Failure by UNC-CH to comply with FERPA could result in loss of federal funding. Loss of funding is a big stick that federal agencies use to hold institutions in compliance with all manner of government regulations. In the case of FERPA, for an institution to suffer the loss of funding, it would require the individual whose educational records privacy the institution had compromised to file a complaint with the Department of Education (ED); then the ED would have to determine the complaint warranted inspection, investigate and reach a ruling that the institution had, in fact, released an educational record improperly. And even then, the repercussion isn't automatically the heavy hand of funding withdrawal. The ED can, and usually does, issue warnings or corrective counseling.
There have been many filed FERPA violations in the 40+ years since the passage of FERPA, but no federal funds have ever been withheld from any institution. Yet institutions will often claim concern about potential FERPA violations and apply interpretations of what FERPA protects broadly in a way that encompasses information not truly protected by FERPA, typically as a means to resist valid public discovery of information, particularly when it comes to inspection of possible violations relating to athletics.
Public Records Law vs. FERPA
One such document (reported by Dan Kane at the News & Observer) was an email from an undefined individual to Athletics Department staff employee, Eric Hoots:
 |
In the email above, the sender's name and date of the email are redacted. In this case, FERPA would only require censoring the name of the sender if it was a student or former student. The inclusion of email date-time-group information in an otherwise de-identified document would not render the document an educational record, subject to FERPA protection.
Nevertheless, UNC has redacted the date stamp of the email. Redacting dates of email documents to or from students has been a consistent feature of UNC's public release practice.
Since the date of this correspondence could be key to resolving the questions raised in Kane's article, I submitted a Public Records request to UNC Public Records Office.
As a private individual, I understand that my request is to be processed at the lowest priority, and I anticipated that my request would be processed in 6-12 months. I also fully expected I would get a denial.
I got a response much more quickly than I imagined:
No explanation is offered (
* Edited to add a possible explanation; scroll to end of article for update.
Request Denied? What Can You Do?
The only ways I can see UNC being forced to alter this practice is either by court order (which obviously I, and probably UNC, know isn't a threat); or if enough public pressure is placed on UNC to be as truly transparent as it claims and to stop abusing FERPA for the protection of itself instead of under the guise of protecting student educational records.
The absence of date information invites questions and challenges to UNC such as the ones Dan Kane poses in his recent article. UNC does not deserve the benefit of any doubt as long as it only pays lip-service to "transparency" while at the same time exploiting FERPA improperly.
Blanket date information redaction on emails to or from students is but one example of UNC's overreaching and misapplication of FERPA. UNC refuses to convey any information on nature or character of curricular or other academic catalog information, even after the truly personally-identifiable information is redacted.
UNC-CH Associate Vice Chancellor for Communications, Rick White, replied to the N&O article saying:
Kane’s story implies the Family Educational Rights and Privacy Act is a mere formality that we “could” ignore and easily provide him with a student’s academic information. He knows better. We can’t. It’s a federal privacy law to protect the rights of all students.
This is specious. No one is implying that FERPA could or should be ignored. What we want is for FERPA not to be abused. UNC's exploitation of FERPA to restrict information that doesn't constitute an "educational record" is an example of why faith has been lost that UNC leadership and administration is being open and honest.
As long as UNC continues to persist in dodgy practices like this and falsely claim that FERPA ties its hands, pestering questions and doubts like those raised by Dan Kane will continue.
And if the emails the N&O found are innocuous and the spotlighting of UNC employee Eric Hoots is unwarranted, UNC's misapplied FERPA practice is culpable for that.
Contrary to the Associate Vice Chancellor's rebuttal, it's not the N&O that should apologize to Hoots. It's UNC that should apologize for it's stonewalling habits. If Eric Hoots feels he is unfairly caught in the crossfire, he should demand UNC clear the air and not claim its hands are tied by FERPA. If Hoots feels loyalty to UNC and wants no apology from the institution that could legitimately make information available that would answer the questions that have placed him in the harsh spotlight, then that's a bed of his own making.
Update: (3:30PM 12/7/2016)
I may have one plausible argument the University could make to justify it's exclusion of date information from a student email record.
According to 34 C.F.R. § 99.3 (Authority: 20 U.S.C. 1232g(b)(4)(A)):
Rather than assess each redaction individually, UNC may have chosen, as a matter of policy, to redact all dating information from any email record to or from a student to reduce risk of divulging personally identifiable information as outlined in 34 C.F.R. § 99.3 paragraph (f) above.
In evaluating a public records request in a specific case, however, UNC can, and should, revisit this blanket assessment before determining if inclusion of the date would result in "personally identifiable information" of an educational record, linkable to specific student by a "reasonable person in the school community, who does not have personal knowledge of the relevant circumstances..."
Discretion is left to the University, and UNC appears to err on the side of extreme caution. If this is, in fact, the rationale, I take a dim view that UNC is exercising a legitimate interest in student privacy in the application of this paragraph with regard to the undated student email to Eric Hoots.
- There is such little chance that any "reasonable person in the school community" without additional knowledge would be able to identify the student just from the inclusion of date information;
- plus the even lesser chance that any such student would actually file a complaint;
- and lesser still chance that the Department of Education would sanction the University for such a remote triangulation;
…there is no justifiable way the University can claim it's hands are tied and it can't reveal the date. UNC chooses to not reveal the date.
If revealing the date could benefit UNC and Eric Hoots in defense of the N&O article, FERPA is not standing in their way.
