With advances in education technology and the prevalence of technology use in general, instructors, system administrators, online service providers, and others are commonly requesting that students and parents supply their email addresses in order to facilitate communications and learning. Under current California law applicable to K-12 public educational institutions, student email addresses may be classified as “directory information” by a school district. (Ed. Code § 49061(c).) The Education Code definition of directory information applicable to community colleges, however, does not include email addresses. (Ed.Code § 76210.) Instead, community colleges are required to adopt a policy that identifies those categories of “directory information” as defined by the federal Family Educational Rights and Privacy Act (“FERPA”). The FERPA Regulations identify email addresses as a possible category of directory information. (34 CFR § 99.3.)
Educational institutions must have a policy identifying the categories of directory information which can be released, and provide annual notice of that policy. (Ed. Code § 49073 and § 76240.) However, educational institutions may not provide directory information of individuals who have notified the educational institution that such information shall not be released. (Ed. Code § 49073 and Ed. Code § 76240.)
Although school districts have discretion to determine which individuals, officials, or organizations may receive directory information, school districts are prohibited from releasing such information to private profit-making entities other than employers, prospective employers, and certain representatives of the news media. (Section 49073.) Community colleges may limit or deny the release of specific categories of directory information based upon a determination of the best interests of the students. (Ed. Code § 76240(b).) These restrictions emphasize the importance of ensuring that the educational institution is not improperly releasing directory information or violating FERPA.
If student email addresses are included in the categories of directory information, they may be released pursuant to an adopted and properly noticed policy and applicable law, except for the email addresses of those who have opted out of such release. (Ed. Code § 49061 and § 49073.) However, educational institutions should carefully consider whether to include email addresses as directory information for several reasons.
Even if email addresses are properly released, educational institutions should be aware that the courts and legislature have an interest in protecting personal information which, if disclosed, could lead to the harassment of students and families. For instance, in the Education Code, the California Legislature stated with respect to the release of telephone numbers:
“[It is] in the interest of pupil confidentiality, that school districts minimize the release of pupil telephone numbers in the absence of express parental consent. The Legislature finds and declares that the nondisclosure of pupil telephone numbers will reduce the possibility of harassment of pupils and their families by organizations that receive pupil directory information.” (Ed. Code § 49073.5(b).)
Although Section 49073.5(b) does not address email addresses, it is arguable that the release of student email addresses, like the release of phone numbers, could lead to the harassment of pupils and their families. This is supported by the reasoning of a recent California court decision pertaining to the release of email addresses in connection with credit card transactions. While the case, decided by the U.S. District Court for the Eastern District of California, is limited to addressing language under California’s Song-Beverly Credit Card Act of 1974 (Credit Card Act), the court addressed an issue of first impression which may provide insight about the protection of email address information. (Capp v. Nordstrom, 2013 WL 5739102 (E.D.Cal.).) Specifically, the court found that email addresses, like zip codes, are “personal identification information” under the Credit Card Act. Most relevant to educational institutions was the court’s discussion about what can happen when email addresses are released. For example, collected email addresses can be used to “reverse append” and obtain additional information about their owners, such as address and phone information. The release of such information could not only subject the consumer to unwanted marketing but also undermine privacy. While the Capp v. Nordstrom case was a limited matter of first impression, it is possible that this case is signaling a change in attitude toward email addresses. In particular, there are some risks associated with sharing and distributing email addresses.
In addition, the release of student email addresses of children could invoke the Children’s Online Privacy Protection Act (“COPPA”) (15 USC §§ 6501-6506). COPPA applies to operators of commercial websites that collect personal information from children, including email addresses. That is, COPPA defines “personal information” as “individually identifiable information about an individual collected online,” including a first name, last name, home address, email address, telephone number, social security number, as well as any other information that “permits the physical or online contacting of a specific individual.” (15 USC § 6501(8).) Additionally, personal information includes any information collected online concerning a child or the parents of that child that is then combined with any of the foregoing identifiers. (15 USC § 6501(8)(G).) So a school district should consider whether categorizing email addresses as directory information may have the unintended consequence of facilitating targeted advertising to District students through their email addresses.
