Presentation is loading. Please wait.

Presentation is loading. Please wait.

FERPA Update February 13-14, 2012 National Forum on Education Statistics San Diego, California Kathleen M. Styles Chief Privacy Officer U.S. Department.

Published byJames Lang Modified over 8 years ago

Similar presentations

Presentation on theme: "FERPA Update February 13-14, 2012 National Forum on Education Statistics San Diego, California Kathleen M. Styles Chief Privacy Officer U.S. Department."— Presentation transcript:

1 FERPA Update February 13-14, 2012 National Forum on Education Statistics San Diego, California Kathleen M. Styles Chief Privacy Officer U.S. Department of Education

2 Presentation Overview  A long and winding road: What we’ve been up to  Overview of changes to FERPA regulations  Case studies: “Real world” hypotheticals  Priorities for 2012  Your feedback 2

3 When Last We Talked …. The situation at the July, 2011 STATS Conference:  Me: Almost brand new  FERPA regulation changes: Gestating  ED Data Release Working Group: Learning to walk  PTAC: Hitting their stride 3

4 Breaches by Educational Institutions All varieties: hacking, loss of portable device, unintentional, insider breach, etc. Year Number of Breaches Number of Records 2005641,886,841 20061032,019,119 2007107791,938 20081031,107,001 2009711,062,275 2010731,575,698 201157 394,008 Source: Privacy Rights Clearinghouse 4

5 What We’ve Been Up To I’m proud that we …  Published amended FERPA regulations on 12/1/2012  Issued a lot of guidance and best practices documents  Resumed FERPA training  Increased the coordination between PTAC and FPCO  Started a 2-way line of communication I am challenged with …  Persistent, tough data release issues  The mountain of work yet to do 5

6 Best Practices and Guidance Resources  Guidance on Reasonable Methods and Written Agreements Guidance on Reasonable Methods and Written Agreemen  Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records  Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records  Responding to IT Security Audits: Improving Data Security Practices Responding to IT Security Audits: Improving Data Security Practices  Data Security: Top Threats to Data Protection Data Security: Top Threats to Data Protection  Data Security Checklist Data Security Checklist  Data Governance and Stewardship Data Governance and Stewardship  Data Governance Checklist Data Governance Checklist  Data Security and Management Training: Best Practice Considerations Data Security and Management Training: Best Practice Considerations …and more on the way… 6

7 7 “You know how sometimes FERPA can tie your brain in a knot trying to think through it all?” Our Favorite FERPA Quote Received in an email to PTAC

8 FERPA Regulatory Changes  274 Comments received  Final FERPA regulatory changes – December 2, 2011 Federal RegisterFederal Register – Effective January 3, 2012  The new regulations serve to: – Strengthen enforcement – Help ensure student privacy – Improve program effectiveness 8

9 FERPA Regulatory Changes – Studies Exception  State educational authorities acting on behalf of their constituent schools  Requirement for written agreements But remember! Studies ≠ Research There is no “Research Exception” under FERPA 9

10 10 FERPA Regulatory Changes — Studies Exception Not clear that a redisclosure by FERPA-permitted entity (e.g., SEA) would be “on behalf of” an educational agency State educational authorities can redisclose data on behalf of their constituent schools OLD INTERPRETATION NEW INTERPRETATION

11 New Definitions for Audits and Evaluations  Authorized Representative – Any entity or individual designated by a State or local educational authority or an agency headed by an official… to conduct—with respect to Federal- or State-supported education programs—any audit or evaluation, or any compliance or enforcement activity in connection with Federal legal requirements that relate to these programs (FERPA regulations, § 99.3).  Education Program – Any program principally engaged in the provision of education, including, but not limited to, early childhood education, elementary and secondary education, postsecondary education, special education, job training, career and technical education, and adult education, and any program that is administered by an educational agency or institution (FERPA regulations § 99.3). 11

12 FERPA Regulatory Changes – Audit and Evaluation  Requirement to use “reasonable methods”  Written agreements mandatory  “Guidance on Reasonable Methods and Written Agreements” 12

