SlideShare a Scribd company logo

Alaska FERPA Complaint [Redacted]

E
EmilyCherkin

Redacted copy of parent FERPA complaint. Filed February 2021

Law
1 of 12
Download to read offline
1 UNITED STATES DEPARTMENT OF EDUCATION Family Educational Rights and Privacy Act Complaint Form FORM APPROVED OMB NO: 1880-0544 Exp: 02/28/2021 Instructions: The United States Department of Education’s (Department) Family Policy Compliance Office (FPCO) reviews, investigates, and processes complaints of alleged violations of the Family Educational Rights and Privacy Act (FERPA); 20 U.S.C. 1232(g), (h) and 34 CFR part 99. FERPA is a Federal law which affords parents certain rights with regard to their children’s education records. The term “education records” is defined under FERPA, with certain exclusions, as those records that are directly related to a student and which are maintained by an educational agency (e.g., a school district) or institution (e.g., a school or postsecondary institution), or by a party acting for the agency or institution, to which funds have been made available under any program administered by the Secretary of Education. These rights include the right to inspect and review their children’s education records, the right to seek to have their education records amended, the right to have some control over the disclosure of personally identifiable information contained in their education records, and, the right to file a written complaint with FPCO regarding an alleged violation of FERPA. Once a student reaches 18 years of age or begins attending a postsecondary institution, he or she becomes an “eligible student,” and all of the parent’s rights under FERPA transfer to the student. FPCO investigates written complaints alleging a violation of FERPA by an educational agency or institution, a state educational agency (SEA) (if alleging denial to inspect and review education records maintained by the SEA), or a third party, if the complaint: 1) is filed by a parent or eligible student with FERPA rights over the education records which are the subject of the complaint, or his or her attorney or advocate; 2) is submitted to FPCO within 180 days of the date of the alleged violation or of the date that the complainant knew or reasonably should have known of the alleged violation; and, 3) contains specific allegations of fact giving reasonable cause to believe that a violation of FERPA has occurred. Individuals who want to file a complaint should do so by completing this Complaint Form (available at https:// studentprivacy.ed.gov) in its entirety and submitting it electronically or by mail. If you choose to submit this form electronically, please note that it is a fillable PDF (Portable Document Format) and works best when used with Adobe Reader, available for free download at https://get.adobe.com/reader/. Once you have completed the form, please type your name in the signature space and click “Submit Form.” Your computer’s default e-mail software program should then open and create an e-mail with the Complaint Form attached. In order to complete the submission process, you must send this email, and attachment, as appropriate. In the event that you have either not selected a default e-mail software program on your computer, or the default e-mail software program you have selected does not open when clicking “Submit Form,” in order to complete the submission process, you must either save the form,
2 manually attach it to an e-mail, and send that e-mail to FERPA.Complaints@ed.gov; or, print the form, and sign and mail it to: Family Policy Compliance Office U.S. Department of Education 400 Maryland Avenue, SW Washington, D.C. 20202-8520
3 You should receive a confirmation of FPCO’s receipt of your complaint within three business days from the date of your submission. Failure to complete the Complaint Form in its entirety or to not provide any of the information required for FPCO to determine whether your complaint contains specific allegations of fact giving reasonable cause to believe that a violation of FERPA has occurred, may result in, among other things, the dismissal or return of your complaint to you in order to obtain additional information needed by FPCO to further consider your complaint. If your complaint is dismissed, you may choose to resubmit a new complaint per the instructions set forth above and in accordance with the requirements of FERPA. Also, you should be aware that when reviewing, investigating, or processing your complaint, FPCO may disclose, without your prior, written consent and pursuant to routine uses of the records that have been published in the system of records notice covering FERPA complaints, information contained in your complaint, such as the name of the complainant, the name of the student if the student did not submit the complaint, and the alleged violation(s), including, but not limited, to the educational agency or institution against which your complaint has been made. SECTIONS 1 & 2: STUDENT AND COMPLAINANT INFORMATION To complete these sections, please provide all requested information, including the student's correct birthdate. An attorney or advocate may file a complaint on behalf of a parent or an eligible student; however, FPCO will not discuss the complaint with the attorney or advocate without the prior, written consent of the parent or eligible student, as applicable. FPCO will dismiss anonymous complaints and complaints filed by a party other than the parent or eligible student who maintains FERPA rights over the education records that are the subject of the complaint, or his or her attorney or advocate. Please note that a parent of an eligible student does not maintain rights over the education records of the eligible student and may not file a complaint alleging that his or her rights as a parent under FERPA have been violated. SECTION 3: EDUCATIONAL AGENCY OR INSTITUTION INFORMATION This section requires that you provide, among other information, the name and address of the current superintendent of the school district, the president of the college or university, the state educational agency (SEA) official (if alleging denial to inspect and review education records maintained by the SEA), or the appropriate official of a third party, that you are alleging violated FERPA. FERPA applies directly to educational agencies and institutions that receive Federal funds under programs administered by the Department. For instance, private elementary and secondary schools generally do not receive funds from the Department and are, therefore, not generally subject to FERPA. FPCO generally will dismiss complaints filed against elementary or secondary schools that are not listed on the Department’s National Center for Education Statistics Public School website (available at https://nces.ed.gov/ccd/schoolsearch/). Please note that it is extremely important that you enter the specific date (mm/dd/yyyy) of the alleged violation in this section for us to accurately determine the timeliness of your complaint. As stated above, a complaint must be filed within 180 days of the alleged violation or within 180 days after the complainant knew or reasonably should have known of the alleged violation.
4 SECTION 4: FERPA VIOLATION INFORMATION In describing the alleged violations, you must respond to all of the information requested in the heading(s) that pertain to the nature of your complaint. For instance, if you are alleging a violation based on denial of access to your, or your child’s, education records, you must (1) list the education records you requested; (2) indicate that the educational institution or agency maintains the requested education records and how the education records are maintained (if known); (3) provide the date(s) and means by which you requested access; (4) indicate the name and position of the official(s) to whom you made the request for access to the education records; and (5) describe any response received to your request or any actions taken by the educational agency or institution in response to your request. Your response should only include the relevant facts that would give reasonable cause to believe that a violation of FERPA has occurred. To the greatest extent possible, please limit your response to the space provided in this Complaint Form; if more space is needed, you may attach additional documents in which you further describe your complaint. Failure to provide any of the required information may result in, among other things, your complaint being dismissed or returned to you for additional clarification, which would delay the processing, and might impact the timeliness, of your complaint. SECTION 5: CORRESPONDENCE INFORMATION If there is any correspondence or other information, such as newspaper articles, website postings, e-mail or letter exchanges, that substantiates your allegations, please briefly describe it in this section. You may also attach copies of relevant documents that support your allegations. Please note that FPCO will not accept the submission of audio or video files, CD/DVDs, or thumb drives. Also, the submission of nonessential, voluminous, or nonresponsive information may, among other things, delay the processing, or result in the dismissal or return, of your complaint. SECTION 6: CERTIFICATION Certify that the information you have provided in the Complaint Form is true and correct under penalty of perjury by typing in your name in the signature space, if filing electronically, or by printing out the Complaint Form and signing it, if filing by mail.
