Welcome to the FERPA section of our webpage. This front page will reflect our most current information on federal student records law affecting educational institutions.
Protecting Student Privacy While Using Online Educational Services: Model Terms of Service**
Issued by Privacy Technical Assistance Center Feb. 2015
Data Breach Response Training Kit, Issued by Privacy Technical Assistance Center
Nov. 22, 2013 FPCO Guidance Letter to U. Mass clarifying written agreement needed when disclosing education records to state longitudinal data system. See page 3 of letter for what should be in place prior to disclosure.
Electronic Privacy Information Center (EPIC) v. US Department of Education, Civil Action No. 12-0327 Sept. 9, 2013, U.S. Dis.Ct, D.C.
Plaintiffs challenged the Dec. 2, 2011 Amendments to FERPA. (76 Fed. Reg. 75604) which added the category of student identification numbesr to directory information, as long as the numbers could not be used to access any personally identifiable student information. Plaintiffs also challenged the definitions of "authorized representatives" and "educational programs". They argued that by designating non-governmental actors as “authorized representatives” of state educational institutions, the Department performed an“unauthorized, unlawful subdelegation of its own authority, and that by expanding the definition of educational programs, the DOE exposed troves of sensitive non academic data. The court found EPIC and the four individual plaintiffs (board members of EPIC) not to have standing to bring the challenge.
Notice of an altered system of records, 78 Fed. Reg. 38963, June 28, 2013.
The Chief Operating Officer for Federal Student Aid (FSA) of the Department of Education (Department) published this notice proposing to revise the system of records entitled ``National Student Loan Data System (NSLDS)". Not technically an amendment to FERPA, but related to privacy issues and student record ID debate. For summary of issues, see ACE July 29, 2013 Comments on the NSLDS proposed revisions. Also note the notice issued in June is contrary to the decision in the Association of Private Sector Colleges and Universities v. Duncan, which noted that 20 USC 1015c prohibits the Department from collecting information for its National Student Loan Data System on students who do not receive and have not applied for either federal grants or federal loans.
Frequently Asked Questions-Cloud Computing: Eight page guidance from the Privacy Technical Assistance Center of the U.S. Department of Education. (August 2012) Supplementing the guidance is the Data Sharing Agreement Checklist and Identity Authentication Best Practices, also issued by the PTAC.