An Update on FERPA and Student Privacy

Slides:

Advertisements

Similar presentations

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Advertisements

Red Flag Rules: What they are? & What you need to do

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

Federal Guidance on Statistical Use of Administrative Data Shelly Wilkie Martinez, Statistical and Science Policy, OIRA U. S. Office of Management and.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Springfield Technical Community College Security Awareness Training.

“We’re From the Government and We’re Here to Help You” Privacy Initiatives at the U.S. Department of Education January 25, 2012 EDUCAUSE Webinar Kathleen.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

Information Security Policies Larry Conrad September 29, 2009.

Security Controls – What Works

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

Data Privacy: Third Parties, Vendors, & Nonprofits Baron Rodriguez (PTAC), Michael Hawes (DoED), & Mike Tassey (PTAC)

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Privacy and Security Risks in Higher Education

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.

U.S. Department of Education Privacy Initiatives Kathleen M. Styles Chief Privacy Officer U.S. Department of Education April 18, 2011.

THE FAMILY EDUCATION RIGHTS & PRIVACY ACT (FERPA) Presented by: Robin B. Snyder, Esquire.

Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

NESTOA September 20, 2011 Safeguards Program Briefing.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

Managing your Institution-Specific HIPAA Compliance Policies and Procedures Cutting Edge Issues Thursday, December 13, 2007.

Information Security General Awareness Training Module 1 – Introduction For The UF HSC Workforce.

U.S. Department of Education Safeguarding Student Privacy Melanie Muenzer U.S. Department of Education Chief of Staff Office of Planning, Evaluation, and.

1 PARCC Data Privacy & Security Policy December 2013.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Data Sharing: Federal TA Efforts, What We Know & What We Need to Know Improving Data Improving Outcomes Meeting September 2013 Washington, DC 1.

Configuring Electronic Health Records Privacy and Security in the US Lecture a This material (Comp11_Unit7a) was developed by Oregon Health & Science University.

Breakaway Session 2: Data Protection and The Role of the Data Protection Supervisor Michael Mingle Director, NTSS Solutions (UK) D ATA P ROTECTION C ONFERENCE.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

The Georgia Open Records Act and ferpa

Welcome to Workforce 3 One U.S. Department of Labor Employment and Training Administration Webinar Date: Thursday, October 23, 2014 Presented by: Division.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Provide an overview of WIOA and the joint guidance Provide an overview of the Federal laws and regulations governing the use and disclosure.

Securing Information Systems

WIOA and UI Confidentiality: What States Should Know About the Recent Amendments to 20 CFR /22/2016.

Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.

Michael Wright • Chief Security Officer • Tech Lock

The Pennsylvania State University

Promoting Evidence-Based Policymaking by Sharing State Administrative Data Dr. Marty Romitti January 25, 2017.

When to share and not to share information

Regulatory Compliance

Data Sharing, Storage, & Consent

Post-Secondary Institution Data-Security Overview and Requirements

Chapter 3: IRS and FTC Data Security Rules

IS4680 Security Auditing for Compliance

Agenda Introduction Why is cybersecurity important? Laws & Regulations

Data Sharing, Storage, & Consent

Darrin Rooker, MS NYSFAAA President

Scott McGlynn, Marketing & Content Manager

Protecting Personal Information Guidance for Business.

Red Flags Rule An Introduction County College of Morris

Current Privacy Issues That May Affect Your Credit Union

MBUG 2018 Session Title: NIST in Higher Education

UCA Gramm-Leach Bliley Act (GLBA) Safeguards Rule Compliance Training Effective June 12, 2018 Adapted from materials published by the Federal Trade Commission.

Data Security Julie D. Wilson Sr

Student Data & Privacy.

