You asked if California, New York, or Texas regulate how college testing agencies can use or distribute personal information students provide on questionnaires and surveys. You specifically want to know if these states have laws similar to PB 6029.

We performed a Westlaw computer search and were unable to find any state laws similar to PB 6029. PB 6029 would prohibit college testing agencies, such as the College Board, from releasing a minor's personal identifying information provided on questionnaires and surveys unless the parents have signed and returned a disclosure notice. California and New York have laws that specifically prohibit college admission testing agencies from disclosing individual test scores without the test taker's authorization. These laws do not pertain to the disclosure of student information on questionnaires and surveys.

FERPA AND COLLEGE BOARD GUIDELINES

FERPA is a federal law that protects the privacy of student educational records (20 U. S. C § 1232g). It covers schools and school districts that receive federal funds. With certain exceptions, the law requires schools to have written permission before releasing information from a student's educational record. If the student is under age 18, his parent must give permission. Once a student turns 18, the student himself must consent to any disclosure.

Although the College Board is not technically a “school,” its guidelines for disclosing personally identifiable data it collects about students explicitly state that its disclosure procedures are intended to comply with FERPA's privacy requirements. The board's guidelines list three types of data and impose varying disclosure limits on them. The three types are: (1) aggregate level data, which pertains to a particular state or the entire nation; (2) institution/district level data, which pertains to a particular educational institution or school district; and (3) individual level data, which pertain to a specific person. Examples of the latter include tests taken, individual test scores, Social Security numbers, and high school attended. Individual-level data is the most carefully protected.

The College Board's guidelines state that it routinely releases individual level data to the individual himself or herself and to the educational institutions the individual specifies should receive score reports and electronic files pertaining to the person. The board considers requests for individual data from other qualified applicants but in such cases, it releases only aggregated data from no fewer than 15 students with no identifying information, such as Social Security numbers, names, addresses, or dates of birth, provided. “This guideline is intended to protect individuals and to ensure that the College Board observes the letter and spirit” of FERPA, the guidelines state.

We have enclosed a previous OLR Report (2004-R-0626) concerning information disclosures by the College Board, the federal Family Educational Rights and Privacy Act, and Connecticut's identity theft law. We have also enclosed a copy of the College Board's Guidelines for the Release of Data.

RP: dw