By Audience: Postsecondary School Officials

The resources on this page are intended for staff and educators of Postsecondary Institutions.  Resources found here typically address FERPA’s requirements and how they apply to the various day-to-day operations of postsecondary institutions that may be different than the K-12 setting.  Guidance is also provided for the particular challenges encountered at the postsecondary level as it relates to the handling and protection of students’ Personally Identifiable Information.

Letters

Letter to Virginia Attorney General Mark Herring Regarding Public Release of Executive Summary provided to University of Virginia Board of Visitors

Letter to the Commonwealth of Virginia’s Attorney General Mark Herring providing guidance and technical assistance regarding the applicability of FERPA to the potential public release of an executive summary of a report provided to the University of Virginia’s Board of Visitors.

Guidance and Best Practices

Checklist: Mapping Data Flows

This guidance document is intended to help educational agencies and institutions create visual “maps” of how their data flows in the data systems.  Including maps in data governance plans can help organizations better understand what data are in their systems, where the data reside, what sources they come from, why those data are collected, what limitations or restrictions apply, how they are linked, and what policy questions those data are used to answer.

Guidance and Best Practices

Identity Authentication Best Practices

This brief offers best practice recommendations for developing and implementing effective authentication processes to help ensure that only appropriate individuals and entities have access to education records. General suggestions provided in the brief are applicable to all modes of data access, be it in person, over the phone, by mail, or electronically.

Guidance and Best Practices

Cloud Computing FAQ

This document is designed to assist educational agencies and institutions that are considering using cloud computing solutions for education data. It contains responses to frequently asked questions about meeting necessary data privacy and data security requirements, including compliance with the Family Educational Rights and Privacy Act, to ensure proper protection of education records.

Letters

Letter to Senator Ron Wyden providing clarification on the applicability of the Family Educational Rights and Privacy Act (FERPA) to college and university students’ medical records.

Letter to Senator Ron Wyden providing clarification on the applicability of the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) to college and university students’ medical records, including therapy and treatment records, held by educational institutions.

Letters

Letter to Representative Suzanne Bonamici providing clarification on the applicability of the Family Educational Rights and Privacy Act (FERPA)to college and university students’ medical records

Letter to Representative Suzanne Bonamici providing clarification on the applicability of the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) to college and university students’ medical records, including therapy and treatment records, held by educational institutions. 

Guidance and Best Practices

Checklist: Data Governance

This checklist is designed to assist stakeholder organizations with establishing and maintaining a successful data governance program by summarizing the key data privacy and security components of such a program and listing specific best practice action items.