vanwinkle wrote:Wouldn't an actual audit require going into individual student records? ... It doesn't sound like there's an exception for providing scores directly to the ABA.
I am pretty sure that FERPA allows accrediting bodies to view complete student files. Provided the numbers are in the files (and they would be), the ABA could get them. The APA, AMA, and specialty accrediting boards require production of entire student files as part of their reaccreditation procedures, and I can't think of a reason why the ABA would be any different.
LSAC can't do it because they don't they are not allowed direct access to files as an accrediting body and the schools can't disclose information about matriculation back to LSAC. Publishing a de-identified list is a possibility, but it depends upon the standards adopted by FERPA for identification. If they use the HIPAA standard for de-identification, then there is no chance of this being OK. Under HIPAA, data is only de-identified if nobody could possibly attach an identity to the data using unprotected information. The "nobody" in this standard includes the person whose data is theoretically de-identified. So if there is enough information provided for someone to figure out that what line of data represents them on the list, it isn't de-identified. LSAC number would pretty much kill this, but even the association between GPA and LSAT would likely be too identifiable. How many 180/2.74 are there in the US? If the answer is one, then the data is identifiable.