In late November, the Tampa Bay Times reported that a predictive policing system aimed at identifying students who may be “potential criminals” incorporates data from student education records. Student privacy experts across the country agree that it likely runs afoul of federal law, and clear boundaries should be in place to prevent other locales from adopting similar systems.
This predictive policing program has not been demonstrated to be effective, lacks common sense safeguards, and operates largely in secrecy. This sort of program risks making innocent children and families the targets of criminal investigations despite the absence of probable cause, reasonable suspicion, or any criminal predicate. Unproven “pre-crime” programs also funnel scarce law enforcement resources away from evidence-based anti-crime strategies, harm schools’ efforts to educate students, and undermine community trust in government. Parents are not informed if their child is in the predictive policing system, the Sheriff’s Office does not provide a clear way for parents to determine whether their child has been included, and school district staff do not have access to the system.
This investigation shines a light on the need for:
- Transparency and accountability for parents and students. Parents and students were completely in the dark about the predictive policing system in Pasco County. Parents still may not know whether their child is on the list, and are calling on the Sheriff’s Office to provide them with details, to no avail. Within any school safety initiative, parents and students should know how and why their information is being shared and be provided with opportunities to seek redress. At a minimum, parents and students should have straightforward ways to access and correct inaccurate information. Parents affected by the Pasco County program should feel empowered to file complaints with the US Department of Education.
- FERPA compliance. From the supplied documentation, the Sheriff’s Office’s current data practices violate not only its contract with the school board but also the privacy protections required by the federal education privacy law, FERPA. School Resource Officers (SROs) cannot share student information to their local law enforcement office without consent if that disclosure fails to meet an exception to FERPA’s parental consent requirement. The Sheriff’s Office must immediately remedy its data sharing practices to comply with FERPA.
- Proactive steps from school administrators. Given the real harms that result from student data being fed into law enforcement or intelligence systems, school administrators should proactively ensure that similar systems are not in place at their schools. The school district should have a deep understanding of its relationship with law enforcement, including a clear understanding of data flows between the school and SROs as well as any data flows between SROs and broader law enforcement agencies. SROs should only be provided with access to the information necessary to fulfill their role. School administrators should critically engage with any claims of evidence-based methodologies. The Sheriff’s Office claims that the program is in the best interests of students and the community, but refuses to provide any real evidence of its efficacy. For this program to continue in any capacity, the Sheriff’s Office must demonstrate not only privacy-protective data sharing practices, but also that the program provides value to students in the Pasco community.
- Increased clarity about how FERPA applies to law enforcement and SROs. The Pasco County predictive policing system underscores the need to clarify how FERPA creates boundaries around the information SROs can permissibly share with the broader law enforcement community. Without a firm understanding of these boundaries, there is room for abuse and misinterpretation of the law.
- Robust student privacy training for law enforcement and SROs. Law enforcement and SROs should not be able to self-assert that their conduct is aligned with federal and state student privacy laws. They must receive robust student privacy training from qualified professionals, such as the US Department of Education’s Privacy Technical Assistance Center, and be fully aware of the boundaries around the education records they receive.
How Does the Sheriff’s Office Access Student Data?
Schools typically contract with local law enforcement agencies to employ SROs, and these contracts outline how education records should be used, shared, and protected. Although the Pasco County School District has partnered with the Pasco County Sheriff’s Office for “more than 20 years,” it appears that the Board first entered into an agreement for an “Intelligence Led-Policing” (ILP) framework in 2018. Contractually, the ILP framework tasks SROs with identifying students “in need of services.”
Predictive policing systems can either analyze data to predict whether a crime will occur in a particular place or time or whether a particular person is likely to perpetrate a crime. The system Pasco County law enforcement is using is person-based: it generates a list of students at risk of becoming “chronic recidivist offenders” by combining its law enforcement records, education records unlawfully obtained through the School Board’s Early Warning System (which monitors students “at risk of failing” through student academic performance, attendance, and disciplinary information), and the state’s Department of Children and Families data about children who have experienced childhood trauma to predict whether they are likely to become a “prolific offender.”
