FERPA Services

Advisory services to establish a credible FERPA compliance program.

Know how to handle records and aware on responsibilities.

Identify clear policies about who has the right to access records.

Addressing FERPA mandates with the application of cybersecurity.

Comprehensive assessment to identify FERPA compliance gaps.

Development of tailored FERPA security procedures.

FERPA Fast Facts

Family Educational Rights and Privacy Act (FERPA) of 1974.
Applies to all school that receive funding from the Department of Education (DoE).
Protects privacy of students educational records and allows students to access their records.
FERPA obligates faculty/staff to follow certain rules about protecting student information.
Children’s educational records may not be released without parent’s written consent.
DoE is responsible for enforcing FERPA.

An Executive Summary

U.S. Federal Law (20 U.S.C. § 1232g; 34 CFR Part 99).
Grants parents the right to inspect and review student records until their children are 18.
Once children turns 18, or attend post-secondary institutions, these rights revert to the child.
Educational institutions needs to meet FERPA requirements when engaging in online or connected services.
School must inform parents and students to obtain appropriate consent.

Who May have Access to Student Education Records and PII?

DoE must have written permission from the parent, guardian or eligible student in order to disclose PII or information from a student's education record to non-DoE personnel.

Definitions

[rtbs name="ferpa"]

FERPA Penalties

Students may file complaints with the DoE.
The Family Policy Compliance Office (FPCO) is authorized by the DoE to investigate, process, and review complaints and violations under FERPA.
If a complaint is found to be valid, the institution may lose DoE funds, and dismiss employees who violate the Act.

FERPA Violation

Violation of FERPA that is submitted to FPCO within 180 days of the date of the alleged violation or of the date that the parent or eligible student knew or reasonably should have known of the alleged violation.
A parent or eligible student may file a written complaint with the DoE regarding an alleged violation under the Act.

Privacy Rights of Parents and Eligible Students under FERPA

Right to inspect and review education records.
Right to seek to amend education records.
Right to confidentiality of information in education records except as specified by statute.
Right to consent to disclosure of education records (with exceptions).
Right to file a complaint with the DoE.

FERPA Limitations

Under FERPA, school can release records without parent’s permission to certain types of parties, including:

School officials with a “legitimate educational interest” (for example, an academic advisor who needs to review what courses a student has completed in order to give advice).
School to which a student is transferring.
Organizations conducting certain studies for or on behalf of the school.
Accrediting organizations.
Appropriate officials in health and safety emergencies.
Juvenile justice system authorities.

Directory and Non-Directory Information

Directory Information (Public)	Non-Directory Information (Never Share)
Name	Social Security Number
Address	Student ID Number
Phone Numbers	Grades/Exam Scores
Email Address	Grade Point Average (GPA)
Date of Birth	Test Scores (SAT, GRE, etc.)
Program of Study	Class Schedule
Dates of Attendance	Race/Ethnicity
Degrees and Awards Received	Citizenship/Nationality
Class Level	Gender
Enrolment Status (Full/Part time)	Religious Affiliation
Appropriate Personal Aesthetic Statistical Data
Participation in Sports and Activities

In the News

Decoding CUI: A Highly Valued Data Type and CMMC, ISACA, Ali Pabrai, April 2022

Events

CMMC and CUI: Rocket Fuel, Pabrai Podcast

Thought Leadership

Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP), HITRUST Certified CSF Practitioner (CCSFP) is the chief executive of ecfirst, an Inc. 500 business. He is a highly regarded information security and regulatory compliance expert.