School Libraries

Thank you for this question.  The LGS-1 is one of my favorite rabbit holes to explore.

I took a look at Schedule Item 596, which applies to "Borrowing or loaning records."  I have put a screenshot of the section, as it appears in the schedule as displayed on the NY State Archives web site: http://www.archives.nysed.gov/common/archives/files/lgs1.pdf

As you can see in the screenshot, 596 fixes the retention period for borrowing or loaning records for school libraries as "0 years after no longer needed."

"No longer needed" is one of those phrases in the LGS-1 that renders the retention period variable.  This flexibility can be both helpful and frustrating, since a district, BOCES, or school library must determine, via policy, what "needed" means.

This can vary from place to place, but in all instances should be based on a determination of what is meant (for the district/BOCES/or school library) by "need," and then confirmed in a policy.

After that, best practice is always to purge records once their retention period is over, and for something as deeply connected to ethics, compliance and privacy as library records,[1] that is doubly true.  For school libraries, that retention period is zero, once the records are no longer needed.

Therefore: determining how long student library borrowing records are "needed" (something that may vary from library to library, district to district, BOCES to BOCES), and then purging the record as soon as possible,[2] is a good way to use the LGS-1 to enhance an institution's commitment to privacy.

 

Thanks to the member for bringing up this nuance.  These issues are at the crossroads of ethics, compliance and automation, and require continuous and careful attention to detail and resulting policy.

 

---

[1] Please see "Ask the Lawyer" here for a discussion of school library records, CPLR 4509, and FERPA.

[2] The LGS-1 encourages, but does not require, "the systematic disposal of unneeded records."

Thank you for this careful and thoughtful question.  As we rush to migrate education to online, the small details can get overlooked.  As the member writes, information that used to be safeguarded in physical files or with separate passwords is increasingly accessible via a "one-stop shop."

Depending on the type of information involved, any number of ethical, privacy, and legal concerns can be impacted.

In this question, the member focuses on two types of information: library records, and FERPA-protected "education records."

For library records, there is an overlap of legal concerns—an overlap that was thoroughly discussed in the 5/6/19 answer the member cites.  In that reply, we established that depending on how a school/school library is set up, parent/guardian access to this information might be allowed--but it’s a question that should never be left to chance (it should always be answered by a school’s FERPA and library privileges policies).

To that answer, and considering the spirit of the times, I'd simply add: any librarian out there, operating in elementary and secondary education, should be lauded when they raise privacy concerns.  Librarians should work with IT departments and procurement professionals to ensure data management and automation enable the separately governed access to a student's library records.  Even when access is legally allowed by a system, it is still good to emphasize the privacy of library records.

Here are several examples of how this can be done:

• Including privacy considerations in “Requests for Proposals” (RFP’s) and quotes for automation and other data management software that will hold library or student records;
• Training both library and IT staff to keep the division of different types of records with different access parameters at top of mind (“Remember, library records aren’t just protected by FERPA and ED 2-d”);
• Ensuring that release and parental permission forms distinguish between and properly govern access to different types of records;
• When making quick changes based on pandemic exigencies,[1] ensuring at least one person is tasked with assessing if the implementation conforms with applicable institutional ethics, policies, and privacy regulations.
• Using deliberate awareness tools, such as a pop-up window that appears prior to enabling access to library files, saying "Student library records are confidential under state law.  Only properly authorized parties should view these records," is a good way to distinguish access to library information from other education records.[2]

For any educator reading this and thinking “Uh-oh,” if the horse is out of the barn, it is never too late to adopt some retroactive corrections.  When parental access is as plenary as the member describes, if there is a confirmed issue (such as access to one student’s enrollment records leading to access to all students’ enrollment records[3]) working with IT to address the specific utility hosting that information, and how it can be further locked down, is the only solution.

There will be times when addressing an issue like the ones raised by the member is simply not within the authority of the person concerned.  A concerned librarian or educator might even find themselves rebuffed when they try to ring the alarm! When that happens, it is time to kick it upstairs.  Each school should have a FERPA officer, and at least one senior administrator whose role is associated with enforcing a code of ethics or policies on privacy.  Concerns of this type are all appropriate to direct to such an administrator.

No one engineers a FERPA or privacy violation on purpose, but unwitting violations can happen when the learning environment has to change fast.  Being alert and ready to identify and correct concerns as soon as they emerge is critical.  Thanks for a solid question that shows how it's done.

 

 

 

---

[1] “Pandemic Exigencies” would be a good name for a heavy metal band.

[2] As discussed in that 5/6/19 answer, who "properly authorized parties" are can vary from school to school.

[3] This is indeed a possible violation.  FERPA §99.12 states "(a) If the education records of a student contain information on more than one student, the parent or eligible student may inspect and review or be informed of only the specific information about that student."

I didn't realize it in first grade, but a school library[1] is one of the first places a person experiences "the right to privacy" unmediated by a parent or guardian.

Think about it.  You go to the library and get to pick out whatever you want.  You check out books, and no one can tell you what to pick.  And aside from the person checking you out, no one has to see your selection; your records are private.

In the present day, this means that kids whose faces might be all over Facebook[2], who are attending school via computer, and who "turn off their screen," when they don't want people peeking into their home life during remote learning, still have a right to confidentiality when it comes to the library in their school. And one of the biggest symbols of that student-library relationship is their library card.

So, with all that hanging in the balance, what are the legal considerations of putting student pictures on school library cards?

As often happens in the highly regulated worlds of education, privacy, and information, the answer is: "It depends."

In this case, the factors "it depends" on are numerous; rather than itemize them, I'll summarize them with a few pointed questions:

Factor 1: What else is "on" the library card?