6 SECTION 4: FERPA VIOLATION INFORMATION What is the nature of the alleged FERPA violation? Please provide clear, succinct responses addressing all of the information requested in the heading(s) that pertain to your complaint. If you have been denied access to your, or your child’s, education record(s): (1) list the education record(s) you requested from the educational agency or institution; (2) indicate whether the educational agency or institution maintains the requested education record(s) and, if so, how the education record(s) is maintained (if known) and the period of time such record(s) is retained (if known); (3) provide the date(s) and means by which you requested access to the education record(s); (4) indicate the name and position of the official(s) to whom you made the request for access to the education record(s); and, (5) describe any response that you received to your request or any action(s) taken by the educational agency or institution in response to your request. If you have been denied the opportunity to amend your, or your child’s education record(s): (1) describe the education record(s) you sought to amend; (2) the information in the education record(s) that you wanted amended and the specific correction that you requested to such information; (3) the reason you believe that the information in the education record(s) is misleading, inaccurately recorded, or an invasion of your, or your child’s right to privacy; (4) the date you requested to amend the education record(s); (5) the name and title of the school official to whom you made the request to amend your, or your child’s education record(s); (6) any response that you received to your request or any action(s) taken by the educational agency or institution in response to your request; and, (7) the result of any hearing held by the educational agency or institution on the matter. If your, or your child’s, education record(s) or personally identifiable information contained in such education record(s) was improperly disclosed without your prior, written consent, indicate specifically: (1) what education record(s) and/or personally identifiable information was disclosed and the date of such disclosure (if known); (2) whether the information disclosed was recorded in the student's education records; (3) the name and title, or job function, of the school official who made the disclosure; (4) the individual to whom the disclosure was made and relationship, if any, to the educational agency or institution, and to the student; (5) the circumstances under which the disclosure was made; (6) how and when (date) you became aware of the disclosure; and, (7) a description of any communication between you and the disclosing individual or entity, as applicable, regarding the disclosure. I am a parent of a public school student concerned about the increased reliance on technology platforms in school, and the apparent lack of oversight by my school district of its Ed Tech vendors to ensure that the use of this technology is consistent with my child’s right to privacy. I am particularly concerned that these technology platforms are capturing personal information about my child and my child’s online activities without my consent and are using it for commercial purposes. My school district has been unable or unwilling to: provide a complete list of apps and programs used by my child at school; identify the information those apps and programs are collecting about my child; and explain what is being done with that information. Specifically, on February 1, 2021, I, emailed Anchorage School District Members and Board Members to request access to the education record(s) of my child that are collected through technology platforms used in school. Page 2 of 8 X
7 My request was sent pursuant to the Family Educational Rights and Privacy Act (“FERPA”) 20 U.S.C. 1232(g),and included, but was not limited to, all data and metadata collected from, about, or pertaining to my child, held by the school or various Educational Technology Vendors (“Vendors”). In particular, I requested Education Records as defined in 34 CFR Sec. 99.3, to include emails, notes, memoranda, video, audio, or other documents/material maintained by the Vendor as well as any personally identifiable information (“PII”) from my child’s education records, including but not limited to personal direct identifiers and other indirect identifiers. I also requested any metadata generated or collected by the Vendor relating to my child’s use of the Vendor’s service(s), such as browsing history and searches performed, as well as all log-ins and log-outs and IP address information, along with corresponding dates and times, device fingerprints captured about the browsers used, operating system, location, etc. by Google, Zoom, Canvas/Instructure, Kahoot!, Remind, Seesaw, Quizlet, Gimkit, Smart Music, McGraw Hill Connect, and Pear Deck, all of which are relied upon by my school district for in-person and/or remote learning. I reasonably believe that the records I requested are maintained on behalf of the school or school district by these Vendors, or possibly, by the school or school district itself. I understand that these Vendors are performing institutional services or functions for which the school would otherwise use its own employees and/or resources. Despite FERPA’s requirement that my school respond to my request within 45 days (or with reasonable extensions, if requested by the school), I received a timely, but non-responsive reply from Supervisor of Records Management at Anchorage School District, in which I was not sent any FERPA documents pertaining to the PII or metadata collected by these Vendors, nor was I given any other opportunity to access this information, and was therefore denied access to my child’s Education Records. Because I do not know what information was collected about my child, I also do not know how long these records are maintained, who has access to these records, for what purposes, and to whom they may have been disclosed. I am aware of the “School Official” exception, which allows school districts to disclose Education Records to third parties without my written consent, and I believe that Vendors and schools are relying upon this “School Official” exception to circumvent the requirement for written parental consent. But I also understand that for the exception to apply, schools must exercise “direct control” over those third parties. In my case, no such control appears to exist because although my school district enters into contractual agreements with these Vendors, who have access to my child’s personal and confidential information, the school district was still unable to provide any FERPA documents responsive to my request, and these Vendors appear to be operating with no oversight or accountability. My district has failed to provide me the information that I am entitled to under FERPA. My district is apparently unable, unwilling, or unclear about how to do so with regard to these Vendors. Page 3 of 8
8 I therefore ask that the Department of Education investigate my school district’s use of technology Vendors and my district’s policies for the retention, collection, use, and parental access to student information collected through these Vendors, and further, that the Department of Education issue a decision in my favor clearly and explicitly mandating that: 1. A school district shall only use technology Vendors if: (a) the district directly oversees and controls what information those platforms collect, how that information is processed and stored, and how that information is being used; (b) that this oversight not only includes entering into a contract that explicitly imposes all FERPA-related requirements and restrictions on the Vendor, but also explicitly requires regular audits and oversight of the Vendor’s access, use, and disclosure of student PII, and affirmative enforcement of the Vendor’s obligations under the contract when non-compliance is identified; and (c) that school districts must be required to publicly post the results of these audits, oversight, and enforcement efforts so that parents are able to engage in meaningful protection of their children’s privacy rights; 2. A school district post on its website: (a) a list of all technology platforms used by its schools; (b) a list of all Vendors with which the school district has entered into a contract; (c) a copy of all such contracts, redacted as appropriate; and (d) the contact information for the district official responsible for handling FERPA requests; 3. To the extent a Vendor processes or retains student PII, those records are considered “Education Records” covered by FERPA and the school district must provide access to those records in response to a FERPA request, and clarifying that merely providing a student’s account log-in credentials, or referring the requester to the Vendor itself or the Vendor’s website, does not satisfy the school district’s obligations under FERPA; 4. To the extent Vendors share student PII with third parties – whether through direct contractual relationships, web-based plug-ins, apps, or other means – the Vendor and the school district must maintain oversight of these third parties’ access and use of this PII pursuant to FERPA, and must provide access to this data in response to a FERPA access request; and 5. Metadata – meaning all the information collected about a student through use of a Vendor’s services, such as browsing history, searches performed, and websites visited – must be protected under FERPA and must be made available in response to a FERPA access request. Page 4 of 8
9 SECTION 5: CORRESPONDENCE INFORMATION Describe any correspondence, such as newspaper articles, website postings, e-mail or letter exchanges, that substantiates the information specifically required in Section 4 above. You may also attach copies of those relevant documents that support your allegations. Please note that we will not accept the submission of audio or video files, CD/DVDs, or thumb drives. Also, the submission of nonessential, voluminous, or nonresponsive information may, among other things, delay the processing of your complaint, and could result in the dismissal and return of your complaint. With this complaint, I submit copies of the correspondence between my district and me that substantiate the information in Section 4. I also submit an analysis of the technology platforms used in my district performed by the non-profit Me2B Alliance. In its May 2021 report, School Mobile Apps Student Data Sharing Behavior, the Me2B Alliance found that 67% of the sampled apps used in public schools send student data to third-party advertisers and analytics platforms, including very high-risk data brokers.1 After reading the May 2021 Me2B Report, SDPP reached out to the Me2B Alliance and requested using a similar methodology to examine a sample of the apps used by schools in districts where parents like myself have children attending which is precisely the subject of this complaint. As reflected in the attached “Me2B Alliance Product Testing Report,” almost 70% of the apps sampled by Me2B used Software Development Kits (SDKs) that posed a “High Risk” to student data privacy. SDKs are modules of code that allow for the creation of persistent back channels by 3rd party developers for funneling data to these developers, as well as their partners. Notably, Me2B's May 2021 Report stated, “[a]ll Advertising SDKs are designated as high-risk – particularly in this analysis of educational apps.” High Risk in this context means that the app uses code that either uniquely identifies (fingerprints) individual users, and/or possesses the potential for data exploitation by either directly supporting advertising networks or having advertising network partners. Even more troubling, however, is that almost 40% of the apps reviewed by Me2B for SDPP were rated as “Very High Risk,” meaning that the code used in the apps are known to be associated with registered Data Brokers, potentially enabling syncing to dozens, if not hundreds or even thousands of additional partners through a complex supply side network, leveraging unique advertising identifiers to enable the creation of unique profiles for tracking purposes. Indeed, the average number of SDKs identified as being resident in an app was 10.9, with each SDK being capable of funneling data to a different 3rd party. Even more revealing, two (2) of perhaps the largest data hoarders in the world frequently appeared in Me2B’s analysis of the apps used by our school districts, with Google showing up in approximately 80% of the apps that included an SDK, and Facebook running a close second, showing up in approximately 60% of the apps that used SDKs. Me2B’s Report for SDPP substantiated my concerns about the data being collected by the vendors used in my school district, as well as how that data is being used and disseminated, or 1 Me2B Alliance Product Testing Report: School Mobile Apps Student Data Sharing Behavior, May 4, 2021 (https://me2ba.org/school-mobile-apps-student-data-sharing-behavior/) (accessed June 15, 2021). Page 5 of 8
10 even disclosed to other data brokers without my knowledge, or consent, and without direct control by my school district or its officials. FERPA is supposed to prevent these sorts of disclosures. FERPA was enacted in 1974, almost two decades before the Internet came into existence, at a time when cutting-edge educational technology consisted of calculators and copy machines. Over the last several years, the problem of commercial exploitation of personally identifiable information of all Americans, not just students, has been widely covered in the media and has been the subject of recent Congressional scrutiny.2 Even before the pandemic, parents had grown increasingly concerned about the use of technology in the classroom, and about the personally identifiable information (PII) that educational technology vendors (“Vendors”) collect, maintain, and share about their children.3 These concerns are well-founded: the average U.S. school uses between 400 and 1,000 different online tools; one 2018 study examined 5,000 children’s apps, and found that over 1,000 of them collected PII in violation of the apps’ own terms of service agreements about collecting kids’ data, in addition to the violations of federal and state laws explicitly designed to protect children online.4 The fact that Vendors can maintain student PII indefinitely, use it for their own commercial purposes, and spread it across the internet only increases the threat to our children. A myriad of third parties use this information collected from students’ school activity to build dossiers on children; to profile, predict, and manipulate their behavior; and to influence the opportunities available to them, such as school admissions, creditworthiness, and the cost and availability of health insurance. Concerns like these led the New Mexico Attorney General’s Office to file a lawsuit against Google, alleging that its G Suite for Education service violated federal and state laws by spying on students’ online activities for its own commercial purposes without parental notice or consent, and that Google violated its corporate prohibition forbidding children under the age of 13 to use its services while covertly gaining access to these students’ PII.5 2 See, e.g., Protecting Consumer Privacy in the Era of Big Data, 116th Cong. (2019-2020); Stuart A. Thompson and Charlie Warzel, “One Nation, Tracked: An Investigation into the Smartphone Tracking Industry,” The New York Times, December 19, 2019 (https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell- phone html) (accessed June 16, 2021); Katy Stech Ferek, “Data Privacy Increasingly a Focus of National Security Reviews,” The Wall Street Journal, Sept. 14, 2020 (https://www.wsj.com/articles/data-privacy-increasingly-a-focus- of-national-security-reviews-11600111141) (accessed June 15, 2021); Elizabeth Goitein, “The government can’t seize your digital data. Except by buying it,” The Washington Post, April 26, 2021 (https://www.washingtonpost.com/outlook/2021/04/26/constitution-digital-privacy-loopholes-purchases/) (accessed June 15, 2021). 3 See, e.g., Lois Beckett, “Why parents in a school district near the CIA are forcing tech companies to erase kids’ data,” The Guardian, December 5, 2019. 4 See Lisa Ward, “Data Privacy in the Age of Online Learning,” The Wall Street Journal, Dec. 8, 2020 (https://www.wsj.com/articles/data-privacy-in-the-age-of-online-learning-11607457738) (accessed June 15, 2021); Daniel G. Kruta et al., Don’t Be Evil: Should We Use Google in Schools?, TechTrends, Mar. 2021 (https://link.springer.com/content/pdf/10.1007/s11528-021-00599-4.pdf (accessed June 15, 2021). 5 In New Mexico et rel. Balderas v. Google, LLC, 489 F.Supp 3d 1254, 1256 (D. N.M. 2020); see, e.g., Natasha Singer and Daisuke Wakabayashi, “New Mexico Sues Google Over Children’s Privacy Violations,” The New York Times, Feb. 20, 2020 (https://www.nytimes.com/2020/02/20/technology/new-mexico-google-lawsuit html) (accessed June 15, 2021). Page 6 of 8
11 The sudden, nationwide shift to remote learning brought about by the pandemic has made this concern even more urgent. In the rush to adopt new technology platforms, schools are funneling an enormous amount of student PII to third-party Vendors without parental consent.6 Vendors and schools are using the “School Official” exception to avoid the need for written parental consent, while at the same time refusing to subject Vendors to the “direct control” of school districts necessary for that exception to apply.7 As a result, public education has become a data free-for-all where Vendors can take whatever student data they want, use it however they want, profit from it, and refuse to tell students, parents, or school districts what information they have and how they’re using it. Because of my ongoing concerns about the protection of children’s personal information, I, along with parents across the country, requested access to the data and metadata held by my district and its Vendors. These districts uniformly failed to meet their obligations under FERPA. Some argued that FERPA does not apply to student PII held by third-party Vendors; others provided incomplete responses or a small fraction of what was requested; many failed to respond at all. In no case did I, or to my knowledge any other parent, receive the information asked for and to which we’re entitled under FERPA. The Department of Education’s guidance and enforcement efforts to date have been insufficient. None of the districts that received a request followed the Department’s March 2020 guidance, “FERPA and Virtual Learning During COVID-19,” which made clear that schools are responsible for providing parents with access to “inspect and review” their children’s educational records.8 The Department must do more to clarify and enforce the obligations of school districts under FERPA with respect to technology Vendors, including guidance on who may act as a “School Official,” what constitutes a “legitimate educational interest,” and how schools maintain “direct control” over Vendors to meet FERPA standards.9 Students should not be required to sacrifice their privacy for a public education. Parents must be able to send their children to school knowing that their valuable personal identifiable information is being secured. And school districts must not be allowed to shirk their responsibilities to directly oversee their Vendors. Their ongoing failure to do so compromises the rights of their students, risks their security, and jeopardizes their futures. 6 See “What’s At Stake,” The Student Data Privacy Project, (https://www.studentdataprivacyproject.com/theproblem/thestakes) (accessed June 15, 2021). 7 The Family Educational Rights and Privacy Act (FERPA): Legal Issues, p. 7-8, Congressional Research Service, May 24, 2021 (https://crsreports.congress.gov/product/pdf/R/R46799) (accessed June 15, 2021). 8 “Ferpa and Virtual Learning During Covid-19,” The Department of Education, March 30, 2020 (https://studentprivacy.ed.gov/resources/ferpa-and-virtual-learning-during-covid-19) (unable to access on June 15, 2021). 9 See Girard Kelly et al., “2018 State of Edtech Privacy Report,” 107-108, Common Sense Privacy Evaluation Initiative (2018) (https://www.commonsense.org/education/sites/default/files/tlr-blog/cs-state-of-edtech-privacy- report.pdf) (accessed June 15, 2021) (“[It is] recommended that these applications and services increase their transparency on this important issue and disclose in their policies that they may act as a “School Official,” as specified in the school or district’s annual FERPA notice, which describes how educational institutions can maintain direct control over applications and services in compliance with FERPA.”). Page 7 of 8
Alaska FERPA Complaint [Redacted]

