By Audience: Postsecondary School Officials

The resources on this page are intended for staff and educators of Postsecondary Institutions.  Resources found here typically address FERPA’s requirements and how they apply to the various day-to-day operations of postsecondary institutions that may be different than the K-12 setting.  Guidance is also provided for the particular challenges encountered at the postsecondary level as it relates to the handling and protection of students’ Personally Identifiable Information.

Guidance and Best Practices

Data Security Checklist

This checklist is designed to assist stakeholder organizations with developing and maintaining a successful data security program by listing essential components that should be considered when building such a program, with focus on solutions and procedures relevant for supporting data security operations of educational agencies.

Letters

Letter to Senator Ron Wyden providing clarification on the applicability of the Family Educational Rights and Privacy Act (FERPA) to college and university students’ medical records.

Letter to Senator Ron Wyden providing clarification on the applicability of the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) to college and university students’ medical records, including therapy and treatment records, held by educational institutions.

Letters

Letter to Representative Suzanne Bonamici providing clarification on the applicability of the Family Educational Rights and Privacy Act (FERPA)to college and university students’ medical records

Letter to Representative Suzanne Bonamici providing clarification on the applicability of the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) to college and university students’ medical records, including therapy and treatment records, held by educational institutions. 

Guidance and Best Practices

Checklist: Data Governance

This checklist is designed to assist stakeholder organizations with establishing and maintaining a successful data governance program by summarizing the key data privacy and security components of such a program and listing specific best practice action items.