By Audience: Postsecondary School Officials

The resources on this page are intended for staff and educators of Postsecondary Institutions.  Resources found here typically address FERPA’s requirements and how they apply to the various day-to-day operations of postsecondary institutions that may be different than the K-12 setting.  Guidance is also provided for the particular challenges encountered at the postsecondary level as it relates to the handling and protection of students’ Personally Identifiable Information.

Guidance

Protecting Student Privacy While Using Online Educational Services: Model Terms of Service

The Privacy Technical Assistance Center, working with the Department of Education’s Family Policy Compliance office, has developed a checklist document that provides a framework for evaluating online educational tools' Terms of Service Agreements.  This document is intended to assist users in understanding how a given online service or app will collect, use and/or transmit user information so that they can then decide whether or not to sign up.

The document is divided into several sections:

Guidance

Issue Brief: Data Governance and Stewardship

This brief provides guidance on how to successfully manage complex data systems by establishing a comprehensive data governance approach. Data governance principles discussed in this paper apply to a large number of audiences and can be used to improve data management of systems spanning pre-school through postsecondary education and into the workforce.

Guidance

Guidance for Reasonable Methods and Written Agreements

This document provides guidance for schools, school districts, postsecondary institutions, and State educational authorities (such as State educational agencies) that may disclose personally identifiable information from education records. The document provides these entities with information about requirements and best practices for data disclosures under the studies exception and the audit or evaluation exception, as specified in the Family Educational Rights and Privacy Act.

written agreement agreements

Guidance

Letter to Virginia Attorney General Mark Herring Regarding Public Release of Executive Summary provided to University of Virginia Board of Visitors

Letter to the Commonwealth of Virginia’s Attorney General Mark Herring providing guidance and technical assistance regarding the applicability of FERPA to the potential public release of an executive summary of a report provided to the University of Virginia’s Board of Visitors.

Guidance

Data Security Checklist

This checklist is designed to assist stakeholder organizations with developing and maintaining a successful data security program by listing essential components that should be considered when building such a program, with focus on solutions and procedures relevant for supporting data security operations of educational agencies.

Guidance

Cloud Computing FAQ

This document is designed to assist educational agencies and institutions that are considering using cloud computing solutions for education data. It contains responses to frequently asked questions about meeting necessary data privacy and data security requirements, including compliance with the Family Educational Rights and Privacy Act, to ensure proper protection of education records.

Guidance

Identity Authentication Best Practices

This brief offers best practice recommendations for developing and implementing effective authentication processes to help ensure that only appropriate individuals and entities have access to education records. General suggestions provided in the brief are applicable to all modes of data access, be it in person, over the phone, by mail, or electronically.