Technical Assistance Webinar

Student Data Privacy: National Trends and Wyoming’s Role

EASFAA Annual Conference Portland, ME May 6, 2019

Colorado “Protections For Consumer Data Privacy” Law

Presentation transcript:

An Update on FERPA and Student Privacy Updates from the U.S. Department of Education MICHAEL HAWES Statistical Privacy Advisor Office of the Chief Privacy Officer U.S. Department of Education Legal Issues in Higher Education Norman, OK September 8, 2016

Presentation Overview Introduction WIOA Guidance Reverse Transfer Guidance DCL on Student Medical Records IT Security Trends and DCLs from FSA Looking Ahead Questions

The U.S. Department of Education’s Role in Protecting Student Privacy Administering and enforcing federal laws governing the privacy of student information Family Educational Rights and Privacy Act (FERPA) Raising awareness of privacy challenges Providing technical assistance to schools, districts, and states Promoting privacy & security best practices

Data Governance, Online Services, and Predictive Analytics Increase in data silos at IHEs and the importance of Data Governance Guidance on Protecting Student Privacy while Using Online Educational Services (2014) and Model Terms of Service (2015) Be mindful of privacy and ethics when using predictive analytics in higher education

WIOA Guidance Joint Guidance on Data Matching to Facilitate WIOA Performance Reporting and Evaluation Jointly issued by U.S. Departments of Education and Labor (August 2016) Provides information to assist State agencies, educational institutions, and service providers in performance reporting and evaluation requirements under the Workforce Innovation and Opportunity Act (WIOA)

Student Medical Records Dear Colleague Letter on Protecting Student Medical Records Issued by the Department’s Chief Privacy Officer (August 2016) Outlines legal protections relating to student medical records in the context of litigation between the institution and the student.

Guidance on FERPA and Reverse Transfer FERPA and Reverse Transfer (SUNY Letter) Issued by the Family Policy Compliance Office (January 2016) Details various methods for disclosing student transcript information to promote Reverse Transfer and the awarding of Associate’s Degrees to students who have transferred to four-year institutions.

Data Breaches in Education Source: Identity Theft Resource Center

Top Causes and Vulnerabilities Phishing / Malware Hacking / Intrusion Lost or Stolen Hardware (Poor Storage) Mistakes – errant emails, attachments, etc. Third Party Vendors / Service Providers

Post-secondary Data Breaches School Method Victims UC Berkeley Hackers breached an unpatched security flaw in the Berkeley Financial System 80,000 North Carolina State University Phishing scam resulted in access to university email account containing PII 38,000 Rockhurst University Phishing scam resulted in the theft of employee IRS W-2 forms 1,3000 University of Calgary Ransomware attack on university email server All university staff. UC payed the hackers $15,000 to unlock their servers *Average cost to institutions per record across all sectors - $154.00

FSA Dear Colleague Letter Protecting Student Information (2015) DCL ID: GEN-15-18 “Protecting Student Information” (7/29/2015) “Instances of data breaches…continue to proliferate and reinforce the need for focused action…” FSA requires institutions to comply with the Gramm-Leach-Bliley Act. Institutions of higher education are required to ensure the security and confidentiality of customer records and information.

Dear Colleague Letter Protecting Student Information (2016) DCL ID: GEN-16-12 “Protecting Student Information” (7/1/2016) Under GLBA, postsecondary institutions must: Develop, implement, and maintain a written information security program; Designate the employee(s) responsible for coordinating the information security program; Identify and assess risks to customer information; Design and implement an information safeguards program; Select appropriate service providers that are capable of maintaining appropriate safeguards; and Periodically evaluate and update their security program. The Department is incorporating the GLBA security controls into the Annual Audit Guide, and will require the examination of evidence of GLBA compliance as part of institutions’ annual student aid compliance audit.

Looking Ahead

PTAC Service Offerings http://ptac.ed.gov Help Desk (privacyTA@ed.gov) Training (CBT, webinar, or onsite) FERPA 101 Data Sharing under FERPA Data Security Best Practices Data Governance, Policy, and Architecture Reviews (online or onsite) Data Governance Data Security Architecture Breach Response Preparation Data Sharing MOU Assistance

Questions?