Recommended

Harmony Schools Civil Rights Complaint #Gulen
Harmony Schools Civil Rights Complaint #GulenHarmony Schools Civil Rights Complaint #Gulen
Harmony Schools Civil Rights Complaint #GulenGulen Cemaat
 
FERPA for Parents
FERPA for ParentsFERPA for Parents
FERPA for Parentsggcbearessentials
 
FERPA
FERPAFERPA
FERPAVCU Division of Sutdent Affairs & Enrollment Services
 
Risks of not complying with cipa & ferpa
Risks of not complying with cipa & ferpaRisks of not complying with cipa & ferpa
Risks of not complying with cipa & ferpaSysCloud
 
F E R P A
F E R P AF E R P A
F E R P AAlona Salva
 
Freedom of information
Freedom of informationFreedom of information
Freedom of informationSaroj Makwana
 
CS50 Confidentiality And Data Security And Privacy Standards Addendum
CS50 Confidentiality And Data Security And Privacy Standards AddendumCS50 Confidentiality And Data Security And Privacy Standards Addendum
CS50 Confidentiality And Data Security And Privacy Standards AddendumA Jorge Garcia
 
Insurance
InsuranceInsurance
InsuranceJLS10
 

Recommended

Harmony Schools Civil Rights Complaint #Gulen
Harmony Schools Civil Rights Complaint #GulenHarmony Schools Civil Rights Complaint #Gulen
Harmony Schools Civil Rights Complaint #GulenGulen Cemaat
 
FERPA for Parents
FERPA for ParentsFERPA for Parents
FERPA for Parentsggcbearessentials
 
FERPA
FERPAFERPA
FERPAVCU Division of Sutdent Affairs & Enrollment Services
 
Risks of not complying with cipa & ferpa
Risks of not complying with cipa & ferpaRisks of not complying with cipa & ferpa
Risks of not complying with cipa & ferpaSysCloud
 
F E R P A
F E R P AF E R P A
F E R P AAlona Salva
 
Freedom of information
Freedom of informationFreedom of information
Freedom of informationSaroj Makwana
 
CS50 Confidentiality And Data Security And Privacy Standards Addendum
CS50 Confidentiality And Data Security And Privacy Standards AddendumCS50 Confidentiality And Data Security And Privacy Standards Addendum
CS50 Confidentiality And Data Security And Privacy Standards AddendumA Jorge Garcia
 
Insurance
InsuranceInsurance
InsuranceJLS10
 
HIPAA 2015 webinar
HIPAA 2015 webinarHIPAA 2015 webinar
HIPAA 2015 webinarPolsinelli PC
 
Ferpa training ihp faculty and staff
Ferpa training ihp faculty and staffFerpa training ihp faculty and staff
Ferpa training ihp faculty and staffSusan Reynolds
 
Employment Screening Laws & Background Checks Question & Answer
Employment Screening Laws & Background Checks Question & AnswerEmployment Screening Laws & Background Checks Question & Answer
Employment Screening Laws & Background Checks Question & AnswerEliassen Group
 
FCRA Lessons for Indiana Home Healthcare
FCRA Lessons for Indiana Home HealthcareFCRA Lessons for Indiana Home Healthcare
FCRA Lessons for Indiana Home HealthcareMike McCarty
 
Assignment 2 Research ProjectThis assignment consists of two pa.docx
Assignment 2 Research ProjectThis assignment consists of two pa.docxAssignment 2 Research ProjectThis assignment consists of two pa.docx
Assignment 2 Research ProjectThis assignment consists of two pa.docxMerrileeDelvalle969
 
Fraud prevention
Fraud preventionFraud prevention
Fraud preventionYadira Mangual
 
EEOC - Effective Position Statements (040517) - HIGHLIGHTED
EEOC - Effective Position Statements (040517) - HIGHLIGHTEDEEOC - Effective Position Statements (040517) - HIGHLIGHTED
EEOC - Effective Position Statements (040517) - HIGHLIGHTEDVogelDenise
 
Before the Education Practices Commission of the State
Before the Education Practices Commission of the StateBefore the Education Practices Commission of the State
Before the Education Practices Commission of the StateMerrileeDelvalle969
 
24 Months STEM OPT Final Rule - Effective from May 10, 2016
24 Months STEM OPT Final Rule - Effective from May 10, 201624 Months STEM OPT Final Rule - Effective from May 10, 2016
24 Months STEM OPT Final Rule - Effective from May 10, 2016happyschools
 
General Counsel Presentation
General Counsel PresentationGeneral Counsel Presentation
General Counsel PresentationChristine Klocke
 
F r-roster-guidance-9-16
F r-roster-guidance-9-16F r-roster-guidance-9-16
F r-roster-guidance-9-16fernando costarica
 
Support procedures in philadelphia slideshow
Support procedures in philadelphia slideshowSupport procedures in philadelphia slideshow
Support procedures in philadelphia slideshowCarla Risoldi
 
Investigative Consumer Report Presentation Jun 09 07 Version
Investigative Consumer Report Presentation Jun 09 07 VersionInvestigative Consumer Report Presentation Jun 09 07 Version
Investigative Consumer Report Presentation Jun 09 07 Versionrileyparker
 
Accuracy in Criminal Background Checks
Accuracy in Criminal Background ChecksAccuracy in Criminal Background Checks
Accuracy in Criminal Background ChecksUmesh Heendeniya
 
Confidentiality FERPA Training
Confidentiality FERPA TrainingConfidentiality FERPA Training
Confidentiality FERPA TrainingPam Cranford
 
Ferpa information for MGH Institute students
Ferpa information for MGH Institute studentsFerpa information for MGH Institute students
Ferpa information for MGH Institute studentsSusan Reynolds
 
http1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docx
http1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docxhttp1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docx
http1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docxpooleavelina
 
court applications under the children's act
court applications under the children's actcourt applications under the children's act
court applications under the children's actAlison Stevens
 
Children Online Privacy Komal Bansal
Children Online Privacy Komal BansalChildren Online Privacy Komal Bansal
Children Online Privacy Komal BansalKomal Bansal
 
Faa pilot certificate form
Faa pilot certificate formFaa pilot certificate form
Faa pilot certificate formBill Kobin
 
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书Fir L
 
Cleades Robinson's Commitment to Service
Cleades Robinson's Commitment to ServiceCleades Robinson's Commitment to Service
Cleades Robinson's Commitment to ServiceCleades Robinson
 

More Related Content

Similar to Alaska FERPA Complaint [Redacted]

Ferpa training ihp faculty and staff
Ferpa training ihp faculty and staffFerpa training ihp faculty and staff
Ferpa training ihp faculty and staffSusan Reynolds
 
Employment Screening Laws & Background Checks Question & Answer
Employment Screening Laws & Background Checks Question & AnswerEmployment Screening Laws & Background Checks Question & Answer
Employment Screening Laws & Background Checks Question & AnswerEliassen Group
 
FCRA Lessons for Indiana Home Healthcare
FCRA Lessons for Indiana Home HealthcareFCRA Lessons for Indiana Home Healthcare
FCRA Lessons for Indiana Home HealthcareMike McCarty
 
Assignment 2 Research ProjectThis assignment consists of two pa.docx
Assignment 2 Research ProjectThis assignment consists of two pa.docxAssignment 2 Research ProjectThis assignment consists of two pa.docx
Assignment 2 Research ProjectThis assignment consists of two pa.docxMerrileeDelvalle969
 
EEOC - Effective Position Statements (040517) - HIGHLIGHTED
EEOC - Effective Position Statements (040517) - HIGHLIGHTEDEEOC - Effective Position Statements (040517) - HIGHLIGHTED
EEOC - Effective Position Statements (040517) - HIGHLIGHTEDVogelDenise
 
