January 25, 2012 EDUCAUSE Webinar - PowerPoint PPT Presentation

“We’re From the Government and We’re Here to Help You”
1 / 28

  • Uploaded on
  • Presentation posted in: General

“We’re From the Government and We’re Here to Help You” Privacy Initiatives at the U.S. Department of Education. January 25, 2012 EDUCAUSE Webinar. Kathleen M. Styles, Chief Privacy Officer Michael B. Hawes, Statistical Privacy Advisor. Presentation Overview.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

January 25, 2012 EDUCAUSE Webinar

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

January 25 2012 educause webinar

“We’re From the Government and We’re Here to Help You”Privacy Initiatives at the U.S. Department of Education

January 25, 2012EDUCAUSE Webinar

Kathleen M. Styles, Chief Privacy Officer

Michael B. Hawes, Statistical Privacy Advisor

Presentation overview

Presentation Overview

  • Overview of changes to FERPA regulations

  • Privacy initiatives at ED

  • Priorities for 2012

  • Interactive polls throughout

Poll 1


We’re presuming most of you are in the postsecondary community. Which part of the postsecondary community do you work in specifically?

  • IT

  • Registrar/Administration/Admissions

  • Faculty

  • Other postsecondary role

  • Your assumption is wrong! I’m not part of the postsecondary community

Background student privacy

Background: Student Privacy

  • FERPA enacted 1974

  • Move to electronic records

  • State longitudinal databases

  • 2009 Fordham report

  • New risks and vulnerabilities

Breaches by educational institutions

Breaches by Educational Institutions

All varieties: hacking, loss of portable device, unintentional, insider breach, etc.

Source: Privacy Rights Clearinghouse

Our favorite ferpa quote

Our Favorite FERPA Quote

Received in an email:

“You know how sometimes FERPA can tie your brain in a knot trying to think through it all?” 

Poll 2

Poll #2

Question: Which answer best characterizes your prior experience with FERPA?

  • I’m a pro! I work with the statute and regs all the time

  • I work with FERPA, but find it confusing

  • I know what FERPA is, but don’t work with it often

  • FERPA? What’s FERPA?

Ferpa postsecondary ed

FERPA & Postsecondary Ed

  • FERPA Basics

  • Health and safety emergencies

  • Intersection with state and local laws

Early 2011 ed privacy initiatives begin

Early 2011 – ED Privacy Initiatives Begin

  • FERPA Notice of Proposed Rulemaking

  • Best Practices -- NCES Technical Briefs

  • Privacy Technical Assistance Center (PTAC)

  • Chief Privacy Officer

Late 2011 building on progress

Late 2011: Building on Progress

  • Regulatory changes

  • PTAC best practice documents

  • Privacy Advisory Committee

  • Soliciting input

Ferpa regulatory changes

FERPA Regulatory Changes

  • 274 Comments received

  • Final FERPA regulatory changes

    • December 2, 2011 Federal Register

    • Effective January 3, 2012

  • The new regulations serve to:

    • Strengthen enforcement

    • Help ensure student privacy

    • Improve program effectiveness

New definitions for audits and evaluations

New Definitions for Audits and Evaluations

  • Authorized Representative

    • Any entity or individual designated by a State or local educational authority or an agency headed by an official… to conduct—with respect to Federal- or State-supported education programs—any audit or evaluation, or any compliance or enforcement activity in connection with Federal legal requirements that relate to these programs (FERPA regulations, § 99.3).

  • Education Program

    • Any program principally engaged in the provision of education, including, but not limited to, early childhood education, elementary and secondary education, postsecondary education, special education, job training, career and technical education, and adult education, and any program that is administered by an educational agency or institution (FERPA regulations § 99.3).

Ferpa regulatory changes audit and evaluation

FERPA Regulatory Changes – Audit and Evaluation

  • Authorized Representative

  • Written Agreements

  • Reasonable Methods

  • “Guidance on Reasonable Methods and Written Agreements”

Ferpa regulatory changes studies exception

FERPA Regulatory Changes – Studies Exception

  • State educational authorities acting on behalf of their constituent schools

  • Requirement for written agreements

Poll directory information

POLL – Directory Information

  • Does your institution currently have a directory information policy?

    • Yes, we have a directory information policy

    • Sort-of. We have a policy, but it could use improvement

    • No, we don’t have a directory information policy

    • Directory information? What’s that?

Ferpa regulatory changes directory information

FERPA Regulatory Changes – Directory Information

  • ID badges

  • Limited directory information

Poll ferpa and directory information

POLL – FERPA and Directory Information

  • In light of the recent FERPA reg changes, do you think your institution will change its directory information policy?

    • Yes

    • Maybe

    • No

    • We don’t have a policy

Ferpa regulatory changes enforcement

FERPA Regulatory Changes - Enforcement

  • Enforcement against entities without students

  • 5 year ban

Priorities for 2012

Priorities for 2012

  • Guidance and Best Practices

  • Inter-Agency Collaboration

  • Publishing Data While Protecting PII



PTAC Initiatives

  • Move to CPO Office

  • Expansion to LEAs

  • Coordination with FPCO

  • Site visits and regional meetings

  • Helping organizations come into compliance

    Guidance Documents and Training Resources

    Case studies

Best practices and guidance resources

Best Practices and Guidance Resources

  • Guidance on Reasonable Methods and Written Agreements

  • Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records

  • Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records

  • Responding to IT Security Audits: Improving Data Security Practices

  • Data Security: Top Threats to Data Protection

  • Data Security Checklist

  • Data Governance and Stewardship

  • Data Governance Checklist

  • Data Security and Management Training: Best Practice Considerations

Inter agency collaboration

Inter-Agency Collaboration

  • Agriculture: Free and reduced price lunch data

  • Federal Trade Commission: Child ID theft

  • Health and Human Services: Early Childhood programs

  • Department of Justice: Patriot Act amendments to FERPA

Data release policy

Data Release Policy

  • Utility vs. privacy in data tables

  • Disclosure avoidance in an information-rich world

  • A need for more uniformity and rigor

  • Strong public interest

  • Data Release Working Group

Unsettled questions

Unsettled Questions

  • Cloud Computing

  • Video Recordings

  • Email

Privacy and transparency

Privacy AND Transparency

  • Culture of confidentiality

  • Maintaining transparency

Have questions

Have Questions?

  • Privacy Technical Assistance Center

    • Telephone:(855) 249-3072

    • Email:privacyTA@ed.gov

    • FAX:(855) 249-3073

    • Website: www.ed.gov/ptac

Family Policy Compliance Office

Telephone:(202) 260-3887

Email: FERPA@ed.gov

FAX:(202) 260-9001

  • Website:www.ed.gov/fpco

Contact information

Contact Information

Poll feedback

Poll - Feedback

Question: How helpful did you find today’s webinar?

  • Very helpful!

  • Somewhat helpful.

  • Not at all helpful.

  • Login