Depending what other information is on the library card, combining a student’s picture with it could increase the likelihood of a violation of FERPA[3], Ed 2-d, or school policy.[4]  For instance, if the card is used for not only swipe access, but access to grades, disciplinary records, and library records, also including a picture ID on it makes it sensitive, indeed.

Factor 2:  Who "owns" the library card?

Some schools, by policy, give out student identification cards, but use a school or district-wide policy to confirm that the card is simply "on loan" to the student (and must be returned at certain events, like suspension or expulsion).  Other institutions issue a card, and it becomes the student's property; this means that the card is more under that student’s control.[5]

While there is no requirement to do one way over the other, the school and library should confirm the ownership of the card in a policy, as this can impact the decision to mark the card with picture ID, as well as who has control over the card in the future.

Factor 3:  Why does the picture need to be on the library card?

Is the school so large that in order to ensure it provides library services to the right student, the card must have a photo ID?  Is it a security measure, perhaps to deter theft (of library cards, and therefore collection assets)?  Do students need to "swipe" into the library, with the library positioned to monitor that they are letting in a student who isn't supposed to be in class?  Or is the library card doing double duty as the student's general student ID?  Whatever the reason, it should be understood and clearly based in policy.  And if the reason has to do more with security at that school than the operations of the library, it is better that the function be performed by the student ID, not the library card.[6]

Factor 4:  Who will have the right or ability to view the library card?

If the library card is only required to be viewed by library staff, the inclusion of the photo is consistent with FERPA's and CPLR 4509's different but equally applicable privacy requirements.  But if a security guard, teacher(s), bus driver, or others all have to see the library card for different reasons (this relates to question number 3), or could use the card to access the student's library records, that raises the possibility of concerns.

Factor 5:  Is there a "stealth" reason for the use of the photo and name?

For some students, if they do not have documentation such as a birth certificate or social security card, a library card with a picture ID might be the most official "documentation" they have.  If a library or school is intending that their cards perform this ancillary function, this should be done with the awareness that third parties relying on the identification function still need permission for the school or library to comment on the content of the card (for students under 18, this means a waiver by parents or guardians).  However, that same student (or their parents/guardians) can choose to share their confidential education records or library records however they wish.

Okay, that's a lot of "factors," but what is the answer?

Having dragged you through all that, I will answer the member's very simple question:  Is it legal to print student photos with their names on their school library cards for circulation use?

The answer is "Yes."

But!  If the library card will be used for anything more than "circulation use" within the library, it is wise to assess precisely what the card will be used for, root that purpose in well-developed policy that considers the above factors, and evaluate if the picture—which in this case, will be a FERPA-protected education record[7]—is needed at all.  The more the card is used for functions beyond the needs of the library, the more those functions should be achieved by a separate student ID, or in the alternative, schools should make sure that library information[8] is separate and isolated from other education records accessed by or listed on the card.

Thank you for an important question.

 

 

---

[1] It is important to note that a "public school library" is different than a public library, or an association library, or a college library.... but ALL are subject to CPLR 4509, the law making library records private.  And while they are different, a public school library, like the college library, is subject to FERPA.

[2] I used to be such a stickler about not posting any pictures of my kids on FB.  But the loving posts of other family members eventually wore me down.  Sorry, kids, I really tried.

[3] Photos of students maintained by their institutions, like an ID photo, are confidential education records under FERPA.  https://studentprivacy.ed.gov/faq/faqs-photos-and-videos-under-ferpa

[4] For instance, if the library card is also an all-purpose student ID that also functions as a key card or has lunch money on it, a policy should clearly separate those functions and there must be a clear protocol for voiding access when the card is reported lost.

[5] Just because the school owns the physical object doesn't mean they own the rights to the student's image.

[6] This is because, as written more thoroughly in Ask a Lawyer RAQ #100, school library records are subject to both FERPA and 4509 rules of privacy.  Combining education record with library records can make it difficult to tease out the different ways the materials may need to be handled. 

[7] See footnote 3.  Yes, this is a footnote to send you to a footnote.

[8] Either in hard copy, on the card, or via digital access.

Not only can the students play, record, and stream “Pomp & Circumstance,” but they can also create an original musical based on it, rap over it, score an original movie with it, and in short: do anything they want with it.[1]

While anyone graduating in 2020 deserves this kind of red-carpet legal treatment, not only can the students do it, but everyone else can, too.  That is the beauty of a work being in “the public domain.”[2]

Thanks, and may all your virtual ceremonies be joyous.

---

[1] That said, any publisher that has created and distributed its own version of “Pomp and Circumstance” with a specific arrangement, illustrations, instructions, etc. may own the copyright to that particular text, and it shouldn’t be duplicated via hard copy or scanning.  In a similar vein, any publisher that has issued a specific recording may own the rights to that specific recording, and that should not be streamed or used without permission, either.  But the composition of “Pomp and Circumstance” is in the public domain, so generating a student-created version of it is fine, and if the district is the one recording it, they (and the performers) own the copyright (see Copyright Office Circular 56)!

[2] “In the public domain” means “no longer protected by copyright.”  Edward Elgar, composer of “Pomp & Circumstance,” died in 1934, so even under the most rigorous scheme of ownership, the copyright to P&C has expired.

 

New York school libraries[1] operate in a complex web of regulations governing student privacy.  Laws such as FERPA, CPLR 4509, and “ED 2-d” all restrict what can be done (and can’t be done) with library records related to students.

At “Ask the Lawyer,” we’ve spent a fair amount of time on FERPA[2] and CLPLR 4509[3], so if you need some background on those, check the footnotes for this sentence.

That said, I have never written an “Ask the Lawyer” on ED 2-d, the new law protects “personally identifiable information” (“PII”)” held by a school district.  I’ll weave the relevant parts of the law into this answer.

