By Audience: Postsecondary School Officials

The resources on this page are intended for staff and educators of Postsecondary Institutions.  Resources found here typically address FERPA’s requirements and how they apply to the various day-to-day operations of postsecondary institutions that may be different than the K-12 setting.  Guidance is also provided for the particular challenges encountered at the postsecondary level as it relates to the handling and protection of students’ Personally Identifiable Information.

Guidance and Best Practices

Data Breach Scenario Trainings

The Data Breach Scenario Trainings are a series of packaged trainings developed by the Privacy Technical Assistance Center, designed to help educational organizations at all levels conduct internal staff development on data breaches. Each scenario has been developed into a training package, providing ready-to-use resources for the scenario leader(s) and participants.

Guidance and Best Practices

Joint Guidance on the Application of FERPA and HIPAA to Student Health Records

The U.S. Department of Education and the Office for Civil Rights at the U.S. Department of Health and Human Services released updated joint guidance addressing the application of the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to records maintained on students. 

Guidance and Best Practices

Best Practices for Data Destruction

The Data Destruction Document is a best practices guide on properly destroying sensitive student data after it is no longer needed.  It details the life cycle of data and discusses various legal requirements relating to the destruction of data under FERPA, and examines a variety of methods for properly destroying data.  The guide also discusses best practices for data destruction and provides some real-world examples of how to implement it within your organization.