Before the Education Practices Commission of the State
Before the Education Practices Commission of the StateBefore the Education Practices Commission of the State
Before the Education Practices Commission of the StateMerrileeDelvalle969
 
24 Months STEM OPT Final Rule - Effective from May 10, 2016
24 Months STEM OPT Final Rule - Effective from May 10, 201624 Months STEM OPT Final Rule - Effective from May 10, 2016
24 Months STEM OPT Final Rule - Effective from May 10, 2016happyschools
 
General Counsel Presentation
General Counsel PresentationGeneral Counsel Presentation
General Counsel PresentationChristine Klocke
 
Support procedures in philadelphia slideshow
Support procedures in philadelphia slideshowSupport procedures in philadelphia slideshow
Support procedures in philadelphia slideshowCarla Risoldi
 
Investigative Consumer Report Presentation Jun 09 07 Version
Investigative Consumer Report Presentation Jun 09 07 VersionInvestigative Consumer Report Presentation Jun 09 07 Version
Investigative Consumer Report Presentation Jun 09 07 Versionrileyparker
 
Accuracy in Criminal Background Checks
Accuracy in Criminal Background ChecksAccuracy in Criminal Background Checks
Accuracy in Criminal Background ChecksUmesh Heendeniya
 
Confidentiality FERPA Training
Confidentiality FERPA TrainingConfidentiality FERPA Training
Confidentiality FERPA TrainingPam Cranford
 
Ferpa information for MGH Institute students
Ferpa information for MGH Institute studentsFerpa information for MGH Institute students
Ferpa information for MGH Institute studentsSusan Reynolds
 
http1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docx
http1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docxhttp1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docx
http1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docxpooleavelina
 
court applications under the children's act
court applications under the children's actcourt applications under the children's act
court applications under the children's actAlison Stevens
 
Children Online Privacy Komal Bansal
Children Online Privacy Komal BansalChildren Online Privacy Komal Bansal
Children Online Privacy Komal BansalKomal Bansal
 
Faa pilot certificate form
Faa pilot certificate formFaa pilot certificate form
Faa pilot certificate formBill Kobin
 

Similar to Alaska FERPA Complaint [Redacted] (20)

HIPAA 2015 webinar
HIPAA 2015 webinarHIPAA 2015 webinar
HIPAA 2015 webinar
 
Ferpa training ihp faculty and staff
Ferpa training ihp faculty and staffFerpa training ihp faculty and staff
Ferpa training ihp faculty and staff
 
Employment Screening Laws & Background Checks Question & Answer
Employment Screening Laws & Background Checks Question & AnswerEmployment Screening Laws & Background Checks Question & Answer
Employment Screening Laws & Background Checks Question & Answer
 
FCRA Lessons for Indiana Home Healthcare
FCRA Lessons for Indiana Home HealthcareFCRA Lessons for Indiana Home Healthcare
FCRA Lessons for Indiana Home Healthcare
 
Assignment 2 Research ProjectThis assignment consists of two pa.docx
Assignment 2 Research ProjectThis assignment consists of two pa.docxAssignment 2 Research ProjectThis assignment consists of two pa.docx
Assignment 2 Research ProjectThis assignment consists of two pa.docx
 
Fraud prevention
Fraud preventionFraud prevention
Fraud prevention
 
EEOC - Effective Position Statements (040517) - HIGHLIGHTED
EEOC - Effective Position Statements (040517) - HIGHLIGHTEDEEOC - Effective Position Statements (040517) - HIGHLIGHTED
EEOC - Effective Position Statements (040517) - HIGHLIGHTED
 
Before the Education Practices Commission of the State
Before the Education Practices Commission of the StateBefore the Education Practices Commission of the State
Before the Education Practices Commission of the State
 
24 Months STEM OPT Final Rule - Effective from May 10, 2016
24 Months STEM OPT Final Rule - Effective from May 10, 201624 Months STEM OPT Final Rule - Effective from May 10, 2016
24 Months STEM OPT Final Rule - Effective from May 10, 2016
 
General Counsel Presentation
General Counsel PresentationGeneral Counsel Presentation
General Counsel Presentation
 
F r-roster-guidance-9-16
F r-roster-guidance-9-16F r-roster-guidance-9-16
F r-roster-guidance-9-16
 
Support procedures in philadelphia slideshow
Support procedures in philadelphia slideshowSupport procedures in philadelphia slideshow
Support procedures in philadelphia slideshow
 
Investigative Consumer Report Presentation Jun 09 07 Version
Investigative Consumer Report Presentation Jun 09 07 VersionInvestigative Consumer Report Presentation Jun 09 07 Version
Investigative Consumer Report Presentation Jun 09 07 Version
 
Accuracy in Criminal Background Checks
Accuracy in Criminal Background ChecksAccuracy in Criminal Background Checks
Accuracy in Criminal Background Checks
 
Confidentiality FERPA Training
Confidentiality FERPA TrainingConfidentiality FERPA Training
Confidentiality FERPA Training
 
Ferpa information for MGH Institute students
Ferpa information for MGH Institute studentsFerpa information for MGH Institute students
Ferpa information for MGH Institute students
 
http1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docx
http1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docxhttp1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docx
http1500cms.comBECAUSE THIS FORM IS USED BY VARIOUS .docx
 
court applications under the children's act
court applications under the children's actcourt applications under the children's act
court applications under the children's act
 
Children Online Privacy Komal Bansal
Children Online Privacy Komal BansalChildren Online Privacy Komal Bansal
Children Online Privacy Komal Bansal
 
Faa pilot certificate form
Faa pilot certificate formFaa pilot certificate form
Faa pilot certificate form
 

Recently uploaded

如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书Fir L
 
Cleades Robinson's Commitment to Service
Cleades Robinson's Commitment to ServiceCleades Robinson's Commitment to Service
Cleades Robinson's Commitment to ServiceCleades Robinson
 
How You Can Get a Turkish Digital Nomad Visa
How You Can Get a Turkish Digital Nomad VisaHow You Can Get a Turkish Digital Nomad Visa
How You Can Get a Turkish Digital Nomad VisaBridgeWest.eu
 
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝soniya singh
 
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书 如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书Sir Lt
 
一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书E LSS
 
Arbitration, mediation and conciliation in India
Arbitration, mediation and conciliation in IndiaArbitration, mediation and conciliation in India
Arbitration, mediation and conciliation in IndiaNafiaNazim
 
Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Oishi8
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书SS A
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书SD DS
 
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书Fs Las
 
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSDr. Oliver Massmann
 
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》o8wvnojp
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书Fir sss
 
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书FS LS
 
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxsrikarna235
 
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一jr6r07mb
 
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书Fir L
 
Key Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesKey Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesHome Tax Saver
 

Recently uploaded (20)

如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书
 
Cleades Robinson's Commitment to Service
Cleades Robinson's Commitment to ServiceCleades Robinson's Commitment to Service
Cleades Robinson's Commitment to Service
 
How You Can Get a Turkish Digital Nomad Visa
How You Can Get a Turkish Digital Nomad VisaHow You Can Get a Turkish Digital Nomad Visa
How You Can Get a Turkish Digital Nomad Visa
 
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
 
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书 如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
 
一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书
 
Arbitration, mediation and conciliation in India
Arbitration, mediation and conciliation in IndiaArbitration, mediation and conciliation in India
Arbitration, mediation and conciliation in India
 
Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书
 
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
如何办理(UNK毕业证书)内布拉斯加大学卡尼尔分校毕业证学位证书
 
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
 
Old Income Tax Regime Vs New Income Tax Regime
Old Income Tax Regime Vs New Income Tax RegimeOld Income Tax Regime Vs New Income Tax Regime
Old Income Tax Regime Vs New Income Tax Regime
 
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
 
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书
 
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
 
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
 
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
 
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书
 
Key Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax RatesKey Factors That Influence Property Tax Rates
Key Factors That Influence Property Tax Rates
 

