Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Update on FERPA and Student Privacy

Published byPaula Paul Modified over 6 years ago

Similar presentations

Presentation on theme: "An Update on FERPA and Student Privacy"— Presentation transcript:

1 An Update on FERPA and Student Privacy
Updates from the U.S. Department of Education MICHAEL HAWES Statistical Privacy Advisor Office of the Chief Privacy Officer U.S. Department of Education Legal Issues in Higher Education Norman, OK September 8, 2016

2 Presentation Overview
Introduction WIOA Guidance Reverse Transfer Guidance DCL on Student Medical Records IT Security Trends and DCLs from FSA Looking Ahead Questions

3 The U.S. Department of Education’s Role in Protecting Student Privacy
Administering and enforcing federal laws governing the privacy of student information Family Educational Rights and Privacy Act (FERPA) Raising awareness of privacy challenges Providing technical assistance to schools, districts, and states Promoting privacy & security best practices

4 Data Governance, Online Services, and Predictive Analytics
Increase in data silos at IHEs and the importance of Data Governance Guidance on Protecting Student Privacy while Using Online Educational Services (2014) and Model Terms of Service (2015) Be mindful of privacy and ethics when using predictive analytics in higher education

5 WIOA Guidance Joint Guidance on Data Matching to Facilitate WIOA Performance Reporting and Evaluation Jointly issued by U.S. Departments of Education and Labor (August 2016) Provides information to assist State agencies, educational institutions, and service providers in performance reporting and evaluation requirements under the Workforce Innovation and Opportunity Act (WIOA)

6 Student Medical Records
Dear Colleague Letter on Protecting Student Medical Records Issued by the Department’s Chief Privacy Officer (August 2016) Outlines legal protections relating to student medical records in the context of litigation between the institution and the student.

7 Guidance on FERPA and Reverse Transfer
FERPA and Reverse Transfer (SUNY Letter) Issued by the Family Policy Compliance Office (January 2016) Details various methods for disclosing student transcript information to promote Reverse Transfer and the awarding of Associate’s Degrees to students who have transferred to four-year institutions.

8 Data Breaches in Education
Source: Identity Theft Resource Center

9 Top Causes and Vulnerabilities
Phishing / Malware Hacking / Intrusion Lost or Stolen Hardware (Poor Storage) Mistakes – errant s, attachments, etc. Third Party Vendors / Service Providers

10 Post-secondary Data Breaches
School Method Victims UC Berkeley Hackers breached an unpatched security flaw in the Berkeley Financial System 80,000 North Carolina State University Phishing scam resulted in access to university account containing PII 38,000 Rockhurst University Phishing scam resulted in the theft of employee IRS W-2 forms 1,3000 University of Calgary Ransomware attack on university server All university staff. UC payed the hackers $15,000 to unlock their servers *Average cost to institutions per record across all sectors - $154.00

11 FSA Dear Colleague Letter Protecting Student Information (2015)
DCL ID: GEN “Protecting Student Information” (7/29/2015) “Instances of data breaches…continue to proliferate and reinforce the need for focused action…” FSA requires institutions to comply with the Gramm-Leach-Bliley Act. Institutions of higher education are required to ensure the security and confidentiality of customer records and information.

12 Dear Colleague Letter Protecting Student Information (2016)
DCL ID: GEN “Protecting Student Information” (7/1/2016) Under GLBA, postsecondary institutions must: Develop, implement, and maintain a written information security program; Designate the employee(s) responsible for coordinating the information security program; Identify and assess risks to customer information; Design and implement an information safeguards program; Select appropriate service providers that are capable of maintaining appropriate safeguards; and Periodically evaluate and update their security program. The Department is incorporating the GLBA security controls into the Annual Audit Guide, and will require the examination of evidence of GLBA compliance as part of institutions’ annual student aid compliance audit.

13 Looking Ahead

14 PTAC Service Offerings
Help Desk Training (CBT, webinar, or onsite) FERPA 101 Data Sharing under FERPA Data Security Best Practices Data Governance, Policy, and Architecture Reviews (online or onsite) Data Governance Data Security Architecture Breach Response Preparation Data Sharing MOU Assistance

15 Questions?

Download ppt "An Update on FERPA and Student Privacy"

Similar presentations

Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.
Federal Guidance on Statistical Use of Administrative Data Shelly Wilkie Martinez, Statistical and Science Policy, OIRA U. S. Office of Management and.

Federal Guidance on Statistical Use of Administrative Data Shelly Wilkie Martinez, Statistical and Science Policy, OIRA U. S. Office of Management and.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
“We’re From the Government and We’re Here to Help You” Privacy Initiatives at the U.S. Department of Education January 25, 2012 EDUCAUSE Webinar Kathleen.

“We’re From the Government and We’re Here to Help You” Privacy Initiatives at the U.S. Department of Education January 25, 2012 EDUCAUSE Webinar Kathleen.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.

Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works

Security Controls – What Works
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Data Privacy: Third Parties, Vendors, & Nonprofits Baron Rodriguez (PTAC), Michael Hawes (DoED), & Mike Tassey (PTAC)

Data Privacy: Third Parties, Vendors, & Nonprofits Baron Rodriguez (PTAC), Michael Hawes (DoED), & Mike Tassey (PTAC)
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Privacy and Security Risks in Higher Education

Privacy and Security Risks in Higher Education
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Similar presentations

Ads by Google