skip to content
Primary navigation

Opinion Library

To return to this list after selecting an opinion, click on the "View entire list" link above the opinion title.

Advisory Opinion 14-009

July 18, 2014; Minnesota State Colleges and Universities

7/18/2014 10:14:43 AM

Note: In 2023, the legislature amended Minnesota Statutes section 13.32, subdivision 5, to limit what data may be designated as directory or limited directory information. This statutory change does not apply to post secondary institutions.

This is an opinion of the Commissioner of Administration issued pursuant to Minnesota Statutes, section 13.072 (2013). It is based on the facts and information available to the Commissioner as described below.

Facts and Procedural History:

On June 4, 2014, the Information Policy Analysis Division (IPAD) received an advisory opinion request from Kristine Legler Kaplan, Deputy General Counsel for Minnesota State Colleges and Universities (MnSCU). In her letter, Ms. Kaplan asked the Commissioner to issue an advisory opinion regarding the treatment of certain data that the entity maintains.

Ms. Kaplan provided a summary of the facts as follows:

On behalf of Minnesota State Colleges and Universities (MnSCU), I am writing to request an Advisory Opinion on a matter concerning the interplay between the Minnesota Government Data Practices Act (MGDPA) and the federal Family Educational Rights and Privacy Act (FERPA)... The regulations implementing FERPA have, in many respects, been incorporated into the MGDPA to avoid inconsistency between the state and federal laws. Among those incorporated regulations is 34 [Code of Federal Regulations] 99.31, which enumerates exceptions to the general rule [e.g. directory info] that student consent is required for a college or university to release personally identifiable student information to third parties.
. . . .
To provide schools with additional flexibility the Department of Education amended the FERPA regulations in 2011 to permit (but not require) educational institutions to designate certain directory information as "limited directory information" that it will disclose only to specified parties, for specified purposes or both. All directory information, regardless of whether it is so designated, is subject to the longstanding conditions described in 34 CFR 99.37(a) (annual notice to students of the school's FERPA policies and the right to "opt-out" of the disclosure of directory information.) We are requesting an Advisory Opinion as to whether MnSCU institutions can, consistent with the MGDPA, utilize the limited directory information designation, now authorized under FERPA.(Footnotes, emphasis, and citations omitted.)


Issue:

Based on Ms. Kaplan's opinion request, the Commissioner agreed to address the following issue:

Pursuant to Minnesota Statutes, Chapter 13, what is the treatment of educational data that a government entity designates as "limited directory information" as described by 34 CFR 99.37(d)?


Discussion:

As noted by Ms. Kaplan above, both Minnesota and federal law govern access to data about students. Minnesota Statutes, section 13.32, classifies educational data and incorporates much of the federal Family Educational Rights and Privacy Act (FERPA), 20 USC 1232g, and its implementing regulations, 34 CFR Part 99. In general, data about students are private and may not be released without consent. (See section 13.32, subdivision 3.)

However, section 13.32, subdivision 5, classifies data designated as directory information pursuant to 34 CFR 99.37(a), as public data. Directory information "means information contained in an education record of a student that would not generally be considered harmful or an invasion of privacy if disclosed." (See 34 CFR 99.3). Directory information may include a student's name, address, photograph, and participation in sports or activities, among other data elements. (See Advisory Opinions 01-078, 04-011, 04-065, and 09-021, which discuss directory information further.)

The 2011 changes to the regulations implementing FERPA, described by Ms. Kaplan, allow for educational agencies and institutions to designate "limited directory information." 34 CFR 99.37(d) provides:

In its public notice to parents and eligible students in attendance at the agency or institution that is described in paragraph (a) of this section, an educational agency or institution may specify that disclosure of directory information will be limited to specific parties, for specific purposes, or both. When an educational agency or institution specifies that disclosure of directory information will be limited to specific parties, for specific purposes, or both, the educational agency or institution must limit its directory information disclosures to those specified in its public notice that is described in paragraph (a) of this section.

In her opinion request, Ms. Kaplan wrote:

In part because of the MGDPA's "all-or-nothing" rule on public data, a number of MnSCU schools have adopted very limited definitions of directory data in order to protect their students from unwanted contacts, such as marketing campaigns, or even targeting for criminal acts. Such a policy creates administrative barriers and prevents colleges and universities from "disclosing" student information for educationally-related purposes without additional consent procedures. For example, a two-year college that does not list mailing addresses as directory information is limited in providing that contact information to MnSCU universities to assist in recruitment for four-year college degree programs; a university that does not include photos as directory information cannot create a graduation program with photos absent specific consent; and MnSCU schools must seek consent to provide student email addresses to other students or their affiliated foundations unless they are directory information also available to the general public.
. . . .
We believe that recognition of the limited directory information under the MGDPA would not be inconsistent with [section 13.32, subd. 5] since it does not change the list of information designated as directory information in the FERPA Regulations as of January 1, 2007, nor would it alter a student's rights to the notice and "opt-out" provisions that continue to be applicable to all directory data under 34 CFR 99.37.

The Commissioner agrees that MnSCU, as well as other educational agencies and institutions, may designate limited directory information consistent with Chapter 13. However, with regard to access to such data, Chapter 13 is preempted by the FERPA regulations. (Where a state and a federal law conflict, the federal law governs. See also Advisory Opinion 04-068, discussing FERPA's preemption of the six month limitation on a data subject's access to data pursuant to Minnesota Statutes, section 13.04, subdivision 3.) Limited directory information is one of the few situations where the federal government has provided greater privacy protection for certain data than the State. Therefore, unlike general directory information, which is accessible to anyone, for any reason, educational agencies and institutions may restrict access to limited directory information to those specific parties and/or for those specific purposes identified in the annual FERPA notice. Consequently, entities that choose to designate limited directory information may have two sets of data: one that is general directory information and one that is limited directory information (pursuant to 34 CFR 99.37(d)).


Opinion:

Based on the facts and information provided, the Commissioner's opinion on the issue Ms. Kaplan raised is as follows:

Pursuant to Minnesota Statutes, Chapter 13, a government entity may designate certain educational data as "limited directory information" as described by 34 CFR 99.37(d), and may release those data to specific parties, for specific purposes, or both, as identified by the entity in its public notice.


Signed:

Spencer Cronk
Commissioner

Dated: July 18, 2014


Educational data

Limited directory information

back to top