Protecting Student Privacy While Using Online Educational Services: Requirements and Best Practices**
Issued by Privacy Technical Assistance Center Feb. 2014
FERPA and Campus Safety: June 19, 2009 NACUANOTES by Steve McDonald and Nancy Tribbensee Volume 7, No. 8
Data Security Terms for a Contract with an Outside Party: Suggestions for meeting the Direct Control Standard in the Dec. 2008 FERPA regulations
Outsourcing and Cloud Computing for Higher Education: By Tracy Mitrano, Updated January 11, 2010. Includes a section on Legal and Policy Contractual Considerations, as well as a chart at Appendix B by Steve McDonald on Legal and Quasi Legal Issues.
CLOUD CONTRACTING: OUTSOURCING E-MAIL@YOURUNIVERSITY.EDU, NACUANOTES, Dec. 16, 2009
This NACUANOTE covers some of the key legal issues involved in contracting with a commercial entity providing outsourced campus e-mail.
Nov. 22, 2013 FPCO Guidance Letter to U. Mass clarifying written agreement needed when disclosing education records to state longitudinal data system. See page 3 of letter for what should be in place prior to disclosure.
Data Breach Response Checklist (Privacy Technical Assistance Center-U.S. Dept. of Education)
Guidelines to Responding to Compulsory Legal Requests for Information: By Steven McDonald and Andrea Nixon
Includes information on responding to subpoenas, search warrants, court orders, National Security Letters, and Public Records Requests.
Student Authorization to Release Records to Third Party
Student Employee Confidentiality Agreement
FPCO Model Form For Disclosure to Parents of Dependent Students and Consent Form for Disclosure to Parents
Questions and Answers
Summary of Law
The Fundamentals of Fundamental FERPA (by Steven J. McDonald, General Counsel, RISD) on the Compliance Alliance web page
FTC Fair Information Practice Principles: Delineates five core principles:of privacy protection: (1) Notice/Awareness; (2) Choice/Consent; (3) Access/Participation; (4) Integrity/Security; and (5) Enforcement/Redress.
Family Policy Compliance Office Guidance letter dated Oct. 7, 2005 to Tazewell County on electronic student database systems and FERPA. This letter has implications for many "standard" student record systems and how they are configured in terms of access.
updated CCR 9/17/14