How “building a fence around FERPA” is hurting your college education

So I just got back from the TPSE Math (Transforming Post-Secondary Education (in Math)) meeting in Austin this weekend. First off, it was in fact really cool, with a ton of interesting people with lots of interesting things to say about the future of math teaching in college. The experience got me in the mood to write about teaching again, and today’s topic is… FERPA. The Family Educational Rights and Privacy Act of 1974.

Now if you’re not a professor, you probably think of FERPA as that thing which you periodically waive your rights under in order to get a letter of recommendation, or maybe as that thing which keeps your parents from finding out that you failed Chemistry (again). But it’s a lot more than that, and some of the effects of it are downright damaging for your education.

Suppose you were in the hospital, and on your third or fourth day in, after receiving numerous treatments, tests, and prescriptions, your doctor rotated off shift and the new doctor came in the door. Only, instead of your chart, the doctor was holding a sheet of paper with your name, your email address, and your university ID number. “So”, the doctor says, “tell me why you’re here in the radiology department again?”. Your blood runs cold.

You see, when I teach a new class, that’s all I get from the University about you. Do I know your major? No. Do I know when you took the prerequisites for this course? No. Do I know if you took the prerequisites for this course or tested out of them with AP credit? No. Can I see your placement exam to see whether you might benefit from a quick review of, say, trigonometry, before we start using it in the calculus course? No. If your preparation is really good, can I find out where you went to high school and ask what they are doing right? No. If your preparation is lacking something, can I find out where you went to high school and complain that they are doing something wrong? Heck, no. After you leave my course, does anyone tell me how you did in calculus II so I can see if I did a good job? How about how you did in your physics major? Or once you graduate? (I think you’re starting the guess the answers here.)

Although we live in a world where Google knows that I like high-end coffee shops, dark chocolate, and MakerBots and Amazon knows that I’ve read all the Parker novels, to your college professors, you’re a blank slate. Every piece of information about you that we might possibly use to help us improve your education is between hard and impossible for us to get. We can’t even get your picture in order to greet you by name when you show up for our classes.

And forget improving our teaching by comparing the results to other classes, or other institutions. Amazon runs hundreds of A/B tests each year to see which version of the front page attracts more clicks and more sales. But though you fill out hundreds of online homework questions in my course alone, I can barely get that data out of the system to assign you a grade, and there’s no way I can compare it to results from other sections or other colleges.

Now does FERPA as written forbid me from getting this data? Actually, it does not. The law states that student records may be accessed “for any legitimate educational purpose, including studies for the purpose of improving instruction”. You might think that customizing a course to fit the students or improving teaching at the University would qualify as a “legitimate educational purpose”. However, the University legal department can have different opinions about which purposes are “educational” or “legitimate”.

The problem is that it’s institutionally very difficult to actually get any particular record. This is considered “a security risk”. Now, I understand that risk management is an important function in any large organization, and there’s an old Jewish proverb which says that “you should build a fence around the Torah”, meaning that you should avoid anything that’s even close to violating Jewish law. I get it. But this is why large organizations are so often very very slow to innovate. After all, the UGA legal team will not be rewarded if we teach better. But they will certainly be punished if we’re sued. The problem is that teaching is the core mission of the institution, and once the various arms of an institution start to lose sight of the fact we are all here to accomplish a mission, the mission starts to suffer. And that’s where we are today.

So, folks (and if anyone in the legislature is listening) we could do a lot better teaching in higher education and we could do it a lot cheaper if we had a regulatory environment a little more like Facebook in 2014 and a little less like Delta Airlines in 1964. Nobody is going to die if a freak security breach reveals everyone’s Calculus grade in the year 2007 to a botnet run by teenage Estonian hackers.

So can’t we make the precautions match the risks? Can’t we try to unleash innovation and reduce costs with a little deregulation of our industry? Just this once?