280 likes | 302 Views
“We’re From the Government and We’re Here to Help You” Privacy Initiatives at the U.S. Department of Education. January 25, 2012 EDUCAUSE Webinar. Kathleen M. Styles, Chief Privacy Officer Michael B. Hawes, Statistical Privacy Advisor. Presentation Overview.
E N D
“We’re From the Government and We’re Here to Help You”Privacy Initiatives at the U.S. Department of Education January 25, 2012EDUCAUSE Webinar Kathleen M. Styles, Chief Privacy Officer Michael B. Hawes, Statistical Privacy Advisor
Presentation Overview • Overview of changes to FERPA regulations • Privacy initiatives at ED • Priorities for 2012 • Interactive polls throughout
POLL #1 We’re presuming most of you are in the postsecondary community. Which part of the postsecondary community do you work in specifically? • IT • Registrar/Administration/Admissions • Faculty • Other postsecondary role • Your assumption is wrong! I’m not part of the postsecondary community
Background: Student Privacy • FERPA enacted 1974 • Move to electronic records • State longitudinal databases • 2009 Fordham report • New risks and vulnerabilities
Breaches by Educational Institutions All varieties: hacking, loss of portable device, unintentional, insider breach, etc. Source: Privacy Rights Clearinghouse
Our Favorite FERPA Quote Received in an email: “You know how sometimes FERPA can tie your brain in a knot trying to think through it all?”
Poll #2 Question: Which answer best characterizes your prior experience with FERPA? • I’m a pro! I work with the statute and regs all the time • I work with FERPA, but find it confusing • I know what FERPA is, but don’t work with it often • FERPA? What’s FERPA?
FERPA & Postsecondary Ed • FERPA Basics • Health and safety emergencies • Intersection with state and local laws
Early 2011 – ED Privacy Initiatives Begin • FERPA Notice of Proposed Rulemaking • Best Practices -- NCES Technical Briefs • Privacy Technical Assistance Center (PTAC) • Chief Privacy Officer
Late 2011: Building on Progress • Regulatory changes • PTAC best practice documents • Privacy Advisory Committee • Soliciting input
FERPA Regulatory Changes • 274 Comments received • Final FERPA regulatory changes • December 2, 2011 Federal Register • Effective January 3, 2012 • The new regulations serve to: • Strengthen enforcement • Help ensure student privacy • Improve program effectiveness
New Definitions for Audits and Evaluations • Authorized Representative • Any entity or individual designated by a State or local educational authority or an agency headed by an official… to conduct—with respect to Federal- or State-supported education programs—any audit or evaluation, or any compliance or enforcement activity in connection with Federal legal requirements that relate to these programs (FERPA regulations, § 99.3). • Education Program • Any program principally engaged in the provision of education, including, but not limited to, early childhood education, elementary and secondary education, postsecondary education, special education, job training, career and technical education, and adult education, and any program that is administered by an educational agency or institution (FERPA regulations § 99.3).
FERPA Regulatory Changes – Audit and Evaluation • Authorized Representative • Written Agreements • Reasonable Methods • “Guidance on Reasonable Methods and Written Agreements”
FERPA Regulatory Changes – Studies Exception • State educational authorities acting on behalf of their constituent schools • Requirement for written agreements
POLL – Directory Information • Does your institution currently have a directory information policy? • Yes, we have a directory information policy • Sort-of. We have a policy, but it could use improvement • No, we don’t have a directory information policy • Directory information? What’s that?
FERPA Regulatory Changes – Directory Information • ID badges • Limited directory information
POLL – FERPA and Directory Information • In light of the recent FERPA reg changes, do you think your institution will change its directory information policy? • Yes • Maybe • No • We don’t have a policy
FERPA Regulatory Changes - Enforcement • Enforcement against entities without students • 5 year ban
Priorities for 2012 • Guidance and Best Practices • Inter-Agency Collaboration • Publishing Data While Protecting PII
Guidance! PTAC Initiatives • Move to CPO Office • Expansion to LEAs • Coordination with FPCO • Site visits and regional meetings • Helping organizations come into compliance Guidance Documents and Training Resources Case studies
Best Practices and Guidance Resources • Guidance on Reasonable Methods and Written Agreements • Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records • Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records • Responding to IT Security Audits: Improving Data Security Practices • Data Security: Top Threats to Data Protection • Data Security Checklist • Data Governance and Stewardship • Data Governance Checklist • Data Security and Management Training: Best Practice Considerations
Inter-Agency Collaboration • Agriculture: Free and reduced price lunch data • Federal Trade Commission: Child ID theft • Health and Human Services: Early Childhood programs • Department of Justice: Patriot Act amendments to FERPA
Data Release Policy • Utility vs. privacy in data tables • Disclosure avoidance in an information-rich world • A need for more uniformity and rigor • Strong public interest • Data Release Working Group
Unsettled Questions • Cloud Computing • Video Recordings • Email
Privacy AND Transparency • Culture of confidentiality • Maintaining transparency
Have Questions? • Privacy Technical Assistance Center • Telephone: (855) 249-3072 • Email: privacyTA@ed.gov • FAX: (855) 249-3073 • Website: www.ed.gov/ptac Family Policy Compliance Office Telephone: (202) 260-3887 Email: FERPA@ed.gov FAX: (202) 260-9001 • Website: www.ed.gov/fpco
Poll - Feedback Question: How helpful did you find today’s webinar? • Very helpful! • Somewhat helpful. • Not at all helpful.