13 FERPA Regulatory Changes – Directory Information  ID badges  Limited directory information 13

14 FERPA Regulatory Changes - Enforcement  Enforcement now allowed against entities without students  Five year ban extended to audit and evaluation exception 14

15 15 FERPA Regulatory Changes — Enforcement No clear authority to bring enforcement actions against entities that have no students Enforcement (e.g., 5-year ban) against entities receiving ED funds, even if there are no students in attendance OLD INTERPRETATION NEW INTERPRETATION

16 Case Study 1: High School Feedback Report  SFSF requirement: publish data on student success in college  Assume functional K-12 SLDS  Assume Higher Education Governing Board with public postsecondary information  Accomplish using audit/evaluation exception and written agreement  Use reasonable methods and select best practices 16

17 Case Study 2: Head Start Program  Local community action organization operates an HHS- funded Head Start program  The Head Start program wants to evaluate how well it is preparing children for school in K-3  Assume functional K-12 SLDS  As a federally funded “education program” the Head Start program uses the audit/evaluation exception  Written agreement/Reasonable methods/Best practices  And don’t forget the recordation requirement 17

18 Case Study 4: Technical Assistance  High school health clinics run by city health department  Research organization wants to conduct both a health and an educational assessment  LEA is concerned about FERPA and contacts PTAC  PTAC conducts site visit, consults with FPCO, and makes best practices recommendations  New agreements executed, following guidance  FPCO concludes that the LEA is in compliance 18

19 Priorities for 2012  Expansion of PTAC to LEAs  More guidance and best practices:  Formal ED guidance  PTAC best practices guidance  Case studies  FAQs, etc.  Inter-agency collaboration  Publishing data while protecting PII  Privacy and transparency 19

20 Prioritizing Guidance We can’t do it all! Priorities for 2012 include:  Template or checklist for written agreements  Email and electronic transmission of PII  Video – which ones are “education records?”  Joint guidance with USDA on FRPL data  Breach response checklist  Best practices for transparency  Distinctions between de-identified and aggregate data 20

21 Longer Term Projects:  Student government records – are they “education records?”  Guidance on responding to subpoenas and court orders  Updating 1997 publication on FERPA in the juvenile justice system  External researcher access  I’d like your input too 21

22 22 2012 — PTAC Initiatives  Expansion to LEAs  Coordination with FPCO  Helping organizations come into compliance – Statistical and data security experts – Site visits and regional meetings – Best practices guidance documents and training materials – Compliance vs. transparency

23 Inter-Agency Collaboration  Agriculture: Free and reduced price lunch data  Federal Trade Commission: Child ID theft  Health and Human Services: Early childhood programs and foster children  Department of Justice:  Patriot Act amendments to FERPA  Updating 1997 juvenile justice guidance  Responding to subpoenas and court orders 23

24 Publishing Data While Protecting PII  Utility vs. privacy in data tables  Disclosure avoidance in an information-rich world  Technical Brief 3 and strong public interest  A need for more uniformity and rigor  Data Release Working Group 24

25 Beware!  Expect a 2012 update of: “Children’s Educational Records and Privacy: A Study of Elementary and Secondary School State Reporting Systems,” Fordham Center on Law and Information Policy, 2009.  Transparency is key  Don’t forget about your contracts  PTAC will be reaching out to help you 25

26 Key Messages to Take Home Parents should be able to find basic information on your website about what you are doing with their children’s data and how you are protecting it. Be proud! If you’re learning important things from student data, publish those results. 26

27 If you’re staying for the MIS Conference ….  Wednesday, 10:15 a.m. (Nautilus 1): “PTAC and FPCO: Moving Forward Under the New FERPA Regulations”  Thursday, 10:00 a.m. (Nautilus 5): “Protection of Personally Identifiable Information Through Disclosure Avoidance Techniques” 27

28 Contact Information 28 Kathleen M. Styles Chief Privacy Officer U.S. Department of Education Kathleen.styles@ed.gov (202) 453-5587

29 Questions and Comments Your feedback helps us prioritize our work better. What questions, comments, or concerns do you want to discuss? 29

Download ppt "FERPA Update February 13-14, 2012 National Forum on Education Statistics San Diego, California Kathleen M. Styles Chief Privacy Officer U.S. Department."