Alaska FERPA Complaint [Redacted]

  • 1. 1 UNITED STATES DEPARTMENT OF EDUCATION Family Educational Rights and Privacy Act Complaint Form FORM APPROVED OMB NO: 1880-0544 Exp: 02/28/2021 Instructions: The United States Department of Education’s (Department) Family Policy Compliance Office (FPCO) reviews, investigates, and processes complaints of alleged violations of the Family Educational Rights and Privacy Act (FERPA); 20 U.S.C. 1232(g), (h) and 34 CFR part 99. FERPA is a Federal law which affords parents certain rights with regard to their children’s education records. The term “education records” is defined under FERPA, with certain exclusions, as those records that are directly related to a student and which are maintained by an educational agency (e.g., a school district) or institution (e.g., a school or postsecondary institution), or by a party acting for the agency or institution, to which funds have been made available under any program administered by the Secretary of Education. These rights include the right to inspect and review their children’s education records, the right to seek to have their education records amended, the right to have some control over the disclosure of personally identifiable information contained in their education records, and, the right to file a written complaint with FPCO regarding an alleged violation of FERPA. Once a student reaches 18 years of age or begins attending a postsecondary institution, he or she becomes an “eligible student,” and all of the parent’s rights under FERPA transfer to the student. FPCO investigates written complaints alleging a violation of FERPA by an educational agency or institution, a state educational agency (SEA) (if alleging denial to inspect and review education records maintained by the SEA), or a third party, if the complaint: 1) is filed by a parent or eligible student with FERPA rights over the education records which are the subject of the complaint, or his or her attorney or advocate; 2) is submitted to FPCO within 180 days of the date of the alleged violation or of the date that the complainant knew or reasonably should have known of the alleged violation; and, 3) contains specific allegations of fact giving reasonable cause to believe that a violation of FERPA has occurred. Individuals who want to file a complaint should do so by completing this Complaint Form (available at https:// studentprivacy.ed.gov) in its entirety and submitting it electronically or by mail. If you choose to submit this form electronically, please note that it is a fillable PDF (Portable Document Format) and works best when used with Adobe Reader, available for free download at https://get.adobe.com/reader/. Once you have completed the form, please type your name in the signature space and click “Submit Form.” Your computer’s default e-mail software program should then open and create an e-mail with the Complaint Form attached. In order to complete the submission process, you must send this email, and attachment, as appropriate. In the event that you have either not selected a default e-mail software program on your computer, or the default e-mail software program you have selected does not open when clicking “Submit Form,” in order to complete the submission process, you must either save the form,
  • 2. 2 manually attach it to an e-mail, and send that e-mail to FERPA.Complaints@ed.gov; or, print the form, and sign and mail it to: Family Policy Compliance Office U.S. Department of Education 400 Maryland Avenue, SW Washington, D.C. 20202-8520
  • 3. 3 You should receive a confirmation of FPCO’s receipt of your complaint within three business days from the date of your submission. Failure to complete the Complaint Form in its entirety or to not provide any of the information required for FPCO to determine whether your complaint contains specific allegations of fact giving reasonable cause to believe that a violation of FERPA has occurred, may result in, among other things, the dismissal or return of your complaint to you in order to obtain additional information needed by FPCO to further consider your complaint. If your complaint is dismissed, you may choose to resubmit a new complaint per the instructions set forth above and in accordance with the requirements of FERPA. Also, you should be aware that when reviewing, investigating, or processing your complaint, FPCO may disclose, without your prior, written consent and pursuant to routine uses of the records that have been published in the system of records notice covering FERPA complaints, information contained in your complaint, such as the name of the complainant, the name of the student if the student did not submit the complaint, and the alleged violation(s), including, but not limited, to the educational agency or institution against which your complaint has been made. SECTIONS 1 & 2: STUDENT AND COMPLAINANT INFORMATION To complete these sections, please provide all requested information, including the student's correct birthdate. An attorney or advocate may file a complaint on behalf of a parent or an eligible student; however, FPCO will not discuss the complaint with the attorney or advocate without the prior, written consent of the parent or eligible student, as applicable. FPCO will dismiss anonymous complaints and complaints filed by a party other than the parent or eligible student who maintains FERPA rights over the education records that are the subject of the complaint, or his or her attorney or advocate. Please note that a parent of an eligible student does not maintain rights over the education records of the eligible student and may not file a complaint alleging that his or her rights as a parent under FERPA have been violated. SECTION 3: EDUCATIONAL AGENCY OR INSTITUTION INFORMATION This section requires that you provide, among other information, the name and address of the current superintendent of the school district, the president of the college or university, the state educational agency (SEA) official (if alleging denial to inspect and review education records maintained by the SEA), or the appropriate official of a third party, that you are alleging violated FERPA. FERPA applies directly to educational agencies and institutions that receive Federal funds under programs administered by the Department. For instance, private elementary and secondary schools generally do not receive funds from the Department and are, therefore, not generally subject to FERPA. FPCO generally will dismiss complaints filed against elementary or secondary schools that are not listed on the Department’s National Center for Education Statistics Public School website (available at https://nces.ed.gov/ccd/schoolsearch/). Please note that it is extremely important that you enter the specific date (mm/dd/yyyy) of the alleged violation in this section for us to accurately determine the timeliness of your complaint. As stated above, a complaint must be filed within 180 days of the alleged violation or within 180 days after the complainant knew or reasonably should have known of the alleged violation.
  • 4. 4 SECTION 4: FERPA VIOLATION INFORMATION In describing the alleged violations, you must respond to all of the information requested in the heading(s) that pertain to the nature of your complaint. For instance, if you are alleging a violation based on denial of access to your, or your child’s, education records, you must (1) list the education records you requested; (2) indicate that the educational institution or agency maintains the requested education records and how the education records are maintained (if known); (3) provide the date(s) and means by which you requested access; (4) indicate the name and position of the official(s) to whom you made the request for access to the education records; and (5) describe any response received to your request or any actions taken by the educational agency or institution in response to your request. Your response should only include the relevant facts that would give reasonable cause to believe that a violation of FERPA has occurred. To the greatest extent possible, please limit your response to the space provided in this Complaint Form; if more space is needed, you may attach additional documents in which you further describe your complaint. Failure to provide any of the required information may result in, among other things, your complaint being dismissed or returned to you for additional clarification, which would delay the processing, and might impact the timeliness, of your complaint. SECTION 5: CORRESPONDENCE INFORMATION If there is any correspondence or other information, such as newspaper articles, website postings, e-mail or letter exchanges, that substantiates your allegations, please briefly describe it in this section. You may also attach copies of relevant documents that support your allegations. Please note that FPCO will not accept the submission of audio or video files, CD/DVDs, or thumb drives. Also, the submission of nonessential, voluminous, or nonresponsive information may, among other things, delay the processing, or result in the dismissal or return, of your complaint. SECTION 6: CERTIFICATION Certify that the information you have provided in the Complaint Form is true and correct under penalty of perjury by typing in your name in the signature space, if filing electronically, or by printing out the Complaint Form and signing it, if filing by mail.
  • 5.