And I have never written about (or used) SORA.  Since SORA is at the heart of this question, here is a little background on that:

SORA is a service provided by Rakuten/Overdrive.  In its own words, it provides “Millions of ebooks and audiobooks for your students. Thousands of publishers. Comes loaded with hundreds of premium titles at no cost. Infinite reading possibilities on practically any device.”[4]  Participating school districts enable student access to SORA through their own log-in points (the mechanics of which vary from school to school).

How does the service work?  As one reviewer put it[5]: “SORA can be downloaded for free by all students and teachers. If their school or district is an OverDrive partner, they can then use SORA to access their school's digital collection and also connect with the local public library's digital collection.”[6]

And finally, it is worth noting that SORA has a very cute logo: a puffy-silver astronaut, soaring wide-eyed into an eye-relaxing sky of silver-blue.  The astronaut is a combination of a Pokémon, Sailor Moon, and Big Hero Six.[7]  He is ready to read, and all set to escort your students to a universe of reading, too!  The logo is so cute, I don’t know how the member could think this company could do any wrong.

But savvy librarians are not distracted by cute logos.  And in this case, our savvy librarian-member asks: is use of SORA by a district compliant with the privacy protections of New York State Education Law 2-d?

We’ll start this analysis with a term defined by the law: “third party contractor,” which ED 2-d defines as:

 … any person or entity, other than an educational agency, that receives student data or teacher or principal data from an educational agency pursuant to a contract or other written agreement for purposes of providing services to such educational agency, including but not limited to data management or storage services, conducting studies for or on behalf of such educational agency, or audit or evaluation of publicly funded programs.

If SORA (or another service), meets this definition, then the district/school using it must implement the requirements of Ed 2-d, which are in the regulations found here:

http://www.nysed.gov/common/nysed/files/programs/data-privacy-security/part-121.pdf

I would set the full requirements out in this answer, but they are lengthy, and the regulations are about as plainly worded as can be.

In addition, for a library at a specific school in New York, there is a more institution-specific way to find these requirements.  To comply with Ed 2-d, every school district must have their own “District Privacy Officer” (“DPO”)[8] and that DPO must ensure that their institution develops and publishes a document called the “Parents Bill of Rights for Data Privacy and Security.”[9]

The parents’ “Bill of Rights” must list the district/school’s obligations vis-à-vis third-party contractors, including precise requirements for the protection of student information accessed by a specific contractor.  In other words, for each “third party contractor” (like, potentially, SORA), a district/school must publish the unique “supplemental” contract terms they’ve created to ensure the service meets Ed 2-d requirements. 

Readers who want to see the Ed 2-d criteria of their own particular district or school should be able to find it by searching for that district’s “Bill of Rights.”[10]  For any district using Overdrive and/or SORA, the “Bill of Rights” will either contain supplemental terms applicable to SORA, or they will have determined that their use of SORA does not disclose any PII.

So here is the question at the heart of the member’s question: does use of SORA, as arranged by a district, disclose PII to Overdrive?  While each district needs to make that determination on its own, in my opinion, any third party contractor that students must log into using a school-issued ID, after which the student will access content that supplements their school library’s collection (and be able annotate and leave notes about[11]), has a high likelihood of collecting PII.   

But as I say, it will be up to the district’s DPO to make the call.  If that call is: “Heck, yeah, they’ll be getting PII,” the district will then need to follow the law and regulations[12] to ensure the use complies. This means verifying that the contract has the right Ed 2-d requirements, and supplementing its “Bill of Rights” by disclosing the precise requirements the contract imposes on the contractor.  But if that call is: “We checked it out, and nope, no PII heading out the door here,” then nothing further is needed (insofar as ED 2-d is concerned).

While it may seem like I am punting on this answer (“Go see your DPO!”[13]) I can say that the SORA Privacy Policy[14], as published on May 20, 2020, does contain the elements that are consistent with the requirements of ED 2-d.  As but one example, Overdrive has a process for correcting records, which provides:

If you are a teacher or administrator at an educational institution using the school Services, please email privacy@overdrive.com to request the review, correction, and/or removal of a student’s Personal Information, and we will facilitate your access to and correction of such Personal Information promptly upon your request.

The ability to “challenge the records” of a contractor is a requirement of Ed 2-d.[15]  This suggests to me that Overdrive knows SORA will be gathering protected information, and the service is ready to enter into contracts that give the required assurances.  But only a look at the school’s contract for SORA, and its precise definition of PII, can ensure that.

The bottom line?  No matter what the published “Privacy Policy” of SORA says, there is no way to fully confirm a school library’s use of SORA complies with Ed 2-d law and regulations until the district’s designated DPO[16]:

1) Assesses what information will be accessed by or transferred to Rakutan/Overdrive as a result of their district contracting for SORA;

2) Determines if that information is PII as defined by Ed 2-d[17];

3) If it is PII, ensures the contract complies with Ed2-d; and

4)  Takes the steps to publish the “Bill of Rights” supplement as required.[18]

In other words: in Ed 2-d compliance, there should be no guesswork.  By working with the school’s DPO, the guesswork should be entirely removed.

Thanks for a great question!

---

[1] Not to be confused with New York’s “school district public libraries,” which are chartered libraries operating separately from their associated district.

[2] Patron Confidentiality in School Libraries

[3] RAQs featuring CLPLR

[4] As boasted at https://company.overdrive.com/k-12-schools/discover-sora/.

[5] Found at https://thelearningcounsel.com/article/sora-helps-give-k-12-students-more-access-ebooks-audiobooks-and-school%E2%80%99s-digital-collection

[6] If you want to read some harsh, some glowing, and some occasionally amusing reviews, check out the SORA review content here: https://play.google.com/store/apps/details?id=com.overdrive.mobile.android.sora&hl=en_US  I particularly enjoyed the brief but scathing review by a person who thought the service was supposed to be a game.