Similar presentations

National Forum on Education Statistics sponsored by the National Cooperative Education Statistics System and the National Center for Education Statistics.

National Forum on Education Statistics sponsored by the National Cooperative Education Statistics System and the National Center for Education Statistics.
Information for Students MGH Institute of Health Professions Use your down arrow or click your mouse to advance through the presentation.

Information for Students MGH Institute of Health Professions Use your down arrow or click your mouse to advance through the presentation.
FERPA: UPDATE ON THE FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Presented by Brenda V. S. Selman University Registrar-MU University of Missouri-Columbia.

FERPA: UPDATE ON THE FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Presented by Brenda V. S. Selman University Registrar-MU University of Missouri-Columbia.
Intro. Website Purposes  Provide templates and resources for developing early childhood interagency agreements and collaborative procedures among multiple.

Intro. Website Purposes  Provide templates and resources for developing early childhood interagency agreements and collaborative procedures among multiple.
Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.
FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.

FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.
FERPA Family Educational Rights and Privacy Act September 20, 2012Presented by: David Stocker General Counsel ACT, Inc.

FERPA Family Educational Rights and Privacy Act September 20, 2012Presented by: David Stocker General Counsel ACT, Inc.
School-Based Health Centers & Confidentiality: Understanding FERPA & HIPAA Laurie Mesibov & Jill Moore UNC School of Government December 2012.

School-Based Health Centers & Confidentiality: Understanding FERPA & HIPAA Laurie Mesibov & Jill Moore UNC School of Government December 2012.
“We’re From the Government and We’re Here to Help You” Privacy Initiatives at the U.S. Department of Education January 25, 2012 EDUCAUSE Webinar Kathleen.

“We’re From the Government and We’re Here to Help You” Privacy Initiatives at the U.S. Department of Education January 25, 2012 EDUCAUSE Webinar Kathleen.
Privacy and Data Sharing in Higher Education: Open your Data, not Pandora’s Box August 9, 2012 2012 SHEEO Higher Education Policy Conference Kathleen M.

Privacy and Data Sharing in Higher Education: Open your Data, not Pandora’s Box August 9, SHEEO Higher Education Policy Conference Kathleen M.
PROPOSED FERPA REGULATIONS April 14, 2011 Steven Y. Winnick EducationCounsel LLC 202-545-2913 Data Quality Campaign.

PROPOSED FERPA REGULATIONS April 14, 2011 Steven Y. Winnick EducationCounsel LLC Data Quality Campaign.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
FERPA: WHAT YOU SHOULD KNOW ILASFAA April 18, 2008 Amy Perrin Director of Financial Aid Elgin Community College.

FERPA: WHAT YOU SHOULD KNOW ILASFAA April 18, 2008 Amy Perrin Director of Financial Aid Elgin Community College.
March 4, 2015 U.S. Department of Labor U.S. Department of Education U.S. Department of Health and Human Services.

March 4, 2015 U.S. Department of Labor U.S. Department of Education U.S. Department of Health and Human Services.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
FERPA presented by: Traci Gulick Associate Registrar Michigan State University.

FERPA presented by: Traci Gulick Associate Registrar Michigan State University.
FERPA 2008 New regulations enact updates from over a decade of interpretations.

FERPA 2008 New regulations enact updates from over a decade of interpretations.
What is personally identifiable information (PII)? KDE Employee Training Data Security Video Series 1 of 3 October 2014.

What is personally identifiable information (PII)? KDE Employee Training Data Security Video Series 1 of 3 October 2014.
Data Privacy: Third Parties, Vendors, & Nonprofits Baron Rodriguez (PTAC), Michael Hawes (DoED), & Mike Tassey (PTAC)

Data Privacy: Third Parties, Vendors, & Nonprofits Baron Rodriguez (PTAC), Michael Hawes (DoED), & Mike Tassey (PTAC)
EEC’s Parental Consent Form Authorization to Collect and Use Child Data January 31, 2013 and February 1, 2013 1.

EEC’s Parental Consent Form Authorization to Collect and Use Child Data January 31, 2013 and February 1,

Similar presentations

Ads by Google