The Department of Education is committed to helping the education community better safeguard the security of student data in schools at all levels. While FERPA does not require institutions to adopt specific security controls, it does require the use of “reasonable methods” to safeguard student records (34 CFR § 99.31). Despite this requirement, hundreds of educational data breaches happen every year. Not only does the disclosure of this information potentially violate FERPA, but disclosures can expose students to a host of negative consequences such as identity theft, fraud, and extortion.
This page is a portal to recent PTAC guidance and best practice resources for the educational community to use to enhance the security of their information systems. While these resources are principally geared to K-12 agencies and institutions, the security principles are the same regardless of grade level. Post-secondary institutions should refer to the FSA Cyber Security page for additional requirements.
In the Enterprise
Online Apps & the Cloud
|Title IV Participating Institutions are subject to Gramm Leach Bliley Act (GLBA) data security requirements and, pursuant to the Participation Agreement, are required to report data breaches to FSA. Information specific to these requirements can be found on the FSA Cyber Security page.|