As of January 3, 2012, U.S. Department of Education FERPA regulations expand the circumstances under which education records and personally identifiable information (PII) contained in such records - including Social Security Number, grades, and other private information—may be shared without a student's consent.
First, the U.S. Comptroller General, the U.S. Attorney General, the U.S. Secretary of Education, or state or local education authorities ("Federal and State Authorities") may allow access to a student's records and PII without the student's consent to any third party designated by a Federal or State Authority to evaluate a federal- or state - supported education program. The evaluation may relate to any program that is "principally engaged in the provision of education," such as early childhood education and job training as well as any program that is administered by an education agency or institution.
Second, Federal and State Authorities may allow access to education records and PII without the student's consent to researchers performing certain types of studies, in certain cases even when the educational institution did not request or objects to such research. Federal and State Authorities must obtain certain use-restriction and data security promises from the entities that they authorize to receive a student's PII, but the Authorities need not maintain direct control over such entities.
In addition, in connection with Statewide Longitudinal Data Systems, State Authorities may collect, compile, permanently retain, and share without a student's consent PII from the student's education records and may track a student's participation in education and other programs by linking such PII to other personal information about the student that they obtain from other federal or state data sources, including workforce development, unemployment insurance, child welfare, juvenile justice, military service, and migrant student records systems.