Inspector General Finds Missteps in Dept. of Ed.’s Handling of FERPA

An audit by the U.S. Dept. of Ed.'s Inspector General found their own office liable for not handling FERPA complaints in a timely and effective manner.
Published: December 3, 2018

An audit from the U.S. Department of Education’s Inspector General found the department has failed to properly handle Family Educational Rights and Privacy Act (FERPA) complaints, showing years of unresolved cases and an ineffective system for tracking the number and status of received complaints.

The audit sampled 74 complaints from four categories: completed investigations, open investigations, inactive complaints and dismissed complaints.

Privacy Office officials estimated they were about two years behind on complaint investigations. However, the audit found the backlog to be significantly greater.

In September 2017, the department’s privacy office had 285 open investigations under FERPA, according to the audit.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

“The Privacy Office is not meeting its statutory obligation to appropriately enforce FERPA and resolve FERPA complaints”, the Inspector General said. “Complainants’ privacy rights are not appropriately protected as FERPA intends.”

A number of reasons have contributed to the FERPA backlog, according to the audit. The most significant reason being insufficient resources to adequately address and eliminate the backlog. An ineffective tracking system was also found to be a contributing factor, with the system lacking in areas like report functionality, the inability to automate letters, purge obsolete records, and losing data.

The Privacy Office was told to hire more staff for the student privacy function in 2015, but instead assigned them the tasks of technical assistance, training and best practices guidance.

Education Secretary DeVos has recently worked on reorganizing the department and staff to focus on reducing the backlog of FERPA complaints.

The table shows the respective responsibilities of the Compliance Office and the Policy and Assistance Division.

According to the education department’s spokeswoman Elizabeth Hill, there has been a 43 percent reduction in the number of unresolved cases since May.

FERPA allows parents access to their children’s school records and to request changes if those records appear to be incorrect. Under the law, schools must obtain written consent from parents to release any part of a student’s records to a third party.

The audit says FERPA violations can expose children to bullying or harassment as well as potentially hurting their chances of graduating or finding employment. Parents have the right to file complaints to the Dept. of Ed. if they believe their child’s personal information was exposed improperly or without their consent.

According to the audit, a FERPA complaint must meet the following three criteria to warrant an investigation by the Compliance Office:

  • The complaint must have standing (whether it be a parent or an eligible student)
  • The complaint must be timely (submitted to the Compliance Office within 180 days of the date of the alleged violation or the date that the complainant knew of the alleged violation)
  • The complaint must contain specific allegations of fact giving reasonable cause to believe that a violation occurred

Nearly a third of the received complaints were more than two years old. In 2017, 31 cases were never officially closed due to the proper paperwork not being filled out.

Leonie Haimson, co-chair of the Parent Coalition for Student Privacy, says parents are frustrated about their complaints not being answered, reports Education Week.

“Parents have these very serious complaints about their kids’ privacy having been violated, and they go through the trouble of filing complaints, but they just sit for years without any kind of substantive response,” Haimson said.

The audit also gave recommendations to the Privacy Office, including:

  1. Allocate appropriate resources to the Compliance Office based on the stated priority of reducing or eliminating the investigation backlog to resolve FERPA complaints in a timely manner.
  2. Work with the Office of General Counsel to resolve outstanding policy issues that impede the Compliance Office’s ability to investigate certain FERPA complaints
  3. Implement an effective tracking system to efficiently track the number of FERPA complaints as well as the status and outcome of each complaint.
  4. Use reliable performance data to design and implement appropriate performance standards for the Compliance Office as a whole and for individual personnel responsible for handling complaints.
  5. Investigate all complaints that meet the criteria requiring investigation and do not place complaints into an “inactive” status.
  6. Revise processes for resolving complaints to ensure appropriate and effective communication with the complains, including dismissal notifications, updates and responses to inquiries in a timely manner, as well as recording all communication in the tracking system.
  7. Design and implement a risk-based approach to processing and resolving FERPA complaints, where complaints deemed with a higher risk are dealt with first.
  8. Review and evaluate its current policies and procedures for processing FERPA complaints to ensure they are complete and appropriate.

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series