The Privacy Technical Assistance Center (PTAC) is available to provide on-site technical assistance and or presentations on privacy-related topics, including FERPA, at conferences or regional meetings. PTAC staff will work with you to customize an agenda to meet the unique needs of your organization. The table below lists our service offerings. If you would like to request a visit, please reach out to firstname.lastname@example.org. PTAC operates under contract with the United States Department of Education; all visits and presentations are provided free of charge.
FERPA 101 Training (webinar / on-site)
Review and discussion of real-life scenarios on FERPA and its applicability to your institution. Participants have an opportunity for interactive Questions and Answers.
- Improved understanding of FERPA and the context for the law.
- Reduced misconceptions / misunderstandings about FERPA.
Data Sharing Under FERPA for State Longitudinal Data Systems (webinar / on-site)
Overview of the 2012 FERPA regulation changes as they relate to sharing of FERPA-protected data. Review of the data sharing best practices and requirements for complying with FERPA.
- Enhanced clarity about what data can and cannot be shared under FERPA.
- Improved knowledge of resources available to help ensure compliance with the new FERPA regulations.
Data Security Best Practices / Training (on-site / on-line)
Training on current data security best practices for education data systems, including user privacy and security awareness, privacy and security program development / implementation, threat modeling, and attacker methodology.
- Increased awareness of privacy and data security threats.
- Reduced risk of security incidents.
- Improved ability to respond to incidents.
Data Security: Policy / Architecture Review (on-site / on-line)
PTAC experts provide feedback on your organization’s information security program policy and governance, and provide technical evaluation of your existing security architecture to ensure that your security controls are working to their greatest effect. Recommendations help implement technology securely and deliver the peace of mind of having a third-party review.
- More cohesive vision for organizational security.
- Clearer definitions of security roles, responsibilities, and metrics.
- Improved integrated information security picture, including better understanding of the organization’s security posture.
- Enhanced security of the information systems and data.
- Third-party validation of security controls.
Data Sharing Agreement Assistance (on-site / on-line)
Training on current best practices for drafting data sharing agreements. Review of and informal feedback on your proposed data sharing agreement.
- Third-party informal review of current or conceptual data sharing agreements with regard to their compliance with FERPA, including best practice suggestions.
Disclosure Avoidance Training / Assistance (on-site / on-line)
Overview of best practices and staff training in the area of disclosure avoidance methodology and public reporting.
- Improved understanding of disclosure avoidance techniques and public reporting best practices applicable to your institution.
Working with Online Service Providers and Apps(webinar /on-site/on-line)
A review of best practices and training for staff when working with online educational service providers.
- Review of legal privacy requirements.
- Examination of school or district practices and potential problems.
- Technical assistance on incorporating best practices.
Transparency Best Practices(on-site / on-line)
PTAC experts will conduct trainings and review best practices on communicating with parents about school and district data collection policies and practices. Specific attention will be paid to what information is collected, how it’s safeguarded and used, and why.
- Identify current communications policies and practices regarding student data, including data inventories.
- Revise, if appropriate, the policies for information sharing.
- Identify parent-friendly communication strategies.
Data Destruction Best Practices
A focus on the organization’s data management program with a review of the legal requirements and best practices for data retention and destruction.
- Review of the organization’s current data destruction practices.
- Understanding of the legal and technical requirements around various forms of data destruction.
- Develop a coherent and sound data destruction plan.
Mapping Data Flows
PTAC experts lead multi-departmental groups through the process to develop a visual map of internal data flow and the necessary agreements.
- Enhanced data governance plans with visual “maps” of data flows.
- Understanding of what data are in your systems, where the data reside, what sources the data come from, why the data are collected, what limitations or restrictions apply, how they are linked, and what policy questions the data are used to answer.
- Third-party review of data sharing MOUs.
Data Breach Response Training
An interactive role-based simulation of a K-12 district-level data breach, focusing on the processes, procedures, and skills needed to respond. This can be customized to other levels / organizations.
- Review of the current plan for data breach response.
- Revised response plan, incorporating lessons learned and best practices.
PTAC experts meet in informal settings with state and regional school district and technology leadership to discuss K-12 privacy and data security concerns, and offer individual counseling regarding the privacy and security challenges districts are facing.
- Informal, customized technical assistance based on individual state/district needs.
- Direct contact between state/district leadership and PTAC TA staff and subject matter experts.