The Pasco County Sheriff’s Office told the Times that the intent of this program and resultant list of students isn’t to identify potential future criminals, but rather identify “students at risk for victimization, truancy, self-harm and substance abuse.” However, the 2020-2021 contract between the Sheriff’s Office and the School Board states that the purpose of the ILP program is to “positively influence deputies’ and incident commanders’ decisions and campus safety in real-time.” Further, the ILP manual characterizes the students identified as students at risk of becoming “prolific offenders” and “destined to a life of crime”—which communicates a very different message to the officers tasked with enacting the program. These conflicting messages confuse the program’s purpose—is the program intended to help SROs intervene and assist troubled students or address campus safety threats, or is it designed to help officers in Pasco County identify future criminals? Regardless of the answer, it is clear that the Pasco County Sheriff’s Office is using education records to target young people well outside of the school context, in clear violation of FERPA and the SRO contract.
What law governs law enforcement access and use of student information?
FERPA requires schools to ensure that parents and adult students consent to how student personally identifiable information (PII) stored in an education record is shared, with certain exceptions. One of those exceptions allows schools to share student PII with designated school officials. The school official exception allows school officials such as teachers and administrators who have an established “legitimate educational interest” in accessing education records to receive student PII to fulfill their duties. Schools that employ SROs typically share student PII with SROs under the school official exception. The school official exception does not allow school officials to redisclose student PII to a third-party without consent if that third-party doesn’t also meet an exception to the parental consent requirement.
Per guidance from the US Department of Education, if a school designates an SRO as a school official, the school must use “reasonable methods to ensure that SROs obtain access to only those education records in which [the SRO] has a legitimate educational interest,” meaning that the information shared is essential for the SRO to fulfill their responsibilities to the school and students, and use of that information is limited to fulfill those responsibilities. SROs don’t necessarily receive a student’s entire record, just any information that is necessary for them to fulfill their role.
Under FERPA, when contracting with a local law enforcement agency for an SRO, schools must establish that the SRO: 1) Performs an institutional service or function that the school would otherwise assign to a school employee (such as furthering school safety initiatives); 2) Is under the direct control of the school or district, concerning the “use and maintenance” of education records (which is typically established in the contract); 3) Is subject to FERPA requirements, including the prohibition on redisclosure and the limitation that the information is solely used for the purpose the initial disclosure was made; and 4) Falls under the criteria of a “school official” that the school communicates to students and parents in its mandated annual FERPA notice.
It’s important to note that although SROs do receive student PII from an education record under the school official exception, sharing student PII with an SRO is very different from sharing student PII with a teacher. Most SROs are employed by a school in tandem with the sheriff’s office—becoming an SRO at a local school does not change the fact that the SRO is still an external law enforcement officer. SROs must segment how they absorb student PII: the student PII they receive as a school official cannot be redisclosed to their sheriff’s office or police department without parental consent, unless that disclosure meets an appropriate exception to the parental consent requirement (in the event of a health or safety emergency or in response to a subpoena or other judicial order).
The health or safety emergency exception allows schools to disclose PII from a student’s education record without parental consent if the school determines that there is an articulable and significant threat to the health or safety of a student or other individuals, and that the recipient of the PII requires that information to protect their safety. “Articulable and significant threat” means that the school should be “able to explain, based on all the information available at the time, what the threat is and why it is significant.”
The health or safety emergency exception requires the school to list the articulable and significant threat that formed the basis for the disclosure and the parties who received the information within the student’s education records. The school is responsible for determining whether to disclose PII in accordance with this exception on a case-by-case basis, by considering all of the circumstances related to the threat. Before disclosing PII, administrators should ask whether that disclosure is necessary and, if so, should disclose the minimum amount of information required to address the issue at hand. USED generally defers to schools on whether an event constitutes an articulable and significant threat of an emergency.
FERPA does not protect “law enforcement unit records,” which are records created by a law enforcement unit, maintained by a law enforcement unit, and for a law enforcement purpose. FERPA defines a “law enforcement unit” as any individual, office, department, or division of a school, such as a unit of commissioned police officers or noncommissioned security guards, that is officially authorized or designated by that school or school district to 1) enforce any local, state, or federal law; or 2) maintain the physical security and safety of school or district. When an SRO is designated as a law enforcement unit and acts within their capacity as a law enforcement unit, a distinct set of rules apply. The SRO-law enforcement unit may share information such as surveillance footage with local law enforcement, so long as that data was created and maintained for a law enforcement purpose; that data would not receive FERPA protections. If an SRO accesses PII from an education record, such as a student’s attendance information, the SRO cannot designate that information as a law enforcement record and share that with their agency, since the record was not created nor maintained for a law enforcement purpose. That information remains an education record and must stay within the confines of the educational context.