[7] I am not one myself, but I have anime fans in the family.  It rubs off.

[8] Per Regulation 121.8(a), “Each educational agency shall designate a Data Protection Officer to be responsible for the implementation of the policies and procedures required in Education Law §2-d and this Part, and to serve as the point of contact for data security and privacy for the educational agency.”  That’s the “DPO.”

[9] No, that is not a typo in “parents.”  The law left out either possessive apostrophe (“parent’s” or, for the plural possessive “parents’”).  Grammar matters, NY Assembly…grammar matters.

[10] I tried this on several different districts/schools across the state; a few institutions that shall remain nameless seem to have flunked, but admittedly, I didn’t look much harder than a cursory google search—which worked for many of the other institutions searched.

[11] Yes, I watched the SORA demo and paid attention to the additional features, which includes highlighting content and typing in comments.  I guess it beats writing in a book, which, to my husband’s great chagrin, I have been known to do (only to my own books).

[12] Found here: http://www.nysed.gov/data-privacy-security

[13] This is also critical because the definition of PII may vary slightly from institution from institution.  This is because student PII is based on the definition of “education records” in FERPA, which does allow some variance in “directory information” and other nuances this footnote is too small to cover.

[14] As found on May 19, 2020, at: https://company.cdn.overdrive.com/policies/privacy-policy-for-children.htm

[15] Regulation 121.3(c)(4)

[16] Or designee, of course.

[17] “Personally Identifiable Information, as applied to student data, means personally identifiable information as defined in section 99.3 of Title 34 of the Code of 3 Federal Regulations implementing the Family Educational Rights and Privacy Act, 20 U.S.C 1232g, and as applied to teacher and principal data, means personally identifiable information as such term is defined in Education Law §3012-c (10).”

[18] I realize this answer may give DPO’s out there extra work.  I am afraid I can’t apologize, since vigilance about privacy is a beautiful thing.  And hey—job security!

 

[NOTE: This answer is part of our ongoing response to institutions moving to online instruction as part of the world’s response to COVID-19.  For additional Q&A on that, search “COVID-19” in the Ask the Lawyer search utility.]

“Teachers Pay Teachers” (“TPT”) is an interesting service that allows teachers to license (sell rights to) others who need customized lesson plans and educational material.[1]

The member’s question relates to the TPT license, which governs what individuals and organizations can do with the content.

If the member’s question is asking: does the TPT license allow us to print and distribute the materials in hard copy for packets sent out by the District?  The answer is generally: yes.

If the member’s question is asking: does the TPT license allow us to distribute the materials electronically using e-mail or a website or a Learning Management System? The answer is generally: it depends.

I spent some time on TPT’s website reviewing their “Terms of Service”[2] and I believe teachers and organizations will need to examine the license for each separate purchase to confirm that electronic distribution is allowed.

Why? TPT’s “Terms of Service” largely allow for the creation of hard copies,[3] but their default conditions bar online distribution.  HOWEVER, TPT also allows the teachers supplying the content to loosen those default restrictions[4] (including allowing distribution on the web[5], e-mail, etc.)…so while one lesson purchased from TPT might not allow a web or e-mail distribution, another might. 

This can change not only from author to author, but content to content, so it is important to read the fine print.[6]

I would add: these are early days in the pandemic response.  As of March 26, 2020, TPT did not have any expressly Covid-19 policies on its website.  Nevertheless, like other online and tech providers, they may realize their hour has come, and take action. 

What will that action be?  I can’t say; a crisis brings out the best and the worst in businesses.  Some businesses will try and simply profit from the current situation; others will dig deep, conclude we are all in this together….and try to find at least middle ground. 

Looking at their Terms, Teachers Pay Teachers has made commitments to individual content providers it cannot easily change on a dime.  But remember, TPT empowers its individual content providers to set their own terms—so long as those terms are more liberal that the TPT baseline.  So keep your eyes on those product-specific, unique terms of use.  I imagine many teachers will feel compassion for the teachers and students impacts by this public health emergency, and liberalize their restrictions.

Thank you for this important question.

USING LICENSED CONTENT TIP: If you or your institution conclude that TPT or another license does give you permission for electronic distribution, it is a good idea to take a screen shot of that license and save it (just e-mail it to yourself in a place where you know you’ll have it for 3 years after you’re done use the content).  Online content providers can change the terms they post, without warning—and you want to be able to show that on the day you made the call to share the content electronically, the licensor allowed you to do so.

---

[1] Because some educational institutions own the rights to teacher-generated materials, and some do not, the Teachers Pay Teachers model is a fascinating study in copyright issues—but a global pandemic is not the time to muse over that.

[2] As of March 26^th, 2020: https://www.teacherspayteachers.com/Terms-of-Service

[3] The Terms of Service allow you to: “Print and make copies of downloadable Resources as necessary for Personal Use. Copies may be made and provided to your students, classroom aides, and substitute teachers as necessary. Copies may also be made for students’ parents, classroom observers, supervisors, or school administrators for review purposes only. Hard goods and video resources may not be copied, shared, or otherwise reproduced.” [emphasis added]

[4] But not further tighten them.  Like I said, a really interesting model.

[5] For instance, one license I looked at, for a chemistry class, said: “These resources may not be uploaded to the internet in any form (including classroom websites, personal web sites, Weebly sites, network sites) unless the site is password protected and can only be accessed by the students of the licensed teacher.”  In other words: yes, you can distribute them electronically, if you use a restricted system!

[6] The diversity of author-specific permissions I saw on TPT was really interesting. Some folks just want credit.  Others want you to not send the content, but drive people to their own personal listings (so their analytics show the hits).  I bet some, in the coming days, will even change their permissions to respond to the pandemic with compassion.

