The Arizona State Board of Education has notified parents on a breach:
Whoops: The State Board of Education says it “inadvertently” released student information when it released records on A-F grading appeals. pic.twitter.com/jwHManpAbQ
— Rachel Leingang (@rachelleingang) October 26, 2017
So here’s the thing: this is the state’s error in responding to a FOIA request as they included/disclosed too much information, some of which should not have been disclosed.
And they “strongly urge” anyone who received it not to further disseminate it and to “unpublish it” (i.e., remove it) if it has been posted publicly. But Karol Schmidt, Executive Director, also writes:
As I am sure you are aware, Federal (sic) law FERPA protects against the disclosure of personally identifiable information from education records, and there are potential penalties for persons or entities who knowingly violate FERPA.
Well, wait. Does FERPA apply to everyone in the world or only entities that receive federal education funds? Who was this letter written to? Was it written to the requestor of the records, and if so, was that individual a FERPA-covered entity? If not, how can you issue a veiled threat to John Doe or Jane Doe if they are members of the public who are in possession of the information that they acquired through no criminal action on their part?
I’ve tweeted an inquiry to law professor Daniel Solove of TeachPrivacy, to see if he can clarify what FERPA says about violations and who might be penalized, etc. If I get a response, I will update this post.
Thanks to Cheri Kiesecker for making me aware of this one.