Download - January 25, 2012 EDUCAUSE Webinar
““We’re From the Government and We’re Here to Help We’re From the Government and We’re Here to Help You”You”
Privacy Initiatives at the Privacy Initiatives at the U.S. Department of EducationU.S. Department of Education
January 25, 2012EDUCAUSE Webinar
Kathleen M. Styles, Chief Privacy OfficerMichael B. Hawes, Statistical Privacy Advisor
Presentation OverviewPresentation Overview
Overview of changes to FERPA regulations Privacy initiatives at ED Priorities for 2012 Interactive polls throughout
2
POLL #1POLL #1
We’re presuming most of you are in the postsecondary community. Which part of the postsecondary community do you work in specifically?
A. ITB. Registrar/Administration/AdmissionsC. FacultyD. Other postsecondary roleE. Your assumption is wrong! I’m not part of the
postsecondary community
3
Background: Student PrivacyBackground: Student Privacy
FERPA enacted 1974 Move to electronic records State longitudinal databases 2009 Fordham report New risks and vulnerabilities
4
Breaches by Educational Breaches by Educational InstitutionsInstitutions
All varieties: hacking, loss of portable device, unintentional, insider breach, etc.
YearNumber of Breaches
Number of Records
2005 64 1,886,8412006 103 2,019,1192007 107 791,9382008 103 1,107,0012009 71 1,062,2752010 73 1,575,698
2011 57 394,008
Source: Privacy Rights Clearinghouse5
6
Received in an email:
“You know how sometimes FERPA can tie your brain in a knot trying to
think through it all?”
Our Favorite FERPA QuoteOur Favorite FERPA Quote
Poll #2Poll #2
Question: Which answer best characterizes your prior experience with FERPA?
A. I’m a pro! I work with the statute and regs all the timeB. I work with FERPA, but find it confusingC. I know what FERPA is, but don’t work with it oftenD. FERPA? What’s FERPA?
7
FERPA & Postsecondary EdFERPA & Postsecondary Ed
FERPA Basics Health and safety emergencies Intersection with state and local laws
8
Early 2011 – ED Privacy Early 2011 – ED Privacy Initiatives BeginInitiatives Begin
• FERPA Notice of Proposed Rulemaking• Best Practices -- NCES Technical Briefs• Privacy Technical Assistance Center (PTAC)• Chief Privacy Officer
9
Late 2011: Building on ProgressLate 2011: Building on Progress
• Regulatory changes• PTAC best practice documents• Privacy Advisory Committee• Soliciting input
10
FERPA Regulatory Changes FERPA Regulatory Changes
274 Comments received Final FERPA regulatory changes
– December 2, 2011 Federal Register– Effective January 3, 2012
The new regulations serve to:– Strengthen enforcement– Help ensure student privacy– Improve program effectiveness
11
New Definitions for Audits and New Definitions for Audits and EvaluationsEvaluations
Authorized Representative– Any entity or individual designated by a State or local educational authority
or an agency headed by an official… to conduct—with respect to Federal- or State-supported education programs—any audit or evaluation, or any compliance or enforcement activity in connection with Federal legal requirements that relate to these programs (FERPA regulations, § 99.3).
Education Program– Any program principally engaged in the provision of education, including, but
not limited to, early childhood education, elementary and secondary education, postsecondary education, special education, job training, career and technical education, and adult education, and any program that is administered by an educational agency or institution (FERPA regulations § 99.3).
12
FERPA Regulatory Changes – FERPA Regulatory Changes – Audit and EvaluationAudit and Evaluation
Authorized Representative Written Agreements Reasonable Methods “Guidance on Reasonable Methods and Written
Agreements”
13
FERPA Regulatory Changes – FERPA Regulatory Changes – Studies ExceptionStudies Exception
State educational authorities acting on behalf of their constituent schools
Requirement for written agreements
14
POLL – Directory InformationPOLL – Directory Information
Does your institution currently have a directory information policy?A. Yes, we have a directory information policyB. Sort-of. We have a policy, but it could use improvementC. No, we don’t have a directory information policyD. Directory information? What’s that?
15
FERPA Regulatory Changes – FERPA Regulatory Changes – Directory InformationDirectory Information
ID badges Limited directory information
16
POLL – FERPA and Directory POLL – FERPA and Directory InformationInformation
In light of the recent FERPA reg changes, do you think your institution will change its directory information policy?A. YesB. MaybeC. NoD. We don’t have a policy
17
FERPA Regulatory Changes - FERPA Regulatory Changes - EnforcementEnforcement
Enforcement against entities without students 5 year ban
18
Priorities for 2012Priorities for 2012
Guidance and Best Practices Inter-Agency Collaboration Publishing Data While Protecting PII
19
Guidance!Guidance!
PTAC Initiatives– Move to CPO Office– Expansion to LEAs– Coordination with FPCO– Site visits and regional meetings– Helping organizations come into compliance
Guidance Documents and Training ResourcesCase studies
20
Best Practices and Guidance Best Practices and Guidance ResourcesResources
Guidance on Reasonable Methods and Written Agreements Data Stewardship: Managing Personally Identifiable Information in Electr
onic Student Education Records Basic Concepts and Definitions for Privacy and Confidentiality in Student
Education Records Responding to IT Security Audits: Improving Data Security Practices Data Security: Top Threats to Data Protection Data Security Checklist Data Governance and Stewardship Data Governance Checklist Data Security and Management Training: Best Practice Considerations
21
Inter-Agency CollaborationInter-Agency Collaboration
Agriculture: Free and reduced price lunch data Federal Trade Commission: Child ID theft Health and Human Services: Early Childhood
programs Department of Justice: Patriot Act amendments to
FERPA
22
Data Release PolicyData Release Policy
Utility vs. privacy in data tables Disclosure avoidance in an information-rich world A need for more uniformity and rigor Strong public interest Data Release Working Group
23
Unsettled QuestionsUnsettled Questions
Cloud Computing Video Recordings Email
24
Privacy AND TransparencyPrivacy AND Transparency
Culture of confidentiality Maintaining transparency
25
Have Questions?Have Questions?
26
Family Policy Compliance Office
Telephone: (202) 260-3887
Email: [email protected]
FAX: (202) 260-9001
Website: www.ed.gov/fpco
Privacy Technical Assistance Center
Telephone: (855) 249-3072
Email: [email protected]
FAX: (855) 249-3073
Website: www.ed.gov/ptac
Contact InformationContact Information
27
Poll - FeedbackPoll - Feedback
Question: How helpful did you find today’s webinar?
A. Very helpful! B. Somewhat helpful. C. Not at all helpful.
28