Compliance Regulatory Overview: FERPA

Lesson 4 of 7

The Family Educational Rights and Privacy Act (FERPA) was enacted in August of 1974 to protect student education records and pertains to any school, either K-12 or higher education, public, or private, that receives funds under any program from the U.S. Department of Education.

Most public and private U.S. schools fall under FERPA and IT staff who work for these institutions must understand FERPA's provisions to ensure compliance.

To get a handle on FERPA requirements, here are 10 things you should know:

• FERPA covers private and public schools, colleges, and universities.
• Regulations were set before the information age and as a result must be carefully interpreted.
• Directory information, which can be shared without the consent of a student, must be used carefully.
• Records of a student's use of a school network require stringent protection.
• "Do not share" requests must be honored.
• Do not use "last four" recording of a student's social security number.
• Appropriate access rights must be maintained.
• Privacy rights of students and parents' need to fulfill financial responsibilities could conflict.
• The information age has changed the way you need to comply with FERPA regulations.
• Consult a lawyer for advice on compliance issues.

For details, download Ten things you should know about the Family Educational Rights and Privacy Act (FERPA).

Weekly tips in your inbox

For weekly information on a variety of subjects related to IT compliance, including regulations outlined by Sarbanes-Oxley, HIPAA, and e-mail, sign up for TechRepublic's free Compliance Issues newsletter.

Automatically sign up today!

What are the steps to compliance?

According to the University of North Texas, there are two basic strategies institutions should take: Notify current students annually in writing of their rights under FERPA, and grant access by students or parents, if applicable, to education records. For details, and the answers to other questions such as what are and are not considered educational records, see FERPA Training Q&A.

For a comprehensive list of FERPA resources, including free downloads, see page two.

FERPA resources

• Family Educational Rights and Privacy Act (FERPA)
  Get information from the U.S. Department of Education on the Family Educational Rights and Privacy Act, which protects the privacy of student education records.
• Download: Ten things you should know about the Family Educational Rights and Privacy Act (FERPA)
  IT professionals who work for U.S. educational institutions, public or private, should know and understand the ten FERPA considerations outlined in this document.
• FERPA Training (Q&A)
  This page from the University of North Texas contains answers to questions such as "What are and what aren't education records?" and "What are parental rights under FERPA?"
• The impact of FERPA
  Questions from readers of the Center for Health and Health Care in Schools' e-journal address the impact of FERPA and HIPAA on privacy protections for health information at school.
• Critical Issue: Addressing Confidentiality Concerns in School-Linked Integrated Service Efforts
  This resource page from the North Central Regional Educational Laboratory addresses how to handle the various ethical and legal issues relating to confidentiality that often arise when school staff and human service providers share information on clients.
• FERPA and Electronic Signatures
  In this article, Daren Bakst, President and General Counsel, Council on Law in Higher Education, analyzes FERPA regulations and addresses frequently asked questions and misconceptions regarding the use of electronic signatures as it relates to FERPA.
• ECURE 2002: Goldsmith Presentation Slides
  C.W. Goldsmith, Ph.D. offersslides that explore the interaction between FERPA and HIPAA.
• Learning About the Family Education Rights and Privacy Act (FERPA)
  This article on the Wrightslaw Web site defines what is meant by an "education record."
• FERPA Tutorial
  The tutorial from Clark College is intended to insure that anyone accessing student records understands the obligations under FERPA for proper use and protection of student records.
• Adding FERPA Restrictions Procedure
  This is an uncontrolled document to be used for training or reference purposes only.

White papers

• Understanding the Family Educational Rights and Privacy Act
  This white paper from the University of Nebraska-Lincoln offers an analysis of FERPA compliance and implementation.
• Information Security: a Perspective for Higher Education
  This white paper by NEC Unified Solutions discusses privacy regulations related to higher education.

Vendors

• DocFinity (Optical Image Technology)
• IBM (Rational Software Development Platform)
• Hewlett-Packard (OpenView Compliance Manager)
• Xerox (FERPA Compliance Services)

Course list

• Lesson 1: Sarbanes-Oxley
• Lesson 2: HIPAA
• Lesson 3: Gramm-Leach-Bliley
• Lesson 4: FERPA
• Lesson 5: U.S. Patriot Act
• Lesson 6: European legislation
• Lesson 7: What's next?

Sign up for the Compliance Regulatory Overview series

If you haven't subscribed to this series, automatically sign up today to receive the entire Compliance Regulatory Overview series in your inbox.

We want your feedback

Lesson 4 on the Family Educational Rights and Privacy Act (FERPA) was:

 Very helplful
 Somewhat helpful
 Not helpful