Family Educational Rights and Privacy Act (FERPA) Compliance Quick Fact
The Family Educational Rights and Privacy Act (FERPA) was enacted in 1974 to protect student education records and pertains to any school, either K-12 or higher education, public, or private, that receives funds under any program from the U.S. Department of Education.
Many public and private, U.S. schools fall under FERPA and IT staff who work for these institutions must understand FERPA's provisions to ensure compliance.
Number 3: Use "Directory Information" carefully - FERPA established a class of information called "Directory Information"—information about a student that can be shared without that student's consent. According to regulations, directory information includes information "contained in an education record that would not generally be considered harmful or an invasion of privacy if disclosed and includes a student's name, address, telephone listing, email address, and other types of information about the student." Such directory information could include the student's name, e-mail address, telephone number, and other, non-sensitive information about a student—information that is commonly made available in a student directory. Information such as a Social Security number would not fall under this definition.
CompliancesForum provide FREE template, checklist, and update for your Regulatory Compliance need: Basel II Accord, Gramm Leach Bliley (GLBA), Healthcare Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standards (PCI DSS), Sarbanes Oxley Act (SOA)