Pasco County Sheriff’s Office Describes Data Practices that Fundamentally Misinterpret & Violate FERPA and the SRO Contract
The Pasco County Sheriff’s Office documentation reveals several misinterpretations and violations of FERPA, even though the contract between the Pasco County School Board and the Sheriff’s Office appears to establish the typical FERPA-mandated controls schools must demonstrate over student information. Although the contract explicitly states that “the SRO unit of the Pasco Sheriff’s Office will be the ‘designated law enforcement unit’ of the Board,” the education records in the School Board’s Early Warning System which then inform the ILP framework are not law enforcement unit records. Those records were not created by a law enforcement unit, maintained by a law enforcement unit, and for a law enforcement purpose. The records shared within the system receive FERPA protections and cannot be redisclosed to the sheriff’s office, absent parental consent or an exception to the consent requirement, such as a health or safety emergency, a subpoena, or other judicial order.
Documents indicate that SROs have been unlawfully sharing PII from student education records with the Sheriff’s Office. Disclosing student PII to third parties who do not meet an appropriate exception to FERPA’s parental consent requirement constitutes a FERPA violation, as well as a violation of the SRO contract. The ILP manual lists several SRO “performance expectations,” which includes requiring SROs to notify local law enforcement to conduct a truancy check when a particular “priority offender”—a student identified as at-risk, based on their education records—is absent. Along the same vein, the Sheriff’s Office claims that “school attendance records can be reviewed to determine whether a student was in school or absent during the time [a] crime occurred.” Student attendance information cannot be shared with law enforcement without prior parental consent or an exception to the consent requirement.
The Sheriff’s Office justifies the ILP framework by relying heavily on the findings of the Marjory Stoneman Douglas Commission, which strongly support data-sharing arrangements between law enforcement and schools. In 2019, the Marjory Stoneman Douglas Commission noted that FERPA can be flexible—in the event of a threat. Of course, it is appropriate for law enforcement to be notified of concrete and imminent threats of violence, as well as any actions taken to engage in violence. The FERPA health or safety exception to the parental consent requirement allows for just that: should an “articulable and significant” threat exist, schools may permissibly share relevant information from a student’s education record with law enforcement.
It cannot credibly be argued that the education records informing the ILP framework are shared in response to a threat or under the auspices of the health or safety exception, since those records are continually being shared, with no clear end date, without any immediate threat or emergency. A student’s inclusion in the School Board’s Early Warning System cannot be understood as an “articulable and significant threat” to themselves or others in the school. Further, the mechanics of the ILP system and how SROs use student information to inform their law enforcement colleagues create no methods for school administrators to make the required clear determination of an articulable threat, determine which records to share, or note the information shared with law enforcement in the student’s record. Arguing that the ILP framework’s information sharing arises in response to a threat or falls under the health or safety exception would be a gross mischaracterization of law.
Further, the Sheriff’s Office assigns several analysts to review the information collected by the SROs and apply their analysis to general law enforcement priorities, outside of the school context. The ILP manual states that an analyst is assigned to work with SROs to “identify trends in child victimization and juvenile crime with a focus on preventing future incidents.” However, there is no mention of an analyst using the ILP information to inform broader police initiatives and work in the School Board contract. Per the contract, the role of the “Youth Services Analyst” is to analyze the data in the system for “improving the overall safety of the students and faculty at the public schools of Pasco County and assist in the identification of students who may be in need of services.” The contract also introduces “Real Time Crime Center Analysts” that, similarly, are tasked with providing insight into “emergent threats and safety concerns” to inform on-campus safety initiatives. Sharing student information with the broader law enforcement agency to further initiatives outside of the school context as described in the manual goes beyond the contract’s language and presents another FERPA violation; there is no distinction between SROs and other police officers assigned to schools—those analysts mentioned in the contract and their access to education records are also subject to FERPA.