 

This question came in from a school system, and it triggered a lot of memories for me.

My junior high school music teacher was a very nice man.  From deep within mid-1980's Central New York, he tried to cobble together an orchestra from an array of students whose skills and practice habits ranged from "Julliard-bound," to "who is torturing that cat in the third violin chair?"

Back in 1986 (when I was 13), I saw this guy as "old."  Because of the way he tirelessly started the music over (and over) until the brass section[1] entered at the right bar of "Star Wars", I also saw him as a font of endless tolerance.

Now that I am older, my memory portrays my former teacher as a pretty young guy (I think he was in his early 30's).  And by now I have worked with enough educators to know that his tireless tolerance of our incompetence was passion.

So, this question has stirred a feeling of nostalgic gratitude.  Because of that,[2] I want to give this member an answer that is really solid, helpful, and clear.  But as they say in the construction biz when people ask for a job that is quick, quality, and cheap: I can give you a combination of any two, but not all three.

Here is the part of the answer that is solid and clear: Making a recording of a copyright-protected composition, unless the recorder has the permission of the copyright owner, or the recording falls under an exception, is copyright infringement…even for educational purposes.

Is there helpful and solid authority on that?  Yes. Circular 21, the long-standing guidance on the relevant copyright laws,[3] makes it clear that for educators, only the following recording of musical compositions is allowed under "fair use":

A single copy of recordings of performances by students may be made for valuation or rehearsal purposes and may be retained by the educational institution or individual teacher.

[AND]

A single copy of a sound recording (such as a tape, disc, or cassette) of copyrighted music may be made from sound recordings owned by an educational institution or an individual teacher for the purpose of constructing aural exercises or examinations and may be retained by the educational institution or individual teacher. (This pertains only to the copyright of the music itself and not to any copyright which may exist in the sound recording.)

So, at first blush, the answer to the member's first question (and thus, all the following questions) is: NO.

Now, the core guidance in Circular 21 is OLD.[4]  It pre-dates streaming, it pre-dates file-sharing, and depending on what start date you give the web, it pre-dates the Internet.  But insofar as case law and legal commentary is concerned, it abides.[5]

So, while I have to answer a resounding NO to the question just as it is asked, I can offer a few helpful and clear solutions.

First, it never hurts to ask.  Depending on the copyright holder, you may be able to get a "limited license" for the very thing you want to do.  Some owners might even be charmed.  Others, of course, will just refer you to their manager.  You never know until you try.  Just make sure you get it in writing.

Second, while the Circular 21 guidance quoted above gives clear examples of what fair use permits, on page 7 of Circular 21, just before listing those guidelines, it states "There may be instances in which copying which does not fall within the guidelines stated below may nonetheless be permitted under the criteria of fair use."

So, if a version has been recorded for performance as part of a clever mash-up, for purposes of commentary and criticism, or another use that might meet fair uses' four factors, this approach is worth considering.  Sadly, since that is a case-by-case analysis, I can't say what precisely when that is allowed!  An education institution should perform such an analysis using its fair use form.[6]

Third--and I can't believe I am suggesting this--it may be that a combination of different licensing can arrange this precise permission for you.

We'll call this the "Two-Step Shuffle" solution.  It is meant to be helpful, and it is solid, but I am concerned it might not be too clear.  But let's give it a go.

NOTE: to use the "Two-Step Shuffle" solution, your institution MUST have a public performance license from a licensor like ASCAP or BMI.  So, if your school doesn't have one, just stop reading, right now.  But if you do…

Step one: see if the song you want to record is licensed for "covers" on a publicly accessible "host site" like YouTube.[7]  If the host site[8] has the license, you can record the accompaniment as a "cover," and put it on the host site.

Step two:  With your "cover" recorded, you can then play it from YouTube at any premises that has a license for public performance (this is why you need that license from ASACP or BMI…which is also what covers playing music at a high school dance, music over the loudspeaker during halftime, etc.).

Of course, this being an Internet solution, the "Two-Step Shuffle" solution could disappear at any moment!  But this being the Internet, something else will take its place.

Now, in suggesting a school to make use of a commercial video hosting service (like YouTube), I would like to take a moment to discuss those two important legal concepts: "Coulda," and "Shoulda."

Just because a school can upload content to a site like YouTube, and get a license for a cover, doesn't mean it should.  After all, when using a service like YouTube, an institution agrees with these terms:

By providing Content to the Service, you grant to YouTube a worldwide, non-exclusive, royalty-free, sublicensable and transferable license to use that Content (including to reproduce, distribute, prepare derivative works, display and perform it) in connection with the Service and YouTube’s (and its successors' and Affiliates') business, including for the purpose of promoting and redistributing part or all of the Service.

In other words, you're feeding the beast; you're commodifying the content you've chosen to share.  If it's student work, there are privacy and further intellectual property concerns (students own their copyrights, after all).  None of these are things an educator should take lightly.

That said, if approached with the right balance of attention to legal details and commitment to artistic excellence, the "Two-Step Shuffle" can also show future artists and performers how to respect copyright law and engage in self-promotion (which seems to be a critical skill  nowadays).  So "woulda, coulda, shoulda?"  If you undertake the "Two-Step Shuffle" solution, do it with an "ethics buddy" (preferably an administrator who has your back).

And of course, a "Two-Step Shuffle" solution can only be used if you can answer these questions in the affirmative, and you preserve the documents from which you derive your answers:

1. Do you have express permission from the host site to make and post the recording on the host site?
   1. If "yes," keep a copy of that permission.
2. Do you have express permission to perform the recording at the premises?[9]
   1. If "yes", keep a copy of that permission, too.

That second part pertains to any other school or place that wants to publicly use your recording, as well.