  • 6. 6 SECTION 4: FERPA VIOLATION INFORMATION What is the nature of the alleged FERPA violation? Please provide clear, succinct responses addressing all of the information requested in the heading(s) that pertain to your complaint. If you have been denied access to your, or your child’s, education record(s): (1) list the education record(s) you requested from the educational agency or institution; (2) indicate whether the educational agency or institution maintains the requested education record(s) and, if so, how the education record(s) is maintained (if known) and the period of time such record(s) is retained (if known); (3) provide the date(s) and means by which you requested access to the education record(s); (4) indicate the name and position of the official(s) to whom you made the request for access to the education record(s); and, (5) describe any response that you received to your request or any action(s) taken by the educational agency or institution in response to your request. If you have been denied the opportunity to amend your, or your child’s education record(s): (1) describe the education record(s) you sought to amend; (2) the information in the education record(s) that you wanted amended and the specific correction that you requested to such information; (3) the reason you believe that the information in the education record(s) is misleading, inaccurately recorded, or an invasion of your, or your child’s right to privacy; (4) the date you requested to amend the education record(s); (5) the name and title of the school official to whom you made the request to amend your, or your child’s education record(s); (6) any response that you received to your request or any action(s) taken by the educational agency or institution in response to your request; and, (7) the result of any hearing held by the educational agency or institution on the matter. If your, or your child’s, education record(s) or personally identifiable information contained in such education record(s) was improperly disclosed without your prior, written consent, indicate specifically: (1) what education record(s) and/or personally identifiable information was disclosed and the date of such disclosure (if known); (2) whether the information disclosed was recorded in the student's education records; (3) the name and title, or job function, of the school official who made the disclosure; (4) the individual to whom the disclosure was made and relationship, if any, to the educational agency or institution, and to the student; (5) the circumstances under which the disclosure was made; (6) how and when (date) you became aware of the disclosure; and, (7) a description of any communication between you and the disclosing individual or entity, as applicable, regarding the disclosure. I am a parent of a public school student concerned about the increased reliance on technology platforms in school, and the apparent lack of oversight by my school district of its Ed Tech vendors to ensure that the use of this technology is consistent with my child’s right to privacy. I am particularly concerned that these technology platforms are capturing personal information about my child and my child’s online activities without my consent and are using it for commercial purposes. My school district has been unable or unwilling to: provide a complete list of apps and programs used by my child at school; identify the information those apps and programs are collecting about my child; and explain what is being done with that information. Specifically, on February 1, 2021, I, emailed Anchorage School District Members and Board Members to request access to the education record(s) of my child that are collected through technology platforms used in school. Page 2 of 8 X
  • 7. 7 My request was sent pursuant to the Family Educational Rights and Privacy Act (“FERPA”) 20 U.S.C. 1232(g),and included, but was not limited to, all data and metadata collected from, about, or pertaining to my child, held by the school or various Educational Technology Vendors (“Vendors”). In particular, I requested Education Records as defined in 34 CFR Sec. 99.3, to include emails, notes, memoranda, video, audio, or other documents/material maintained by the Vendor as well as any personally identifiable information (“PII”) from my child’s education records, including but not limited to personal direct identifiers and other indirect identifiers. I also requested any metadata generated or collected by the Vendor relating to my child’s use of the Vendor’s service(s), such as browsing history and searches performed, as well as all log-ins and log-outs and IP address information, along with corresponding dates and times, device fingerprints captured about the browsers used, operating system, location, etc. by Google, Zoom, Canvas/Instructure, Kahoot!, Remind, Seesaw, Quizlet, Gimkit, Smart Music, McGraw Hill Connect, and Pear Deck, all of which are relied upon by my school district for in-person and/or remote learning. I reasonably believe that the records I requested are maintained on behalf of the school or school district by these Vendors, or possibly, by the school or school district itself. I understand that these Vendors are performing institutional services or functions for which the school would otherwise use its own employees and/or resources. Despite FERPA’s requirement that my school respond to my request within 45 days (or with reasonable extensions, if requested by the school), I received a timely, but non-responsive reply from Supervisor of Records Management at Anchorage School District, in which I was not sent any FERPA documents pertaining to the PII or metadata collected by these Vendors, nor was I given any other opportunity to access this information, and was therefore denied access to my child’s Education Records. Because I do not know what information was collected about my child, I also do not know how long these records are maintained, who has access to these records, for what purposes, and to whom they may have been disclosed. I am aware of the “School Official” exception, which allows school districts to disclose Education Records to third parties without my written consent, and I believe that Vendors and schools are relying upon this “School Official” exception to circumvent the requirement for written parental consent. But I also understand that for the exception to apply, schools must exercise “direct control” over those third parties. In my case, no such control appears to exist because although my school district enters into contractual agreements with these Vendors, who have access to my child’s personal and confidential information, the school district was still unable to provide any FERPA documents responsive to my request, and these Vendors appear to be operating with no oversight or accountability. My district has failed to provide me the information that I am entitled to under FERPA. My district is apparently unable, unwilling, or unclear about how to do so with regard to these Vendors. Page 3 of 8
  • 8. 8 I therefore ask that the Department of Education investigate my school district’s use of technology Vendors and my district’s policies for the retention, collection, use, and parental access to student information collected through these Vendors, and further, that the Department of Education issue a decision in my favor clearly and explicitly mandating that: 1. A school district shall only use technology Vendors if: (a) the district directly oversees and controls what information those platforms collect, how that information is processed and stored, and how that information is being used; (b) that this oversight not only includes entering into a contract that explicitly imposes all FERPA-related requirements and restrictions on the Vendor, but also explicitly requires regular audits and oversight of the Vendor’s access, use, and disclosure of student PII, and affirmative enforcement of the Vendor’s obligations under the contract when non-compliance is identified; and (c) that school districts must be required to publicly post the results of these audits, oversight, and enforcement efforts so that parents are able to engage in meaningful protection of their children’s privacy rights; 2. A school district post on its website: (a) a list of all technology platforms used by its schools; (b) a list of all Vendors with which the school district has entered into a contract; (c) a copy of all such contracts, redacted as appropriate; and (d) the contact information for the district official responsible for handling FERPA requests; 3. To the extent a Vendor processes or retains student PII, those records are considered “Education Records” covered by FERPA and the school district must provide access to those records in response to a FERPA request, and clarifying that merely providing a student’s account log-in credentials, or referring the requester to the Vendor itself or the Vendor’s website, does not satisfy the school district’s obligations under FERPA; 4. To the extent Vendors share student PII with third parties – whether through direct contractual relationships, web-based plug-ins, apps, or other means – the Vendor and the school district must maintain oversight of these third parties’ access and use of this PII pursuant to FERPA, and must provide access to this data in response to a FERPA access request; and 5. Metadata – meaning all the information collected about a student through use of a Vendor’s services, such as browsing history, searches performed, and websites visited – must be protected under FERPA and must be made available in response to a FERPA access request. Page 4 of 8
