FERPA Update
description
Transcript of FERPA Update
![Page 1: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/1.jpg)
FERPA Update
February 13-14, 2012National Forum on Education StatisticsSan Diego, California
Kathleen M. StylesChief Privacy OfficerU.S. Department of Education
![Page 2: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/2.jpg)
2
Presentation Overview
A long and winding road: What we’ve been up to Overview of changes to FERPA regulations Case studies: “Real world” hypotheticals Priorities for 2012 Your feedback
![Page 3: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/3.jpg)
3
When Last We Talked ….
The situation at the July, 2011 STATS Conference:
Me: Almost brand new FERPA regulation changes: Gestating ED Data Release Working Group: Learning to walk PTAC: Hitting their stride
![Page 4: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/4.jpg)
4
Breaches by Educational Institutions
All varieties: hacking, loss of portable device, unintentional, insider breach, etc.
Year Number of Breaches
Number of Records
2005 64 1,886,8412006 103 2,019,1192007 107 791,9382008 103 1,107,0012009 71 1,062,2752010 73 1,575,698
2011 57 394,008
Source: Privacy Rights Clearinghouse
![Page 5: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/5.jpg)
5
What We’ve Been Up To
I’m proud that we … Published amended FERPA regulations on 12/1/2012 Issued a lot of guidance and best practices documents Resumed FERPA training Increased the coordination between PTAC and FPCO Started a 2-way line of communication
I am challenged with … Persistent, tough data release issues The mountain of work yet to do
![Page 6: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/6.jpg)
6
Best Practices and Guidance Resources Guidance on Reasonable Methods and Written Agreements Data Stewardship: Managing Personally Identifiable Information in Electr
onic Student Education Records Basic Concepts and Definitions for Privacy and Confidentiality in Student
Education Records Responding to IT Security Audits: Improving Data Security Practices Data Security: Top Threats to Data Protection Data Security Checklist Data Governance and Stewardship Data Governance Checklist Data Security and Management Training: Best Practice Considerations
…and more on the way…
![Page 7: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/7.jpg)
7
“You know how sometimes FERPA
can tie your brain in a knot trying to think
through it all?”
Our Favorite FERPA Quote
Received in an email to PTAC
![Page 8: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/8.jpg)
8
FERPA Regulatory Changes
274 Comments received Final FERPA regulatory changes
– December 2, 2011 Federal Register– Effective January 3, 2012
The new regulations serve to:– Strengthen enforcement– Help ensure student privacy– Improve program effectiveness
![Page 9: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/9.jpg)
9
FERPA Regulatory Changes – Studies Exception
State educational authorities acting on behalf of their constituent schools
Requirement for written agreements
But remember! Studies ≠ ResearchThere is no “Research Exception” under FERPA
![Page 10: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/10.jpg)
10
FERPA Regulatory Changes — Studies Exception
Not clear that a
redisclosure by
FERPA-permitted
entity (e.g., SEA)
would be “on
behalf of” an
educational
agency
State educational
authorities can
redisclose data on
behalf of their
constituent
schools
OLD
INTERPRETATION
NEW
INTERPRETATION
![Page 11: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/11.jpg)
11
New Definitions for Audits and Evaluations
Authorized Representative– Any entity or individual designated by a State or local educational authority
or an agency headed by an official… to conduct—with respect to Federal- or State-supported education programs—any audit or evaluation, or any compliance or enforcement activity in connection with Federal legal requirements that relate to these programs (FERPA regulations, § 99.3).
Education Program– Any program principally engaged in the provision of education, including, but
not limited to, early childhood education, elementary and secondary education, postsecondary education, special education, job training, career and technical education, and adult education, and any program that is administered by an educational agency or institution (FERPA regulations § 99.3).