Throughout the course of their work, SROs will undoubtedly make observations and develop personal knowledge about particular students. That information is not necessarily protected by FERPA unless it is obtained through the SROs official role as a result of access to a student’s education records. According to the investigation, the Sheriff’s Office commended an SRO for “filing nearly two dozen ‘field interview reports’ based on interactions with at-risk kids” identified by the ILP system. FERPA would allow the SRO to interact with students based on information received from a student’s education record, but using those education records (attendance information, school performance—all the information that informs the school district’s Early Warning System) to develop a list of students to interview shields any information gleaned from these interviews with FERPA protections. The field reports filed within the broader law enforcement records system violate FERPA because student education records (the Early Warning System) unlawfully informed them.
Similarly, according to the ILP manual, SROs are also expected to identify students who are “priority offenders” in their assigned school, “collect information” about that student and that student’s friends, and even scan “for information that may assist with active [law enforcement] investigations.” If SROs use any information from student records to identify priority offenders, learn more about their friends, or inform other law enforcement investigations, any of the resulting observations, information, or personal knowledge is protected by FERPA and cannot be shared with the law enforcement agency, absent an appropriate exception to the parental consent requirement.
A Path Forward: Embedding Privacy and Equity into School Safety
To prevent unnecessarily exposing students to law enforcement, stigma, and trauma, school safety measures must be crafted thoughtfully and with students in mind. Consensus School Safety Principles emphasize that efforts to promote school safety should not harm the students they are intended to protect. In addition to the clear violations of FERPA and the SRO contract, the system being deployed in Pasco County is not happening in a vacuum. As mentioned by the Times, the manual notes that socioeconomic status, “broken homes,” and a “poor school record” are all used as signals for identifying potential offenders, citing a study from the 1990s. This terminology and these vectors are often used as proxies, supporting policies that reinforce systemic oppression of Black and brown communities.
The Pasco County school district is 64% white, 21% Hispanic, and 7% Black, yet the students who are expelled are 100% Hispanic, and Black students are 2.5 times as likely to be suspended as white students. Further, “students with disabilities are twice as likely to be suspended or referred to law enforcement, according to federal data.” Disciplinary information reflecting these disproportionalities is feeding a system that risks making innocent children and families the targets of criminal investigations despite the absence of probable cause, reasonable suspicion, or any criminal predicate.
The School Safety Principles note that “[a]lgorithms used for school safety are imperfect, often based on historical and biased data, and can produce false positives and replicate bias.” The Pasco County system should not be viewed as neutral or objective, because the data informing the system is not neutral. Predictive policing programs such as the one implemented in Pasco County have long been criticized as perpetuating racism while coated with a “veneer of objectivity,” allowing further entrenchment of the “school-to-prison pipeline” and deepening the mistrust Black and Hispanic communities have concerning law enforcement and government data collection.
Further, using education records as a nexus for law enforcement contact can endanger rather than help students who require assistance—Pasco County’s Sheriff’s Office has provided no evidence of the training SROs receive to appropriately provide rehabilitative services or mentorship to the students in their community. Taking education records such as attendance records, which are generated and used for school purposes, out of context and using them to inform law enforcement intervention could pose serious, lasting consequences for students. Not only would a system like the ILP framework potentially result in formal charges or imprisonment, but there are also countless intangible harms that can result from marking a student as a potential criminal. Even an arrest without charges filed can prevent a student from college acceptances. Additionally, students will be aware that they are the subject of increased attention from their SRO and are being treated differently than their peers, and this disparate treatment would likely cause an emotional and mental toll, leaving students feeling stigmatized and confused.
Transparency and Accountability for Parents and Students
Parents, students, and school staff in Pasco County were unaware of this initiative’s existence and its inclusion of education records. Transparency is one of the fundamental principles outlined in the Fair Information Practice Principles, a set of principles established in 1973 to ensure data is collected in an ethical, fair, and privacy-protective manner. “There must be no personal-data record-keeping systems whose very existence is secret.” What may be most alarming is that the data subjects—over 400 students and their families in this case—were completely in the dark about this data collection.
According to the Times, the Sheriff’s Office “does not inform students or their parents if they’ve been added to its list of potential future criminals,” and does not provide the school district with the list. It remains unclear if there is any mechanism for parents or students to request their student’s records, and what kind of paper trail the sheriff’s office creates about identified students. Parents have filed open records requests to learn about their child’s potential inclusion in the system, to no avail. Further, it is unclear how student data is entered into the system. If a student is arrested or prosecuted on the basis of this list, would they have access to this information? FERPA requires schools to have mechanisms for parents to request access to their student’s education records; how do parents exercise these rights within a system both the school and parents aren’t even aware of?
