1 / 21

FERPA for Admissions/Registrar Staff Something Old, Something New, You Can Borrow, Don’t Be Blue

FERPA for Admissions/Registrar Staff Something Old, Something New, You Can Borrow, Don’t Be Blue. Kris Kaplan, Deputy General Counsel Minnesota State Colleges and Universities March 25, 2009. FERPA Regulations Amended December 2008. Full text and detailed analysis available at:

karim
Download Presentation

FERPA for Admissions/Registrar Staff Something Old, Something New, You Can Borrow, Don’t Be Blue

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. FERPA for Admissions/Registrar StaffSomething Old, Something New, You Can Borrow, Don’t Be Blue Kris Kaplan, Deputy General Counsel Minnesota State Colleges and Universities March 25, 2009

  2. FERPA Regulations AmendedDecember 2008 Full text and detailed analysis available at: • http://www.ed.gov/policy/gen/guid/fpco/hottopics/ht12-17-08.html Few substantive changes, but added flexibility (and corresponding recordkeeping) in some areas and emphasis on good security practices.

  3. Some Basic Principles • Privacy laws apply (only) to documents and information derived from documents. • Education records include information about students documented in any media, in any location, but only • “personally identifiable” to an individual student (i.e., not aggregate or summary information).

  4. FERPA – Recapping Some Basics • Most education records are private • Accessible to the student (with exceptions) within 10 days of request and • To others with the student’s written (signed, dated) consent • To others as permitted by law • Including school officials who have a legitimate educational interest (defined by school) • Parents of c/u students not automatically entitled to access.

  5. FERPA – Recapping Some Basics • Some Education Records are public – directory data • Each college/university defines but will never include SSN or certain personal “demographic” information like gender or race (though DOB may be included) • Under MGDPA, public data must be provided upon request, but • Credit card marketers cannot have undergraduate data • May charge for copies per law/policy

  6. NEW FERPA Clarification • Student electronic personal identifiers may be directory data if: • The number cannot be used alone to access private data (and is not part of the student’s SSN). School should consider whether convenience outweighs potential privacy concerns.

  7. Student Rights under FERPA • Access to own records (under MGDPA, includes copies and 10 day response); • May suppress directory data • NEW clarification: must continue to honor even after enrollment unless rescinded; • May seek amendment of inaccurate, incomplete records (clerical corrections); • May file complaint with Department of Education • Under MGDPA, may file similar administrative request for opinion and bring claim for damages All college/university students have the same rights to control access to their records regardless of age.

  8. Subpoenas and Other Legal Process Requests • Immediately forward any request for education records pertaining to legal matter – whether by letter or subpoena, court order or other - to appropriate campus administrator for consultation with OGC or AGO. • Legal assistance needed to determine validity; • Possible need to notify student in advance of subpoena compliance. Comply with search warrant immediately and notify OGC or AGO as soon as practicable.

  9. State Laws Also ApplyFor example . . . • Minnesota Government Data Practices Act • Data from applicants included as educational data – all may be treated as private despite definition of directory data – until matriculation. • Requires Data Privacy Notice (“Tennessen Warning”) when collecting private data from individual about him/herself. • Other state law restrictions on SSN use, posting, and security.

  10. FERPA - What’s New?Expanded Disclosures to Other Schools • Education records may be released to another school at any time so long as related to student’s concurrent or subsequent enrollment – not just at the time of transfer. • May include any record – including discipline, but • Suggest holding health-related records until after admission decision. • May return records to original provider • Generally useful to verify authenticity.

  11. To Implement • Ensure campus FERPA Policy includes statement that school discloses records to other schools without consent if related to enrollment; • Revise procedures to permit disclosures to other schools (or other originators) as needed for updates, corrections or verification of authenticity.

  12. FERPA - What’s New?Reasonable Methods of Protection Required • FERPA now specifies that schools use: • Reasonable Methods to limit school officials’ access to records in which they have a legitimate educational interest; • Reasonable methods to identify and authenticate who is receiving education records from school – NEVER SSN.

  13. To Implement • Use appropriate policies, technological and physical measures to control school officials’ access • Consider potential harm, likelihood of compromise • Establish appropriate methods to establish identify/authenticity of requests that do not use commonly available information like name, DOB, student ID number (especially if public) and never SSN (even indirectly). • How to handle phone requests?

  14. What is a Valid Authorization for Release? See,www.ogc.mnscu.edu • If written consent is required, look for these elements: • Name of student authorizing release (and other optional identifier; SSN not recommended); • Identity of who gets the information (could be category, but more specificity is better); • Description of records to be released and authorized use of the information; • Signature (may be copy or fax but not e-mail only); • Date; under MGDPA expires after one year – or earlier if purpose fulfilled.

  15. Third Parties as School Officials Outsourcing • Schools may use third parties to do work using education records that employees would ordinarily do (outsourcing), but the school remains responsible for its students’ records. • Use contract terms that require appropriate privacy and security; • Use only for authorized purposes; • No unauthorized re-disclosure. Seek legal assistance on contract terms.

  16. FERPA - What’s New?Revised Health and Safety Emergency Standards • School may release information from any education record to any appropriate party if it determines there is an articulable and significant threat to the health or safety of the student or any other person. Previous strict construction language removed.

  17. To Implement • Identify campus team to deal with h/s safety situations, using the articulable and significant threat standard. Campus community should know how to report situations. • NEW: If information from education records is disclosed under standard must record: • The threat; the records disclosed; and to whom disclosed. Keep with disclosed records pursuant to retention schedule.

  18. FERPA - What’s New?Organizations Conducting Studies Schools may provide education records to organizations conducting studies “for or on behalf of” the school; • Now clarified: studies do not need to be initiated by or endorsed by school but must be at least in part “for or on behalf of” the school and • NEW: written agreement required. School always responsible for its education records!

  19. Handling Requests for Records for a “Study” • Refer to appropriate campus administrator • Need to determine whether (really) mandated by law or “for or on behalf” of school; • May need review by IRB if “human subjects” study; Consider potential benefits vs. administrative burden; • Employees do not have automatic access b/c of status as employees • Seek legal assistance when drafting agreement.

  20. FERPA - What’s New?Clarified definition of Alumni Records • Alumni Records are not subject to FERPA and school may therefore determine classification, but some past confusion about definition. • Now clarified: only includes information about former student unrelated to activities as enrolled student, and no need to permit former students right to “suppress” directory data.

  21. Final Tips • Know your campus resources: • Data Practices Compliance Official • FERPA Policy • Copy charge policy • Public records request policy • Other requests – e.g., employers, prospective employers, other schools, law enforcement . . . • Use good security practices when creating, using storing private records; and • Appropriate disposal procedures.

More Related