The Family Educational Rights and Privacy Act – simply known as FERPA to many – is a federal law passed in 1974 for the purposes of protecting private student information. In accordance with FERPA guidelines, students have a number of privacy rights, such as the following:
- The right to control disclosure of their educational records, along with the right to inspect and review their educational records.
- The right to request amendment and correction of their educational records, if they are inaccurate or misleading. (Note: Student has a right to a formal hearing if necessary).
- The right to file a complaint regarding a FERPA violation.
The Family Educational Rights and Privacy Act | FERPA | Rights of Students
It’s important to note that parents retain such privacy rights for their children, until they turn eighteen (18) or attend a school of high education (i.e., above primary level), in which such rights are transferred to the students themselves. While schools must have consent from parents or eligible students for disclosing educational records, there are exceptions, such as the following (according to the United States Department of Education at http://www.ed.gov:
- School officials having a legitimate educational interest for such records.
- Other institutions for which such student is transferring to.
- Officials who need such records for audit or evaluation purposes.
- Various parties affiliated with financial aid matters.
- Various entities undertaking specific studies for an institution.
- Accrediting bodies.
- Orders of a court.
- Various officials in cases of health and safety emergencies.
- Local, state, and federal authorities.
The Importance of Security Policies for FERPA Compliance | Learn More
It’s also important to note that amended changes since the inception of FERPA in 1974 had discussed the need for information security, particularly the safeguarding of personally identifiable information. Specifically, in 2008, the Department of Education stated that it “encourages the holders of personally identifiable information to consider actions that mitigate the risk and are reasonably calculated to protect such information”. Furthermore, the FERPA Final Rule of December 9, 2008 (the publication), provides references to NIST SP documents as helpful resources for implementing information security controls.
Learn more about our signature product, the Global Information Security Compliance Packet (GISCP), the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.
Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.
Furthermore, the publication states if a theft of systems, hacking – anything relating to unauthorized disclosure of PII – then additional measures are to be considered, such as performing a risk assessment, among other things. Fast forward to recent FERPA changes that went into effect on January 3, 2012, and can see how information security again plays an important role, especially regarding the strengthening of FERPA enforcement provisions, which essentially hold all parties more accountable for the misuse and abuse of PII, particularly that of confidential student information, which has been broadened to include the reference to “directory” information.
Industry Leading Security Policies | Download Today for FERPA
What does it all mean – that it’s time for educational institutions and other relevant third parties to get serious about ensuring the safety and security of highly privileged and sensitive information. The very best place to start is by adopting comprehensive operational, business specific, and information security policies and procedures, such as those included within the Global Information Security Compliance Packet (GISCP) offered by Flat Iron Technologies, LLC. Containing literally hundreds of high-quality policies, procedures, forms, checklists, and templates – and more – the GISCP packet from Flat Iron Technologies, LLC should be your only choice for high-quality security documentation.