The directive was clear and the assigned task challenging — create a policy for the University of Texas (UT) System Police on our responsibilities and compliance with the Family Educational Rights and Privacy Act of 1974 (FERPA). While it has been 39 years since FERPA was enacted, to this day confusion abounds within school communities across the nation as to when, what and how student information can be released, be they education records, directory information, law enforcement records, disciplinary actions, or health and safety exceptions.
Navigating the murky waters of FERPA can be mind numbing, fraught with legalistic twists and turns, and just downright confusing for those of us non-attorney types in campus law enforcement. In my case, coming to UT from the municipal policing paradigm to university law enforcement made this assignment even more complicated when faced with the fact that those of us who are grounded in municipal policing rarely, if ever, have had to address the issue of access or disclosure of student information protected by privacy laws. My first reaction was, “FERPA? Is that one of those fuzzy stuffed animals you give to kids at Christmas?”
Conduct Extensive Research Before You Start
Not surprisingly, it was quickly discovered that the FERPA regulations comprised scores of pages of directives that made fuzzy math look like kid stuff. It was also apparent that the likelihood of success in penning a comprehensive, yet comprehensible policy for our UT police officers depended on the ability to carve out only those parts of the law directly relevant to them in their daily duties.
Countless Internet searches revealed that while universities nationwide have FERPA policies — usually written by Offices of General Counsel (OGC) or registrars, perhaps — no policies were found that were written by and for university police. This then, clearly was uncharted territory, and the only alternative was to start from scratch, research as much relevant and available literature as possible and then set about the actual process of crafting the policy.
While specific steps were used when drafting the policy; it should be noted that while the steps listed are sequential, multiple steps were concurrently occurring during the undertaking of this project:
Step One: Read the FERPA law and become generally familiar with it. This is essential in laying the ground work for the policy foundation.
Step Two: Review your respective university’s FERPA policy and seek out any opinion papers that may have been written by the university’s Office of General Counsel.
Step Three: Interview officers who are most likely, or have dealt with, FERPA related issues. If problematic issues are revealed, attempt to incorporate policy elements that address those areas in the policy.
- What has been their experience with obtaining or disclosing student information?
- Do the officers actually understand the law?
- What has been their experience with student privacy issues?
- What issues in particular have they encountered? Have outside law enforcement agencies requested student information, and if so, what was their response?
- Have they experienced problems in obtaining information from their administration? What is the administration’s policy? Does the administration policy conflict with the FERPA doctrine? What are the administrative roadblocks, if any, that hinder their job?
Step Four: Conduct an extensive Internet investigation using multiple search criteria.
- Survey campus police Web sites. Do any have a police-specific policy?
- Examine campus FERPA policies in general. What are the similarities and what are the differences? Do they differ with your institution’s policy?
- Check for multiple campus office of general counsel (OGC) policies. These can provide guidance, simplification of the law, and foundational verbiage for the policy.
- Accumulate as much information as possible. When the information begins to repeat itself, the end is likely in sight.
Step Five: Begin to drill down on the material you have gathered to discover what information is directly related to the police function. Make note of regulatory stipulations that may be overlooked by officers; two important examples of this are:
1. According to FERPA, when an officer submits a subpoena for information, the university must notify the student. Therefore, we included the statement “In those cases where advance disclosure to the parent or eligible student might jeopardize an investigation, it is suggested that the subpoena contain an order from the court that the contents of the subpoena or the information furnished in response to the subpoena not be disclosed.”
2. Also according to the regulations, records protected by FERPA and accessed by university police in a non-law enforcement capacity would still remain subject to FERPA. One implication of this is that is becomes necessary to keep FERPA and non-FERPA protected information separate if there is a case file opened on a student.
Step Six: Begin writing. The UT policy has four distinct sections: definitions; formal policy; literary citations; and frequently asked questions (FAQs).
- Definitions: All pertinent terms in the policy were included.
- Formal policy: The final draft of the policy was framed by utilizing a blend of original statements with actual regulatory terminology taken from the FERPA statute.
- Citations: While not normally included in our policies, it was felt that it was important to include these.
- FAQs: FAQs are not normally included in policy either, however, they were included to target specific issues that officers were likely to encounter.
- Strive for simplicity.
In sum, writing the UT FERPA policy was an arduous task complicated by the sheer volume of legal-speak documents and related articles. The UT System policy is not the “end all” authority on FERPA, but simply our best effort to simplify and understand the requirements to keep us honest.