Beyond the question of parental access rights, there are no clear accountability measures built into the system. Although the Sheriff’s Office claims to “continually evaluate” their policies to “ensure they are community and victim centric” there does not appear to be any involvement of the Pasco community in the development or continued evaluation of the initiative. The community was completely unaware of this program before the Times investigation, which makes any claims of the system furthering the needs of the community hard to believe. If this system is intended to be community and victim-centric, the Sheriff’s office would specifically engage the communities most likely to be affected by the program.
The Role of School Administrators
Administrators must be transparent with the broader school community and the public about the school’s approach to school safety, and be prepared to engage in a meaningful dialogue. Schools should consider alternative approaches to improving school climate and discipline, such as restorative justice, before enlisting the regular aid of law enforcement. Schools that already use SROs or have their own campus law enforcement should also review these programs and determine if an alternative program would better meet the needs of the school community.
Further, when conducting these reviews, school administrators should play an active role in understanding data flows including how SROs access and share student data, ensuring that any SROs or law enforcement officials that access student data meaningfully understand their FERPA obligations. Pasco County School District administrators and board members have largely avoided voicing any prior awareness of this data sharing process—the superintendent claims that he “can’t address the law-enforcement piece,” and appears to be aware that educational data informs the Sheriff’s system—and many pointed to the language of the contract, voicing support for their partnership with local law enforcement. However, systems like the Pasco County ILP framework should not have gone unnoticed and unchecked for so long—even if a contractual relationship places the burden of student privacy compliance on the law enforcement agency, school administrators should not take partnerships with law enforcement lightly.
If contracting with local law enforcement as a part of a school safety strategy, schools should consider developing a community board that actively includes the community in the decision-making process, including community members that are also equipped with privacy expertise. Contractually, administrators should establish direct control of SROs through clear language that outlines the purpose and limitations of SRO access to student information, making it evident when an SRO is acting as a FERPA-defined school official and when they are considered law enforcement. School administrators must understand FERPA’s limitations with regard to SROs and law enforcement, and how any applicable state laws intersect with these responsibilities. Ultimately, some student interactions with law enforcement will be inevitable, such as during a crisis, but understanding the negative consequences law enforcement interactions can have on already marginalized populations is imperative. Schools that already have SROs or regular interactions with law enforcement should review these programs regularly and compare their costs, impacts, and effectiveness to the alternatives.
The Need for FERPA Clarifications & Robust Student Privacy Training
The FERPA boundaries around the information SROs can permissibly share with the broader law enforcement community are opaque. Experts who have deeply analyzed FERPA understand that SROs must receive and absorb information in a segmented manner, but this nuance must be clear to those tasked with applying the law in their day-to-day lives. Without a firm understanding of these boundaries, there is clearly room for abuse and misinterpretation of the law.
It must be clear how FERPA prohibits SROs from using education records to inform broader law enforcement investigations or activities. School administrators and law enforcement agencies alike must have a concrete understanding of how law enforcement agencies may permissibly access student data, the nuances of a “law enforcement unit” and “law enforcement record,” and the application of the school official exception to SROs and law enforcement officers. There must be plain language guidance and training outlining these complex legal concepts so that they are readily applicable on the ground.
The Pasco County Sheriff’s Office firmly believes that their conduct is in line with federal and state privacy laws. The Sheriff’s Office boldly states that “Sheriff’s Office members lawfully have access to [education records]. Use and release of this information is governed by applicable laws and agency policies. Additionally, SROs and the analyst receive annual training on FERPA.” They point to the limited access to the underlying information informing the ILP system as a matter of pride—only the SRO and juvenile analyst access the information. Yet, student information is used to guide how the broader agency targets and responds to criminal activity in the Pasco community, a practice wholly outside of the scope of FERPA. Annual FERPA training, void of nuance, is meaningless—and in fact, dangerous. SROs must understand and be held accountable for the role they play in protecting student data and the impact that sharing what appears to be innocuous student data with their broader law enforcement agency can have on a student’s future, safety, and well being.