Educational institutions should periodically examine their policies and practices with regard to the collection and release of email addresses. Are they treating email addresses as directory information? Are they restricting the release of such information? Are they protecting their students and families from unwanted marketing, harassment, and privacy invasions? Are teachers and instructors using care when collecting and releasing email addresses? These are just a few of the basic questions educational institutions should consider as they increasingly rely upon email communications and online services.
Other AALRR Blogs
Recent Posts
- Are You Ready for AB 2534? Our AB 2534 Toolkit Is Here to Help
- Don't Start from Scratch: Our AI Policy Toolkit Has Your District Covered
- Slurs and Epithets in the College Classroom: Are they protected speech?
- AALRR’s 2024 Title IX Virtual Academy
- Unmasking Deepfakes: Legal Insights for School Districts
- How to Address Employees’ Use of Social Media
- How far is too far? Searching Students’ Homes and Remote Test Proctoring
- Making Cybersecurity a Priority
- U.S. Department of Education Issues Proposed Amendments to Title IX Regulations
- Inadvertent Disability Discrimination May Lurk in Hiring Software, Artificial Intelligence and Algorithms
Popular Categories
- (55)
- (12)
- (81)
- (96)
- (43)
- (53)
- (22)
- (40)
- (11)
- (22)
- (6)
- (4)
- (3)
- (2)
- (3)
- (2)
- (4)
- (1)
- (1)
- (1)
- (1)
- (1)
- (1)
- (1)
Contributors
- Steven J. Andelson
- Ernest L. Bell
- Matthew T. Besmer
- William M. Betley
- Mark R. Bresee
- W. Bryce Chastain
- J. Kayleigh Chevrier
- Andreas C. Chialtas
- Georgelle C. Cuevas
- Scott D. Danforth
- Alexandria M. Davidson
- Michael J. Davis
- Mary Beth de Goede
- Anthony P. De Marco
- Peter E. Denno
- William A. Diedrich
- A. Christopher Duran
- Amy W. Estrada
- Jennifer R. Fain
- Eve P. Fichtner
- Paul S. Fleck
- Mellissa E. Gallegos
- Stephanie L. Garrett
- Karen E. Gilyard
- Todd A. Goluba
- Jacqueline D. Hang
- Davina F. Harden
- Suparna Jain
- Jonathan Judge
- Warren S. Kinsler
- Nate J. Kowalski
- Tien P. Le
- Alex A. Lozada
- Kimberly C. Ludwin
- Bryan G. Martin
- Paul Z. McGlocklin
- Stephen M. McLoughlin
- Anna J. Miller
- Jacquelyn Takeda Morenz
- Kristin M. Myers
- Katrina J. Nepacena
- Adam J. Newman
- Anthony P. Niccoli
- Aaron V. O'Donnell
- Sharon J. Ormond
- Gabrielle E. Ortiz
- Beverly A. Ozowara
- Chesley D. Quaide
- Rebeca Quintana
- Elizabeth J. Rho-Ng
- Todd M. Robbins
- Irma Rodríguez Moisa
- Brooke Romero
- Alyssa Ruiz de Esparza
- Lauren Ruvalcaba
- Scott J. Sachs
- Gabriel A. Sandoval
- Peter A. Schaffert
- Constance J. Schwindt
- Justin R. Shinnefield
- Amber M. Solano
- David A. Soldani
- Dustin Stroeve
- Constance M. Taylor
- Mark W. Thompson
- Emaleigh Valdez
- Jonathan S. Vick
- Jabari A. Willis
- Sara C. Young
- Elizabeth Zamora-Mejia
Archives
2024
2022
2021
2020
2019
2018
- December 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- January 2018
2017
- November 2017
- October 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
2015
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
2014
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
2013
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
2012
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012