Document Type

White Paper

Publication Date

5-2021

Abstract

There are two rights an educational entity must weigh in response to a public request for information: the public’s right to know, and the right to privacy of both students and education agency employees. For public records requests, educational entities must ground their approach not only in the federal and state laws that shape public right to public agency information, but also in an understanding of what is known as derivative disclosure: how the context of a provided record can lead to inference of a student or employee’s identity alongside other information about them that should have been protected from disclosure under federal and state law, or that goes beyond the intent of the educational entity when sharing that record.

In Massachusetts, there is no single consistent standard for how to effectively apply all relevant law in order to protect privacy rights and prevent derivative disclosures without compromising the ability of an educational entity to respond to a public records requests in a timely manner. Determination of what information may be appropriately disclosed is necessarily fact-based, and this contextual requirement does not allow for a single, universally applicable rule for balancing transparency with the risk of derivative disclosure. There is still the opportunity, however, for greater standardization of the review process.

This research paper aims to articulate the governing law surrounding student privacy protections and public record requests, and to identify where the friction points between the two agency obligations develop. This paper will look to how educational entities use contract law as an added layer of protection for student and employee information when partnering with third parties as a potential model and path forward for standardizing decision making around information sharing and protection against derivative disclosure of protected personal information.

Share

COinS