The Catholic University of America

Welcome to the FERPA section of our webpage. This front page will reflect our most current information on federal student records law affecting educational institutions.

Electronic Privacy Information Center et al  v. US Department of Education, *Case filed in US District Court for District of Columbia alleging violation of the Administrative Procedure Act in promulgation of FERPA regulations released Dec. 1, 2011. The amendments modified the definitions of the terms “authorized representative”, “directory information”, and “education program” as used in the statute and the litigation claims DOE exceeded its statutory authority in promulgating the regulations. See the EPIC press release on case. 

Final FERPA regulations released Dec. 1, 2011: This 253 page document includes a number of changes to FERPA.  See the shorter summary for Parents and Students and the Overview for SEAS and LEAS all on the FPCO web page. The regulations are effective Jan. 3, 2012. The introduction to the regulations notes as follows: "These amendments also reduce barriers that have inhibited the effective use of SLDS as envisioned in the America Competes Act and the ARRA." The regulations will be published in the Federal Register on Dec. 2, 2011.

 

Mobile Internet Device Security Guidelines: Published by the Higher Education Information Security Council (HEISC) Technologies, Operations, and Practices (TOP) working group. This is a living document and input is welcome. Includes sample college and university guidelines. 

Emergencies on Campus: Department of Education guidance on FERPA, June 2011

Comments on Proposed FERPA revisions:

May 23, 2011 letter by the American Council on Education

May 19th, 2011 letter by NAICU

May 23, 2011 letter by AACRAO

To see the entire set of comments, go to the Regulations.gov page and type in FERPA.

Notice of Proposed Rulemaking, FERPA regulations, 76 Fed. Reg. 19726, April 8, 2011.
These proposed rules make potentially broad changes to how FERPA has been interpreted in the past. The rules would allow use of education record data in statewide longitudinal data systems, from pre-kindergarten through the workforce. The pre-schooler/elementary/high school/college student/worker would be assigned a unique student identifier that would track enrollment, demographic, program participation and other information, including whether the student is enrolled in remedial coursework. These proposed regulations are an attempt to change the CFR to allow much wider access to a much broader scope of  researchers across various state agencies. The requirement that the state agency obtaining the data be under the direct control of the Educational Authority is eliminated under the proposed regulations. The impact of the regulations is much more upon public colleges and universities rather than private IHEs. The Department has issued a statement on the proposed  regulations, and upon the new Chief Privacy Officer.

CUA FERPA Awareness Training Modules

GAO Postsecondary Education: Many States Collect Graduates' Employment Information, but Clearer Guidance on Student Privacy Requirements is Needed September 2010 See letter at end of document for summary of future guidance to be issued on FERPA.

Outsourcing and Cloud Computing for Higher Education: By Tracy Mitrano, Updated January 11, 2010. Includes a section on Legal and Policy Contractual Considerations, as well as a chart at Appendix B by Steve McDonald on Legal and Quasi Legal Issues.