In a letter to Secretary John B. King, CFA joins student rights, consumer rights, and children’s advocates, along with members of the EPIC Advisory Board, to petition the United States Department of Education to amend 34 C.F.R. Part 99 (“Family Educational Rights and Privacy”) to include a Data Security Rule that would require administrative, physical, and technical safeguards to prevent the unauthorized disclosure of personally identifiable information contained in education records, including directory information. Current recordkeeping practices fail to protect student data from unauthorized disclosure and threaten student privacy. The Rule should apply to all educational agencies, institutions and third parties that process personal data subject to FERPA.