![Page 12: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/12.jpg)
12
FERPA Regulatory Changes – Audit and Evaluation
Requirement to use “reasonable methods” Written agreements mandatory “Guidance on Reasonable Methods and Written
Agreements”
![Page 13: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/13.jpg)
13
FERPA Regulatory Changes – Directory Information
ID badges Limited directory information
![Page 14: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/14.jpg)
14
FERPA Regulatory Changes - Enforcement
Enforcement now allowed against entities without students
Five year ban extended to audit and evaluation exception
![Page 15: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/15.jpg)
15
FERPA Regulatory Changes — Enforcement
No clear
authority to
bring
enforcemen
t actions
against
entities that
have no
students
OLD
INTERPRETATION
NEW
INTERPRETATION
![Page 16: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/16.jpg)
16
Case Study 1: High School Feedback Report
SFSF requirement: publish data on student success in college
Assume functional K-12 SLDS Assume Higher Education Governing Board with public
postsecondary information Accomplish using audit/evaluation exception and
written agreement Use reasonable methods and select best practices
![Page 17: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/17.jpg)
17
Case Study 2: Head Start Program
Local community action organization operates an HHS-funded Head Start program
The Head Start program wants to evaluate how well it is preparing children for school in K-3
Assume functional K-12 SLDS As a federally funded “education program” the Head
Start program uses the audit/evaluation exception Written agreement/Reasonable methods/Best practices And don’t forget the recordation requirement
![Page 18: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/18.jpg)
18
Case Study 4: Technical Assistance
High school health clinics run by city health department Research organization wants to conduct both a health
and an educational assessment LEA is concerned about FERPA and contacts PTAC PTAC conducts site visit, consults with FPCO, and
makes best practices recommendations New agreements executed, following guidance FPCO concludes that the LEA is in compliance
![Page 19: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/19.jpg)
19
Priorities for 2012
Expansion of PTAC to LEAs More guidance and best practices:
Formal ED guidancePTAC best practices guidanceCase studiesFAQs, etc.
Inter-agency collaboration Publishing data while protecting PII Privacy and transparency
![Page 20: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/20.jpg)
20
Prioritizing Guidance
We can’t do it all! Priorities for 2012 include: Template or checklist for written agreements Email and electronic transmission of PII Video – which ones are “education records?” Joint guidance with USDA on FRPL data Breach response checklist Best practices for transparency Distinctions between de-identified and aggregate data
![Page 21: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/21.jpg)
21
Longer Term Projects:
Student government records – are they “education records?”
Guidance on responding to subpoenas and court orders Updating 1997 publication on FERPA in the juvenile
justice system External researcher access I’d like your input too
![Page 22: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/22.jpg)
22
2012 — PTAC Initiatives
Expansion to LEAs Coordination with FPCO Helping organizations come into compliance
– Statistical and data security experts– Site visits and regional meetings– Best practices guidance documents and training
materials– Compliance vs. transparency
![Page 23: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/23.jpg)
23
Inter-Agency Collaboration
Agriculture: Free and reduced price lunch data Federal Trade Commission: Child ID theft Health and Human Services: Early childhood programs
and foster children Department of Justice:
Patriot Act amendments to FERPA Updating 1997 juvenile justice guidance Responding to subpoenas and court orders
![Page 24: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/24.jpg)
24
Publishing Data While Protecting PII
Utility vs. privacy in data tables Disclosure avoidance in an information-rich world Technical Brief 3 and strong public interest A need for more uniformity and rigor Data Release Working Group
![Page 25: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/25.jpg)
25
Beware!
Expect a 2012 update of:“Children’s Educational Records and Privacy: A Study of Elementary and Secondary School State Reporting Systems,” Fordham Center on Law and Information Policy, 2009.
Transparency is key Don’t forget about your contracts PTAC will be reaching out to help you
![Page 26: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/26.jpg)
26
Key Messages to Take Home
Parents should be able to find basic information on your website about what you are doing with their children’s
data and how you are protecting it.
Be proud! If you’re learning important things from student data, publish those results.
![Page 27: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/27.jpg)
27
If you’re staying for the MIS Conference ….
Wednesday, 10:15 a.m. (Nautilus 1):“PTAC and FPCO: Moving Forward Under the New FERPA Regulations”
Thursday, 10:00 a.m. (Nautilus 5): “Protection of Personally Identifiable
Information Through Disclosure Avoidance Techniques”
![Page 28: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/28.jpg)
28
Contact Information
Kathleen M. StylesChief Privacy OfficerU.S. Department of [email protected](202) 453-5587
![Page 29: FERPA Update](https://reader035.fdocuments.us/reader035/viewer/2022062815/5681697c550346895de18aa4/html5/thumbnails/29.jpg)
29
Questions and Comments
Your feedback helps us prioritize our work better. What questions, comments, or concerns do you want to discuss?