So, there you have it.  Was this solid and/or helpful and/or clear?  In keeping with my Junior High memories, I give myself a "B."

I do wish this answer was a little less like trying to get the brass to come in at the right bar of "Star Wars," but copyright, fair use, and licensing take time and attention to detail to get right.

That said, with enough passion to fuel the effort, I am confident you'll hit the right note.

 

---

[1] That was me.  I played trumpet.  And had braces. NOT a good combo.

[2] And because I have high standards.

[3] Circular 21, "Reproduction of Copyrighted Works by Educators and Librarians," which has been in use since my days playing trumpet, and arguably, could use some updating.  You can find it here: https://www.copyright.gov/circs/circ21.pdf

[4] How old? It was first contained in a joint letter written by representatives of the Music Publishers’ Association of the United States, Inc., the National Music Publishers’ Association, Inc., the Music Teachers National Association, the Music Educators National Conference, the National Association of Schools of Music, and the "Ad Hoc Committee on Copyright Law Revision" on April 30, 1976.  Of course, if I tell my younger sister that something from 1976 is "old," I'll catch hell, but fortunately, she teaches religious education, not music.

[5] A scenario such as the one depicted by the member doesn't even get any slack from educators' other great copyright reprieve: section 110.  While 110 does allow a variety of exceptions for musical performances, it doesn't extend its tolerance to recording.

[6] Something no not-for-profit educational institution should be without, since it can help your institution limit damages under Section 504 of the Copyright Act.

[7] As of January 13, 2020, YouTube maintains a list of licensed songs you can record and upload at https://www.youtube.com/music_policies?ar=1578920053089&nv=1.  And, also as of this January 13, 2020, YouTube (unlike Netflix or HULU) enables businesses to use their services (rather than restricting them for "personal" and "home" use).

[8] Insofar as I know, only YouTube does this.  But I need to get out more, and of course, this type of thing evolves quickly in cyberspace.

[9] This is different than permission to perform the musical composition!

 

Yes, I can point you in the right direction…but I can’t take credit for drawing the map!

Since it pertains to a local “Music Educators Association,” this question brought me on a pleasant journey into the chartered territory of the “New York State School Music Association,” a/k/a “NYSSMA.”

NYSSMA is the organization for school music educators in New York.  Its mission is to “advance music education across New York State for its membership and students in member school programs.” 

Like libraries, schools, and BOCES, NYSSMA is chartered by the Regents of the State of New York.  To enable meaningful participation on a local level, NYSSMA is broken into 15 zones. 

In the member’s question, it sounds like a local zone of NYSSMA is asking a local BOCES for assistance.

Since both entities are chartered by the Regents, this makes sense; it’s like your cousin asking if she can store tools in your garage.  Except in this case…you aren’t sure where your cousin got the tools.  Or who might ask to borrow them.

As the member points out, this uncertainly could be cause for concern.  This is particularly true because under copyright law, a license is required to not only duplicate music, but to perform it, so an entity providing unauthorized copies could experience more than one type of liability.

Fortunately, there are many helpful resources to address this, and the basics are set out in plain language on the page of NYSMMA’s national affiliate, the “National Association for Music Educators (“NAfME”).

On their helpful page, found at https://nafme.org/my-classroom/copyright/, NAfME outlines the basics of managing a music library for NYSSMA members. 

As stated by NAfME:

“Unlike most educators, music educators must face copyright compliance frequently throughout their career. Although the thought of copyright can be intimidating and a complex subject, NAfME has a multitude of resources that can help you better understand U.S. copyright law.”

How does an institution considering providing this service get started? Any institution considering housing a music library (or script library, or an architectural plans library, or anything that will be licensed and/or loaned under particular conditions) for another entity needs to do these three things:

            1.  Research and assess the full scope of what will be required;

            2.  When the full scope is known, develop a budget, policies, job descriptions and a contract (or term sheet) to support what is needed; and

            3.  Finalize the arrangements in a way that mitigates risk,[1] and makes the service effective and sustainable.

Since this type of analysis can reveal the complexities of what may seem like a simple service, it is not surprising to hear that at one point a fee was required for it!

As the resources on the NAfME site show, housing and managing a music library is potentially a very detailed endeavor.  And while technology has made some aspects of the tasks involved easier, any institution providing such a service will need to make it a part of someone’s job.

So, after reviewing the basics on the NAfME site, it would be good to have a forward-thinking and specific discussion that addresses the following:

• Whose property are the copies to be housed and managed?
• Are there copies of the original purchase agreements and licenses?
• How is the collection to be searched?
• How is the music loaned out?
• Who tracks copies on loan?
• What is the approach for unreturned copies?
• Who arranges for performance licenses, and who keeps copies of permission granted?
• How are new works accessioned?
• How are copies de-accessioned?
• How are damaged copies replaced?
• What is the value of the collection?
• What is the cost of the service?

In addressing these questions, it is important to note that NYSSMA has access to numerous copyright-related resources as a member of NAfME.  For instance, as noted on the NAfME “copyright” page: “Through an agreement with ASCAP and BMI, NAfME (or MEA) sponsored groups are granted performance rights of music managed by these organizations. (This covers only performances sponsored by NAfME or federated state associations of NAfME.) However, if members wish to record their students’ performance of any work, permission must be obtained through Harry Fox Agency.” 

So awareness of NYSSMA’s rights, as parties explore how they could assist with housing and managing a NYSSMA-owned collection, would be critical.  Solid and well-coordinated compliance with license terms would also be important.

I know this is just the overture to a full answer, but thank you for a well-composed question.[2]

 

 

In the state of New York, library records linked to the names of users can only be disclosed:

1) upon request or consent of the user;

2) pursuant to subpoena or court order; or

3) where otherwise required by statute.

