This lesson is part four of a seven-part series on IT regulatory compliance. Part four deals with the Family Educational Rights and Privacy Act (FERPA): who it affects, what failure to comply could mean to your organization, and best practices for complying.
Lesson 4 of 7
The Family Educational Rights and Privacy Act (FERPA) was enacted in August of 1974 to protect student education records and pertains to any school, either K-12 or higher education, public, or private, that receives funds under any program from the U.S. Department of Education.
Most public and private U.S. schools fall under FERPA and IT staff who work for these institutions must understand FERPA's provisions to ensure compliance.
To get a handle on FERPA requirements, here are 10 things you should know:
- FERPA covers private and public schools, colleges, and universities.
- Regulations were set before the information age and as a result must be carefully interpreted.
- Directory information, which can be shared without the consent of a student, must be used carefully.
- Records of a student's use of a school network require stringent protection.
- "Do not share" requests must be honored.
- Do not use "last four" recording of a student's social security number.
- Appropriate access rights must be maintained.
- Privacy rights of students and parents' need to fulfill financial responsibilities could conflict.
- The information age has changed the way you need to comply with FERPA regulations.
- Consult a lawyer for advice on compliance issues.
For details, download Ten things you should know about the Family Educational Rights and Privacy Act (FERPA).
What are the steps to compliance?
According to the University of North Texas, there are two basic strategies institutions should take: Notify current students annually in writing of their rights under FERPA, and grant access by students or parents, if applicable, to education records. For details, and the answers to other questions such as what are and are not considered educational records, see FERPA Training Q&A.
For a comprehensive list of FERPA resources, including free downloads, see page two.
FERPA resources
- Family
Educational Rights and Privacy Act (FERPA)
Get information from the U.S. Department of Education on the Family Educational Rights and Privacy Act, which protects the privacy of student education records. - Download: Ten
things you should know about the Family Educational Rights and Privacy Act
(FERPA)
IT professionals who work for U.S. educational institutions, public or private, should know and understand the ten FERPA considerations outlined in this document. - FERPA Training (Q&A)
This page from the University of North Texas contains answers to questions such as "What are and what aren't education records?" and "What are parental rights under FERPA?" - The impact
of FERPA
Questions from readers of the Center for Health and Health Care in Schools' e-journal address the impact of FERPA and HIPAA on privacy protections for health information at school. - Critical
Issue: Addressing Confidentiality Concerns in School-Linked Integrated
Service Efforts
This resource page from the North Central Regional Educational Laboratory addresses how to handle the various ethical and legal issues relating to confidentiality that often arise when school staff and human service providers share information on clients. - FERPA
and Electronic Signatures
In this article, Daren Bakst, President and General Counsel, Council on Law in Higher Education, analyzes FERPA regulations and addresses frequently asked questions and misconceptions regarding the use of electronic signatures as it relates to FERPA. - ECURE 2002: Goldsmith
Presentation Slides
C.W. Goldsmith, Ph.D. offersslides that explore the interaction between FERPA and HIPAA. - Learning About the
Family Education Rights and Privacy Act (FERPA)
This article on the Wrightslaw Web site defines what is meant by an "education record." - FERPA
Tutorial
The tutorial from Clark College is intended to insure that anyone accessing student records understands the obligations under FERPA for proper use and protection of student records. - Adding
FERPA Restrictions Procedure
This is an uncontrolled document to be used for training or reference purposes only.
White papers
- Understanding
the Family Educational Rights and Privacy Act
This white paper from the University of Nebraska-Lincoln offers an analysis of FERPA compliance and implementation. - Information
Security: a Perspective for Higher Education
This white paper by NEC Unified Solutions discusses privacy regulations related to higher education.
Vendors
- DocFinity (Optical Image Technology)
- IBM (Rational Software Development Platform)
- Hewlett-Packard (OpenView Compliance Manager)
- Xerox (FERPA Compliance Services)
Course list
- Lesson 1: Sarbanes-Oxley
- Lesson 2: HIPAA
- Lesson 3: Gramm-Leach-Bliley
- Lesson 4: FERPA
- Lesson 5: U.S. Patriot Act
- Lesson 6: European legislation
- Lesson 7: What's next?
Sign up for the Compliance Regulatory Overview series
If you haven't subscribed to this series, automatically sign up today to receive the entire Compliance Regulatory Overview series in your inbox.
We want your feedback
Lesson 4 on the Family Educational Rights and Privacy Act (FERPA) was:


