United States District Court, N.D. Illinois, Eastern Division
UNITED STATES OF AMERICA, ex rel. LIZETTE MUNOZ and WESLEY FRENDT, Plaintiffs/Relators,
COMPUTER SYSTEMS INSTITUTE, INC., Defendant.
Judge Robert M. Dow
MEMORANDUM OPINION AND ORDER
SHEILA FINNEGAN United States Magistrate Judge
Plaintiffs-Relators (“Relators”) have brought this qui tam action on behalf of the United States of America alleging that their former employer, Defendant Computer Systems Institute, Inc. (“CSI”), a for-profit educational institution, violated the False Claims Act, 31 U.S.C. § 3729 et seq., by making a number of misrepresentations to the Department of Education, its accrediting agencies, and prospective students. Relators allege that these misrepresentations enabled CSI to secure student financial aid in the form of loans and grants from the federal government.
In the course of discovery, Relators asked CSI to produce a variety of information about its former students over the four-year period from January 2008 through December 2011, including: student ID, date of birth, graduation credential (i.e., high school diploma, GED or Ability to Benefit), attendance, course of study, and non-Title IV loan tuition paid by a student or on a student’s behalf. Relators claim that this data is necessary to enable them to perform statistical analyses that will prove CSI made false statements about (1) student job placement rates, (2) student eligibility to take certification examinations without a high school diploma or GED, (3) commissions and bonuses paid to Admissions Representatives, and (4) the amount of revenue CSI derives from non-Title IV program funds. CSI objects that the information is overly burdensome to produce because the school must first give each former student notice and an opportunity to opt out pursuant to the Family Educational Rights and Privacy Act (“FERPA”). Relators respond that notice is not required for former students when, as they claim here, the data in question all constitute “directory information” under the statute.
For the reasons set forth here, the Court finds that FERPA does not require an educational institution to notify former students prior to disclosing directory information, and CSI’s objection in that regard is overruled. The Court also finds that for purposes of this case, directory information includes student ID, date of birth, course of study, and time period when a student attended CSI (but not specific dates the student attended each class). It also includes whether the student has been awarded a high school diploma or GED, but not whether the student took and passed the Ability to Benefit (ATB) test to qualify for student aid. Likewise, tuition payments made by ESL students do not qualify as directory information under the statute.
A. Notice and Opt Out Requirements Under FERPA
FERPA “was adopted to address systematic . . . violations of students’ privacy by unauthorized releases of sensitive information in their educational records.” Daniel S. v. Board of Educ. of York Community High Sch., 152 F.Supp.2d 949, 954 (N.D. Ill. 2001) (quoting Jensen v. Reeves, 45 F.Supp.2d 1265, 1276 (D. Utah 1999)). In that regard, schools and educational institutions that receive federal financial assistance are not allowed to disclose “personally identifiable information other than directory information . . . without parental consent.” Disability Rights Wisconsin, Inc. v. State of Wisconsin Dep’t of Public Instruction, 463 F.3d 719, 730 (7th Cir. 2006). Personally identifiable information includes, without limitation, “the students’ names, names of their parents or other family members, the addresses of the students or their family, any personal identifiers such as social security numbers or student numbers, a list of personal characteristics that would make the students’ identities easily traceable or any other information that would make the students’ identities easily traceable.” Id. (citing 20 U.S.C. § 1232g; 34 C.F.R. § 99.3).
Directory information is “a type of personally identifiable information not usually considered harmful [or an invasion of privacy] if disclosed.” Id.; 34 C.F.R. § 99.3. It includes, but is not limited to, the student’s name; address; telephone number; email address; photograph; date and place of birth; major field of study; grade level; enrollment status (e.g., undergraduate or graduate, full-time or part-time); dates of attendance (e.g., academic years, semesters or quarters when enrolled); degrees, honors, and awards received; and the most recent educational agency or institution attended. 34 C.F.R. § 99.3. An educational institution is allowed to disclose “directory information” if:
it has given public notice to parents of students in attendance and eligible students in attendance at the institution of:
(1) the types of personally identifiable information the agency has designated as directory information;
(2) the right to refuse to let the institution disclose any or all of those types of information about the student; and
(3) the period of time to notify the institution in writing that he or she does not want any or all of those types of information about the ...