  • 9. 9 SECTION 5: CORRESPONDENCE INFORMATION Describe any correspondence, such as newspaper articles, website postings, e-mail or letter exchanges, that substantiates the information specifically required in Section 4 above. You may also attach copies of those relevant documents that support your allegations. Please note that we will not accept the submission of audio or video files, CD/DVDs, or thumb drives. Also, the submission of nonessential, voluminous, or nonresponsive information may, among other things, delay the processing of your complaint, and could result in the dismissal and return of your complaint. With this complaint, I submit copies of the correspondence between my district and me that substantiate the information in Section 4. I also submit an analysis of the technology platforms used in my district performed by the non-profit Me2B Alliance. In its May 2021 report, School Mobile Apps Student Data Sharing Behavior, the Me2B Alliance found that 67% of the sampled apps used in public schools send student data to third-party advertisers and analytics platforms, including very high-risk data brokers.1 After reading the May 2021 Me2B Report, SDPP reached out to the Me2B Alliance and requested using a similar methodology to examine a sample of the apps used by schools in districts where parents like myself have children attending which is precisely the subject of this complaint. As reflected in the attached “Me2B Alliance Product Testing Report,” almost 70% of the apps sampled by Me2B used Software Development Kits (SDKs) that posed a “High Risk” to student data privacy. SDKs are modules of code that allow for the creation of persistent back channels by 3rd party developers for funneling data to these developers, as well as their partners. Notably, Me2B's May 2021 Report stated, “[a]ll Advertising SDKs are designated as high-risk – particularly in this analysis of educational apps.” High Risk in this context means that the app uses code that either uniquely identifies (fingerprints) individual users, and/or possesses the potential for data exploitation by either directly supporting advertising networks or having advertising network partners. Even more troubling, however, is that almost 40% of the apps reviewed by Me2B for SDPP were rated as “Very High Risk,” meaning that the code used in the apps are known to be associated with registered Data Brokers, potentially enabling syncing to dozens, if not hundreds or even thousands of additional partners through a complex supply side network, leveraging unique advertising identifiers to enable the creation of unique profiles for tracking purposes. Indeed, the average number of SDKs identified as being resident in an app was 10.9, with each SDK being capable of funneling data to a different 3rd party. Even more revealing, two (2) of perhaps the largest data hoarders in the world frequently appeared in Me2B’s analysis of the apps used by our school districts, with Google showing up in approximately 80% of the apps that included an SDK, and Facebook running a close second, showing up in approximately 60% of the apps that used SDKs. Me2B’s Report for SDPP substantiated my concerns about the data being collected by the vendors used in my school district, as well as how that data is being used and disseminated, or 1 Me2B Alliance Product Testing Report: School Mobile Apps Student Data Sharing Behavior, May 4, 2021 (https://me2ba.org/school-mobile-apps-student-data-sharing-behavior/) (accessed June 15, 2021). Page 5 of 8
  • 10. 10 even disclosed to other data brokers without my knowledge, or consent, and without direct control by my school district or its officials. FERPA is supposed to prevent these sorts of disclosures. FERPA was enacted in 1974, almost two decades before the Internet came into existence, at a time when cutting-edge educational technology consisted of calculators and copy machines. Over the last several years, the problem of commercial exploitation of personally identifiable information of all Americans, not just students, has been widely covered in the media and has been the subject of recent Congressional scrutiny.2 Even before the pandemic, parents had grown increasingly concerned about the use of technology in the classroom, and about the personally identifiable information (PII) that educational technology vendors (“Vendors”) collect, maintain, and share about their children.3 These concerns are well-founded: the average U.S. school uses between 400 and 1,000 different online tools; one 2018 study examined 5,000 children’s apps, and found that over 1,000 of them collected PII in violation of the apps’ own terms of service agreements about collecting kids’ data, in addition to the violations of federal and state laws explicitly designed to protect children online.4 The fact that Vendors can maintain student PII indefinitely, use it for their own commercial purposes, and spread it across the internet only increases the threat to our children. A myriad of third parties use this information collected from students’ school activity to build dossiers on children; to profile, predict, and manipulate their behavior; and to influence the opportunities available to them, such as school admissions, creditworthiness, and the cost and availability of health insurance. Concerns like these led the New Mexico Attorney General’s Office to file a lawsuit against Google, alleging that its G Suite for Education service violated federal and state laws by spying on students’ online activities for its own commercial purposes without parental notice or consent, and that Google violated its corporate prohibition forbidding children under the age of 13 to use its services while covertly gaining access to these students’ PII.5 2 See, e.g., Protecting Consumer Privacy in the Era of Big Data, 116th Cong. (2019-2020); Stuart A. Thompson and Charlie Warzel, “One Nation, Tracked: An Investigation into the Smartphone Tracking Industry,” The New York Times, December 19, 2019 (https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell- phone html) (accessed June 16, 2021); Katy Stech Ferek, “Data Privacy Increasingly a Focus of National Security Reviews,” The Wall Street Journal, Sept. 14, 2020 (https://www.wsj.com/articles/data-privacy-increasingly-a-focus- of-national-security-reviews-11600111141) (accessed June 15, 2021); Elizabeth Goitein, “The government can’t seize your digital data. Except by buying it,” The Washington Post, April 26, 2021 (https://www.washingtonpost.com/outlook/2021/04/26/constitution-digital-privacy-loopholes-purchases/) (accessed June 15, 2021). 3 See, e.g., Lois Beckett, “Why parents in a school district near the CIA are forcing tech companies to erase kids’ data,” The Guardian, December 5, 2019. 4 See Lisa Ward, “Data Privacy in the Age of Online Learning,” The Wall Street Journal, Dec. 8, 2020 (https://www.wsj.com/articles/data-privacy-in-the-age-of-online-learning-11607457738) (accessed June 15, 2021); Daniel G. Kruta et al., Don’t Be Evil: Should We Use Google in Schools?, TechTrends, Mar. 2021 (https://link.springer.com/content/pdf/10.1007/s11528-021-00599-4.pdf (accessed June 15, 2021). 5 In New Mexico et rel. Balderas v. Google, LLC, 489 F.Supp 3d 1254, 1256 (D. N.M. 2020); see, e.g., Natasha Singer and Daisuke Wakabayashi, “New Mexico Sues Google Over Children’s Privacy Violations,” The New York Times, Feb. 20, 2020 (https://www.nytimes.com/2020/02/20/technology/new-mexico-google-lawsuit html) (accessed June 15, 2021). Page 6 of 8
  • 11. 11 The sudden, nationwide shift to remote learning brought about by the pandemic has made this concern even more urgent. In the rush to adopt new technology platforms, schools are funneling an enormous amount of student PII to third-party Vendors without parental consent.6 Vendors and schools are using the “School Official” exception to avoid the need for written parental consent, while at the same time refusing to subject Vendors to the “direct control” of school districts necessary for that exception to apply.7 As a result, public education has become a data free-for-all where Vendors can take whatever student data they want, use it however they want, profit from it, and refuse to tell students, parents, or school districts what information they have and how they’re using it. Because of my ongoing concerns about the protection of children’s personal information, I, along with parents across the country, requested access to the data and metadata held by my district and its Vendors. These districts uniformly failed to meet their obligations under FERPA. Some argued that FERPA does not apply to student PII held by third-party Vendors; others provided incomplete responses or a small fraction of what was requested; many failed to respond at all. In no case did I, or to my knowledge any other parent, receive the information asked for and to which we’re entitled under FERPA. The Department of Education’s guidance and enforcement efforts to date have been insufficient. None of the districts that received a request followed the Department’s March 2020 guidance, “FERPA and Virtual Learning During COVID-19,” which made clear that schools are responsible for providing parents with access to “inspect and review” their children’s educational records.8 The Department must do more to clarify and enforce the obligations of school districts under FERPA with respect to technology Vendors, including guidance on who may act as a “School Official,” what constitutes a “legitimate educational interest,” and how schools maintain “direct control” over Vendors to meet FERPA standards.9 Students should not be required to sacrifice their privacy for a public education. Parents must be able to send their children to school knowing that their valuable personal identifiable information is being secured. And school districts must not be allowed to shirk their responsibilities to directly oversee their Vendors. Their ongoing failure to do so compromises the rights of their students, risks their security, and jeopardizes their futures. 6 See “What’s At Stake,” The Student Data Privacy Project, (https://www.studentdataprivacyproject.com/theproblem/thestakes) (accessed June 15, 2021). 7 The Family Educational Rights and Privacy Act (FERPA): Legal Issues, p. 7-8, Congressional Research Service, May 24, 2021 (https://crsreports.congress.gov/product/pdf/R/R46799) (accessed June 15, 2021). 8 “Ferpa and Virtual Learning During Covid-19,” The Department of Education, March 30, 2020 (https://studentprivacy.ed.gov/resources/ferpa-and-virtual-learning-during-covid-19) (unable to access on June 15, 2021). 9 See Girard Kelly et al., “2018 State of Edtech Privacy Report,” 107-108, Common Sense Privacy Evaluation Initiative (2018) (https://www.commonsense.org/education/sites/default/files/tlr-blog/cs-state-of-edtech-privacy- report.pdf) (accessed June 15, 2021) (“[It is] recommended that these applications and services increase their transparency on this important issue and disclose in their policies that they may act as a “School Official,” as specified in the school or district’s annual FERPA notice, which describes how educational institutions can maintain direct control over applications and services in compliance with FERPA.”). Page 7 of 8