunderstandings of FERPA.

Another example, said Lyndsay Pinkus, DQC’s director of federal policy initiatives, is that experts can’t use the data for research and audits, because they’re not sure if the practices comply with FERPA. “For this reason, many agencies aren’t clear if they can conduct research on the schools’ behalf,” she said.

To help resolve these issues, ED has proposed four key initiatives:

1. Chief Privacy Officer: Kathleen Styles will become ED’s first chief privacy officer. Styles will serve as a senior adviser to the education secretary on all of ED’s policies and programs related to privacy, confidentiality, and data security. According to ED, Styles will head a new division dedicated to advancing the responsible stewardship, collection, use, maintenance, and disclosure of information at the national level within ED. She also will coordinate technical assistance efforts for states, districts, and other education stakeholders, helping them understand important privacy issues—such as minimizing unnecessary collection of personal information.

2. Privacy Technical Assistance Center: The PTAC has been established within the National Center for Education Statistics (NCES), which is a section of ED’s Institute for Education Sciences. PTAC will serve as a one-stop resource for the P-20 education community on privacy, confidentiality, and data security. The center will develop a privacy toolkit that includes frequently asked questions, a library of resources, and checklists for data governance plans. PTAC also will make technical assistance site visits to states and coordinate regional meetings to share training materials. The center’s help desk is now available to take questions on these issues. To access the PTAC website or submit a question, visit http://nces.ed.gov/programs/PTAC/.

3. Best Practices: NCES has launched a series of technical briefs that offer best practices for data security and privacy protection. The briefs are intended to serve as resources for practitioners to consider adopting and/or adapting to complement the work they’re already doing. Three briefs already have been released and are posted at http://nces.ed.gov/programs/ptac/TechnicalBriefs.aspx.

4. FERPA Clarification: ED is releasing a Notice of Proposed Rule Making (NPRM) under FERPA. The proposed regulations would give states the flexibility to share data to ensure that taxpayer funds are invested wisely in effective programs, as well as increase accountability for institutions that handle FERPA-protected records.

In its NPRM, ED says FERPA would be strengthened to ensure that every entity working with personally identifiable information from student education records is using this information for authorized purposes only.

Schools will be able to implement directory information policies that limit access to student records, preventing marketers or criminals from accessing the data. And states will be able to enter into research agreements on behalf of their districts to measure the success of programs, such as early childhood programs that effectively prepare kids for kindergarten.

In high schools, administrators would be able to share information on student achievement to track how their graduates perform academically in college, according to the NPRM.