By Audience: Postsecondary School Officials

The resources on this page are intended for staff and educators of Postsecondary Institutions.  Resources found here typically address FERPA’s requirements and how they apply to the various day-to-day operations of postsecondary institutions that may be different than the K-12 setting.  Guidance is also provided for the particular challenges encountered at the postsecondary level as it relates to the handling and protection of students’ Personally Identifiable Information.

Guidance and Best Practices

Protecting Student Privacy While Using Online Educational Services: Model Terms of Service

The Privacy Technical Assistance Center, working with the Department of Education’s Family Policy Compliance office, has developed a checklist document that provides a framework for evaluating online educational tools' Terms of Service Agreements.  This document is intended to assist users in understanding how a given online service or app will collect, use and/or transmit user information so that they can then decide whether or not to sign up.

The document is divided into several sections:

Guidance and Best Practices

Issue Brief: Data Governance and Stewardship

This brief provides guidance on how to successfully manage complex data systems by establishing a comprehensive data governance approach. Data governance principles discussed in this paper apply to a large number of audiences and can be used to improve data management of systems spanning pre-school through postsecondary education and into the workforce.

Guidance and Best Practices

Guidance for Reasonable Methods and Written Agreements

This document provides guidance for schools, school districts, postsecondary institutions, and State educational authorities (such as State educational agencies) that may disclose personally identifiable information from education records. The document provides these entities with information about requirements and best practices for data disclosures under the studies exception and the audit or evaluation exception, as specified in the Family Educational Rights and Privacy Act.

Letters

Letter to Virginia Attorney General Mark Herring Regarding Public Release of Executive Summary provided to University of Virginia Board of Visitors

Letter to the Commonwealth of Virginia’s Attorney General Mark Herring providing guidance and technical assistance regarding the applicability of FERPA to the potential public release of an executive summary of a report provided to the University of Virginia’s Board of Visitors.

Guidance and Best Practices

Checklist: Mapping Data Flows

This guidance document is intended to help educational agencies and institutions create visual “maps” of how their data flows in the data systems.  Including maps in data governance plans can help organizations better understand what data are in their systems, where the data reside, what sources they come from, why those data are collected, what limitations or restrictions apply, how they are linked, and what policy questions those data are used to answer.

Guidance and Best Practices

Identity Authentication Best Practices

This brief offers best practice recommendations for developing and implementing effective authentication processes to help ensure that only appropriate individuals and entities have access to education records. General suggestions provided in the brief are applicable to all modes of data access, be it in person, over the phone, by mail, or electronically.

Guidance and Best Practices

Cloud Computing FAQ

This document is designed to assist educational agencies and institutions that are considering using cloud computing solutions for education data. It contains responses to frequently asked questions about meeting necessary data privacy and data security requirements, including compliance with the Family Educational Rights and Privacy Act, to ensure proper protection of education records.