Therefore, the strong default answer to the member’s questions is “NO.”

This strong default position is based on New York Civil Procedure Rules (“CPLR”) 4509, which states:

Library records, which contain names or other personally identifying details regarding the users of public, free association, school, college and university libraries and library systems of this state, including but not limited to records related to the circulation of library materials, computer database searches, interlibrary loan transactions, reference queries, requests for photocopies of library materials, title reserve requests, or the use of audio-visual materials, films or records, shall be confidential and shall not be disclosed except that such records may be disclosed to the extent necessary for the proper operation of such library and shall be disclosed upon request or consent of the user or pursuant to subpoena, court order or where otherwise required by statute.

[emphasis added]

But when it comes to the records of minors at a school serving minors, after this omni-present strong default, there are some additional factors to consider.

FACTOR #1

Does the school condition library privileges on express parent/guardian access to library records?

Under CPLR 4509’s first prong (“consent of the user”), some libraries may condition library use by a minor on permission to share library records with parents/guardians. 

This condition is not invisible or automatic; it would need to be in the cardholder agreement signed by the student, or in a written school policy passed by the school board.  It must be clear, and in writing.

There is much vigorous debate about what level of parent/guardian access it is appropriate to condition library privileges on.[1]  But since such conditioning is allowed by the law, setting the appropriate balance between privacy and access is the job of the library and its leadership.

The bottom line on this factor? If a school library has an express, written policy allowing it,[2] and if that policy also complies with the school’s obligation’s under FERPA (see below), a list of titles checked out may be disclosed  to parents in conformity with CPLR 4509.

FACTOR #2 

Does the school regard library records as “education records” under FERPA?

The member’s questions warrant three considerations vis-à-vis FERPA (“Family Education Rights Privacy Act”), a country-wide law which applies to any educational institution receiving federal aid.

First FERPA consideration: Are the school’s library records accessible as “education records” under FERPA?

Because it is famous for protecting privacy, people generally think of FERPA as a bar—not a means—to information.  But FERPA expressly allows parents and guardians of students under 18 (unless the minors are attending a higher ed institution) to “inspect” “education records,” and, under the right circumstances, allows disclosure of education records to school administrators. 

A list of titles borrowed from a library, if maintained in a way that meets FERPA’s definition of “education records” could be subject to such inspection and disclosure. 

So let’s look at that definition:

[Information]

(1) Directly related to a student; and

(2) Maintained by an educational agency or institution or by a party acting for the agency or institution.[3]

That’s a broad definition!  But several categories of information are exempted from it, including:

 (i)  records of instructional, supervisory, and administrative personnel and educational personnel ancillary thereto which are in the sole possession of the maker thereof and which are not accessible or revealed to any other person except a substitute;[4]

Under this exception, school library records, if kept in a certain way (with only the librarian, or “substitute,” having access to the records, and the information not linked to or accessible to others, including the student), are arguably exempt from FERPA. 

What’s the take-away, here?  It is possible—but not a uniform rule—that school library records are “education records” under FERPA.  Determining if they are should be part of a school’s annual FERPA notice and policy work, and should be a consideration when a school library considers automation options. 

Second FERPA Consideration: If a school determines their library records DO qualify as “education records,” does a school administrator, safety officer, or SRO[5] have a right to access them under FERPA?

Even if the library records at a specific school qualify as “education records,” when it comes to school administrators, there are only two instances where disclosure is allowed.

The first instance is created by FERPA regulation §99.3.  It allows “… disclosure … to other school officials…[if the disclosure is in the student’s] legitimate educational interests.” 

With regard to a request for a list of borrowed library books, this means there must be a direct, pedagogical reason to disclose that particular list to that particular administrator, safety officer, or (if their contract has the right provisions) external personnel.  To determine if those individuals’ access is in the students “legitimate educational interests,” consideration of the unique circumstances is required, but it comes down to: how does this serve the student?  

The second instance is created by FERPA regulation §99.36.  This regulation allows an educational agency or institution to “disclose personally identifiable information from an education record to appropriate parties… in connection with an emergency if knowledge of the information is necessary to protect the health or safety of the student or other individuals.”

Under extraordinary circumstances, this exception could be cited to justify disclosure of education records to an administrator, safety officer or SRO addressing a concern about immediate health or safety. 

But the circumstances warranting the disclosure would need to be—as I say—extraordinary.  Congress and the U.S. Department of Education want this to be a very narrow exception tied to imminent threats:

The Department has consistently interpreted this provision narrowly by limiting its application to a specific situation that presents imminent danger to students or other members of the community, or that requires an immediate need for information in order to avert or diffuse serious threats to the safety or health of a student or other individuals.

Such a “health/safety” analysis—especially if used to justify disclosure of library records—will be highly fact-specific.  Whenever possible, it should be done in consultation with the school’s attorney, with careful consideration of the precise circumstances and any relevant policies (by the way, this is the kind of “now or never/critical” question school attorneys cancel meetings to research and answer promptly).

Third FERPA consideration: if a school determines their library records are “education records,” CPRL 4509 may still bar parent access under FERPA.

And finally, there is also a possibility that even if a school’s library records are “education records,” under FERPA, library records in New York schools are barred from being shared (without consent) with parents/guardians by CPLR 4509. 

