The Catholic University of America

 

Resources

Best Practices

Protecting Student Privacy While Using Online Educational Services: Requirements and Best Practices**
Issued by Privacy Technical Assistance Center Feb. 2014

Campus Safety
 

Emergencies on Campus: Department of Education guidance on FERPA, June 2011

FERPA and Campus Safety: June 19, 2009 NACUANOTES by Steve McDonald and Nancy Tribbensee Volume 7, No. 8

 

Outsourcing

Data Security Terms for a Contract with an Outside Party: Suggestions for meeting the Direct Control Standard in the Dec. 2008 FERPA regulations  

Outsourcing and Cloud Computing for Higher Education: By Tracy Mitrano, Updated January 11, 2010. Includes a section on Legal and Policy Contractual Considerations, as well as a chart at Appendix B by Steve McDonald on Legal and Quasi Legal Issues.

CLOUD CONTRACTING: OUTSOURCING E-MAIL@YOURUNIVERSITY.EDU, NACUANOTES, Dec. 16, 2009
This NACUANOTE covers some of the key legal issues involved in contracting with a commercial entity providing outsourced campus e-mail.


Disclosure

Nov. 22, 2013 FPCO Guidance Letter to U. Mass clarifying written agreement needed when disclosing education records to state longitudinal data system. See page 3 of letter for what should be in place prior to disclosure.

Data Breach Response Checklist (Privacy Technical Assistance Center-U.S. Dept. of Education)

Guidelines to Responding to Compulsory Legal Requests for Information: By Steven McDonald and Andrea Nixon
Includes information on responding to subpoenas, search warrants, court orders, National Security Letters, and Public Records Requests.

Reference Chart on Release of Student Records

Forms

Student Authorization to Release Records to Third Party 

Student Employee Confidentiality Agreement

FPCO Model Form For Disclosure to Parents of Dependent Students and Consent Form for Disclosure to Parents

FERPA Notification of Rights

 

Questions and Answers
 

Definition of Education Record

Disclosure to the Student pursuant to the Student's Request

Disclosure to a Third Party with the Student's Consent

Disclosure Without Consent to a Third Party

Legitimate Educational Interest

Directory Information

Pursuant to Judicial Order

Release to Parents Without a Student's Consent

Corrections to the Record

Digital Issues

 

Summary of Law
 

The Fundamentals of Fundamental FERPA (by Steven J. McDonald, General Counsel, RISD) on the Compliance Alliance web page

FERPA: A Legal Overview, by Congressional Research Service, May 1, 2013

CUA FERPA Awareness Training Modules

FPCO Online Library Page

FPCO Letters from 2002-2007
This page includes FPCO technical assistance letters from 2002-2007 that are relevant to IHEs.


Family Policy Compliance Office

CUA student Records Policy

FTC Fair Information Practice Principles: Delineates five core principles:of privacy protection: (1) Notice/Awareness; (2) Choice/Consent; (3) Access/Participation; (4) Integrity/Security; and (5) Enforcement/Redress.

Family Policy Compliance Office Guidance letter dated Oct. 7, 2005 to Tazewell County on electronic student database systems and FERPA. This letter has implications for many "standard" student record systems and how they are configured in terms of access.

Catholic University Ferpa Awareness Training

 

 

updated CCR 9/17/14