A side effect of legal sports betting is that bettors will look for ways to gain an advantage in their wagers. Whether it is outright coordinated game fixing or inadvertent sharing of inside information, cheating threatens the integrity of the games, the athletes, and their colleges and universities.

Professional leagues combat insidious inside information leaks by issuing uniform injury reports. Although most collegiate sports teams have not had a practice of releasing injury reports, the reality of legal sports betting has ignited the discussion of whether college athletic departments should release availability or injury reports to improve transparency and protect institutional integrity.

The Legal Rules

Beyond the practical questions of whether there would be consistency and uniformity of reporting from athletic conferences, any proposed release of information beyond simply indicating the availability of a particular player would potentially have to meet the consent and authorization requirements under the federal laws that protect education and health records, namely the Family Educational Rights and Privacy Act (FERPA) and the Privacy Rule of HIPAA (the Health Insurance Portability and Accountability Act). Only with the appropriate written consents or authorizations from students or parents, if the students are minors, may education or health records be disclosed in most situations.

Colleges and universities may currently agree to share some information that would not run afoul of either of the federal laws. For example, FERPA permits colleges and universities to designate certain information as "directory information" and then share that information with anyone, provided the student hasn't opted out of the directory. Directory information includes categories of student information that, if disclosed, are generally considered not to be harmful or an invasion of privacy, including:

  • The student's name
  • Address
  • Telephone number
  • Date and place of birth
  • Academic majors
  • Terms of attendance
  • Extra-curricular activities
  • Height and weight of student athletes
  • Photographs
  • Email addresses

Therefore, colleges and universities can share a list of student athletes' directory information with the state's gaming board to create a list of prohibited bettors that would trigger an alert if a player attempted to place a bet.

Pursuant to FERPA, schools must provide annual notice to eligible students and parents designating the categories of information they consider to be directory information, and also must give students or parents the opportunity to opt out of the directory. The notice may be included in a school bulletin, the student handbook, or written communication directly to the students or parents. It also may be communicated electronically and on the school website.

Another example of information that would not run afoul of federal laws would be availability reports where the school would disclose the availability of players for upcoming games. As of May 2019, the NCAA Gambling Working Group has proposed such a pilot program for a national injury report. The report would disclose a list of student athletes who are available, possibly available, or unavailable for each game. If adopted, the pilot program would begin in the 2019 season.

Beyond the Federal Laws

Keep in mind that these federal statutes only regulate the disclosure of specific types of information by school officials or entities subject to FERPA and HIPAA. They do not regulate the disclosure of information by other students, or friends and family who have information that bettors may be interested in. Nothing in these laws prohibit anyone from approaching other students or friends of the athletes for information on how the athletes are faring at school, including facts about their physical or mental health.

Takeaways

Colleges and universities should consider taking several actions to successfully navigate in the world of legal sports betting. Schools may want to update their policies and procedures – as well as vendor contracts – to address these privacy, data, and integrity issues. Training for the college community as a whole should be considered about the rules and precautions needed for the disclosure of information and also how to identify and handle seemingly innocuous inquiries. In addition, universities should consider establishing protocols and plans for monitoring compliance and documenting, investigating, and responding to potential problems and violations.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.