I base this on §99.4 of the FERPA regulations, which states:

An educational agency or institution shall give full rights under the Act to either parent, unless the agency or institution has been provided with evidence that there is a court order, State statute, or legally binding document relating to such matters as divorce, separation, or custody that specifically revokes these rights.[6]

In New York, we have just such a “State statute:” CPLR 4509.  When it was adopted, its role was described as follows:

The New York State Legislature has a strong interest in protecting the right to read and think of the people of this State. The library, as the unique sanctuary of the widest possible spectrum of ideas, must protect the confidentiality of its records in order to insure its readers' right to read anything they wish, free from the fear that someone might see what they read and use this as a way to intimidate them. Records must be protected from the self-appointed guardians of public and private morality and from officials who might overreach their constitutional prerogatives. Without such protection, there would be a chilling effect on our library users as inquiring minds turn away from exploring varied avenues of thought because they fear the potentiality of others knowing their reading history.[7]

Those are some stirring words about privacy.  They show what the Assembly’s intent was when CPLR 4509 was passed. 

That said, this potential conflict between CPLR 4509 and FERPA has not been tested in a court of law.[8]  This position is not something a school should  adopt or rely on without consultation with their own attorney, as part of their annual FERPA notice and policy work.

But it is definitely something to consider.

Final FERPA Consideration: how to resolve a FERPA question when state and federal law conflict.

The good news in all this 4509/FERPA complexity is that FERPA itself anticipates this type of conflict and resulting concerns.  FERPA Regulation §99.61 states:

If an educational agency or institution determines that it cannot comply with the Act or this part due to a conflict with State or local law, it shall notify the Office within 45 days, giving the text and citation of the conflicting law.

In other words, the U.S. Department of Education knows schools will be wrestling with these issues!  A school that makes a good-faith determination of non-disclosure under FERPA (always with the advice of their attorney) can follow this policy for reporting a conflict.  The USDOE will write you back, even if your concern is policy-driven or hypothetical.

Conclusion

Since school libraries—which are legally distinct from libraries at colleges and universities—are specifically named in CPLR 4509, there is no doubt that 4509’s strong bar on disclosure applies to schools where minors are in attendance, while the law is silent about access of guardians/parents to their children’s library records.

The best way for a school library and its leadership to handle these questions is in advance, by having a policy that respects student/family rights, and the operations of the library. 

A good school library “Confidentiality of Library Records” policy will protect student privacy, educate students about their right to privacy, coordinate with the school’s position under FERPA, consider student and employee well-being, and position the library to operate properly. 

Creating such a policy is an exercise in staff teamwork and aboard responsibility.  Considering the complexity of the different factors at pay, I urge school librarians and their leaders to review these considerations with their own attorneys, and to work with their boards to adopt policies that reflect the legal position and the educational priorities of their institutions.

Thank you for these important questions.

 

The relationship between a person and their streaming content service is almost always[1] governed by a type of contract called a “license.”

As the members states, such a license (often accepted by clicking to accept terms left unread) can over-ride the infringement exceptions like those found in 17 U.S.C. §§107, 108, and 110.[2]

In other words, once a user voluntarily agrees to a contract restricting use of content, rights they may have once by law may become inaccessible.

Use of streaming content in the educational setting is a good example of this.  While Section 110 of the Copyright Act may allow a teacher to show a movie in class (if the movie is shown in the physical classroom and if the content is part of the curriculum), that same movie might not be accessible under the teacher’s Netflix license.

Why? Content providers change the terms of licenses all the time, but one thing is pretty constant: restricting subscription access to personal use.

Here is how Hulu puts it:

3.2 Your License. Hulu is pleased to grant you a non-exclusive limited license to use the Services, including accessing and viewing the Content on a streaming-only basis through the Video Player, for personal, non-commercial purposes as set forth in these Terms.

Netflix has a similar-sounding restriction.  Even the “Educational Screenings of Documentaries” the member references (found at https://help.netflix.com/en/node/57695) license is pretty narrow (and actually a shrewd PR move for a commercial service):

Educational screenings are permitted for any of the documentaries noted with this information, on the following terms:

The documentary may only be accessed via the Netflix service, by a Netflix account holder. We don’t sell DVDs, nor can we provide other ways for you to exhibit the film.

The screening must be non-profit and non-commercial. That means you can’t charge admission, or solicit donations, or accept advertising or commercial sponsorships in connection with the screening.

Please don’t use Netflix’s logos in any promotion for the screening, or do anything else that indicates that the screening is “official” or endorsed by Netflix.

We trust our users to respect these guidelines, which are intended to help you share and discuss our documentary content in your community.

To the extent your institution requires you to demonstrate that you have a license for your screening, please show them this page.

So there you have it: the only Netflix content that may be shown for classroom use is, as the member states, per this permission.

But (to address the other part of the member’s question) what are the consequences for not abiding by the license?  Is there a growing body of case law to show the fines, terminated accounts, and jail time[3] people are doing when they violate the terms of their streaming service license?

There is not. 

Why?  Most of these license agreements have arbitration clauses, meaning that disputes are settled without the publicly accessible process found in a court of law. 

Here is part of the arbitration clause from Netflix:

7.1. If you are a Netflix member in the United States (including its possessions and territories), you and Netflix agree that any dispute, claim or controversy arising out of or relating in any way to the Netflix service, these Terms of Use and this Arbitration Agreement, shall be determined by binding arbitration or in small claims court. … Arbitrators can award the same damages and relief that a court can award…. [4]

So there may be a number of instances where a license has been violated, and Netflix has sought “…the same damages and relief that a court can award” via arbitration.  But I don’t have access to that information.  Most of us just don’t know.[5]

I do know, however, that violating a license is wrong, and can have consequences. [6]  Further, I would hope that in the educational setting, modeling casual disregard for personal contractual obligations is not encouraged.

Teachers are usually barred by the contract from streaming Netflix services from their personal account in the classroom.  Unless there is an express license to the school from a streaming service, or for a particular film, I encourage teachers to obtain physical copies of films/DVD’s from the library, and play them in class on a good old-fashioned TV and DVD player, as Section 110 of the Copyright Act allows them to do. 

Thanks for this perceptive question.