Catching fraudsters – legally and ethically
If someone falsely claims a college degree, it tells you a lot about that person’s character. It’s also bad for business when the lie is exposed. That’s why, as part of our due diligence process, we regularly verify all credentials in supplied information and disclosure forms. It’s a simple way to catch a fraudster, and I often wonder why more people don’t do this.
Which is why I was initially intrigued by the news about a Florida politician and a fake diploma. I’m usually cheering on anyone who uncovers this type of fraud, but, after reading about news site FLA News allegedly obtaining records through the National Student Clearinghouse (NSC), the primary provider of U.S. degree verifications, I’m left wondering about FLA News tactics.
First we have the Family Educational Rights and Privacy Act (FERPA), which clearly states that you need the student’s consent to obtain this information, except in certain situations. Note that journalists don’t fall into any these exceptions:
“Generally, schools must have written permission from the parent or eligible student in order to release any information from a student’s education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR § 99.31):
- School officials with legitimate educational interest;
- Other schools to which a student is transferring;
- Specified officials for audit or evaluation purposes;
- Appropriate parties in connection with financial aid to a student;
- Organizations conducting certain studies for or on behalf of the school;
- Accrediting organizations;
- To comply with a judicial order or lawfully issued subpoena;
- Appropriate officials in cases of health and safety emergencies; and
- State and local authorities, within a juvenile justice system, pursuant to specific State law.”
Then we have the NSC terms and conditions that pops up each time you submit a verification request:
“…The Requestor agrees that it will not release, transfer, distribute, share or re-disclose any information that it has obtained from the Clearinghouse to any other entity or individual, whether for sale or free of charge, except to the individual or entity on whose behalf the Requestor is acting or the student or certificate holder whose enrollment, degree, or certification was verified…”
Also,
“…Both parties agree to comply with all applicable laws and regulations governing the activities and services provided under these Terms and Conditions, including, in particular, the FERPA and other applicable laws concerning the privacy and confidentiality of information and records.”
And this, from the NSC FAQs:
“Frequently, the Clearinghouse is directly approached for verifications by members of the media or private investigators. We refer these requestors to the institution so that the institution can directly handle these sometimes sensitive inquiries.”
So, we have FERPA consent requirements, NSC terms and conditions about sharing records and complying with privacy laws, and NSC policy about media requests. It’s pretty clear what’s allowed and what’s not.
I’m all for exposing fraudsters and admit that it makes my day when I catch someone lying about a college degree. But I’m uncomfortable with journalists who could be bypassing the law to obtain and share someone’s educational records.
Catching fraudsters through fraudulent methods may be great for headlines, but it only makes things more difficult for the rest of us – legitimate investigators just trying to do our jobs.
This raises a question in the mind of this researcher… What if you find information that appears to have been obtained fraudulently but appears in on a news site? In this case, the university confirmed the fraud; what if they had declined to comment?
Marcy, your thoughts?
This is a tough question for researchers and investigator. We frequently find information on the web marked “confidential” or we see info that’s been obtained fraudulently. I think I would take info that was obtained fraudulently with a grain of salt and try to verify another way. After all, how do you trust it? In this case, I’m also concerned that the university provided information without consent. They’re supposed to have consent, although I see universities do this all the time.