FERPA law broke/privacy invasion?

[exkustudent]

What is the name of your state? Kansas

Recently, as a lot of you know, the University of Kansas recently sent an e-mail to 119 students advising them that they had failed all classes and were in danger of their financial aid being revoked. The e-mail, though, was sent in a nature that the 119 students knew who else failed and received financial aid, with all the receipients names and e-mail addresses listed in the To: field instead of sending an e-mail with the receipients in the BCC field. I personally know someone who was on the list. Is it possible that a FERPA violation was committed by the University of Kansas and a guaranteed right to privacy to students violated? What, if any, are grounds for potential legal action?

Thanks

 

[notsmartmark]

Your FERPA rights were not violated. Email addresses are considered directory information and not personally identifiable information. Name and address can be either, email is only identified as directory information.

I would be more worried about my financial aid and asking if I took and passed some summer courses if I could keep my financial aid and not kicked out of school.



Pulled from "Letter to University of Wisconsin-River Falls re: Student Account Identifiers"
The term "personally identifiable information" is defined in the regulations as:
(a) The student's name;
(b) The name of the student's parent or other family member;
(c) The address of the student or student's family;
(d) A personal identifier, such as the student's social security number or student number;
(e) A list of personal characteristics that would make the student's identity easily traceable; or
(f) Other information that would make the student's identity easily traceable.

34 CFR § 99.3.

"Directory information" is defined as information contained in an education record that would not generally be considered harmful or an invasion of privacy if disclosed and includes a student's name, address, telephone listing, email address, and other types of information about the student. 20 U.S.C. § 1232g(a)(5)(A); 34 CFR § 99.3. An institution that wishes to disclose directory information must comply with the procedural requirements set forth in § 99.37 of the regulations, which allow an eligible student to refuse to allow an institution to disclose directory information about the student.

A student's name and address, which are defined as "personally identifiable information" under FERPA, are also defined as "directory information" because these items are generally made available in public directories outside the school context and otherwise are not considered harmful or an invasion of privacy if disclosed. The legal conclusion in FERPA that these items of personally identifiable information are not considered "harmful or an invasion of privacy if disclosed" is based on an understanding that they generally cannot be used, standing alone, to obtain sensitive, non-public (i.e., non-directory) information about an individual.... The FERPA regulations were amended in 2000 to include a student's email address in the definition of "directory information."