I read through familypolicy.ed.gov about FERPA and I read:
"FERPA requires that a consent for disclosure of education records be signed and dated,So I am choosing to interpret on the Pre-K to 8 FERPA Form authored by SPS that:
specify the records that may be disclosed, state the purpose of the disclosure, and
identify the party or class of parties to whom the disclosure may be made."
Under FERPA, SPS may release "directory" information to anyone, including but not limited to parent-teacher organizations, the media, colleges and universities, military [recruiters], youth groups and scholarship grantors, unless you notify SPS in writing that you do not want the information released.I'd amend the form by replacing the period ending text to the right of Box B with a comma, and " and except as outlined in the attached letter."
Then I'd attach the letter with my conditions, sign it, mark Box B, and fill in the rest of the FERPA PreK-8 form, and have my tot return it to the school. Hence I would meet FERPA requirements.
end of update
From a group I belong to (and you should, too), Student Privacy Matters:
Five principles to protect student data privacyThe Parent Coalition for Student Privacy believes that the following five principles should be incorporated in any law or policy regarding the protection of personal student data in grades preK-12. After students reach age 18, all these rights, including those related to notification and consent, should devolve to them:
- Transparency: Parents must be notified by their children’s school or district in advance of any disclosure of personal student information to any persons, companies or organizations outside of the school or district.
- No commercial uses: Selling of personal student data and;or use for marketing purposes should be banned. NO advertising should be allowed on instructional software or websites assigned to students by their schools, since ads are a distraction from learning and serve no legitimate educational purpose.
- Security protections: At minimum, there must be encryption of personal data at motion and at rest, required training for all individuals with access to personal student data, audit logs, and security audits by an independent auditor. Passwords should be protected in the same manner as all other personal student information.
No “anonymized” or “de-identified” student information should be disclosed without verifiable safeguards to ensure data cannot be easily re-identified.
- Parental/ student rights: NO re-disclosures by vendors or any other third parties to additional individuals, sub-contractors, or organizations should be allowed without parental notification and consent (or students, if they are 18 or older).
Any data-mining for purpose of creating student profiles, even for educational purposes, must be done with full parental knowledge.
Parental consent must be required for disclosure of personal data, especially for highly sensitive information such as their child’s disabilities, health and disciplinary information.
- Enforcement : The law should specify fines if the school, district or third party violates the law, their contracts and/or privacy policies; with parents able to sue on behalf of their children’s rights as well.
Editor's note: SPS does not have strong enforcement - it's more like "if you break these rules, no more data for you." That's not enforcement.