Data Security: K-12 and Higher Education
The Department of Education is committed to helping the education community better safeguard the security of student data in schools at all levels. While the Family Educational Rights and Privacy Act of 1974 (FERPA) does not require educational institutions to adopt specific security controls, security threats can pose a significant risk for student privacy. Educational institutions should take appropriate steps to safeguard student records. Breaches of educational data are common and can lead to a violation of FERPA, as well as to a host of negative consequences for students such as identity theft, fraud, and extortion.
This page is a portal to guidance and best practice resources for the educational community to use to enhance the security of their information systems. While these resources are principally geared to K-12 agencies and institutions, the security principles are the same regardless of grade level. Post-secondary institutions should refer to the FSA Cyber Security page for additional requirements.
In the Enterprise
Data Security and Management Training: Best Practice Guidance
Identity Authentication Best Practices
Data Destruction Best Practices
Data Security Threats: Education Systems in the Crosshairs
Online Apps & the Cloud
Protecting Student Privacy While Using Online Educational Services
Protecting Student Privacy While Using Online Educational Services: Model Terms of Service
A Parents Guide to Understanding K12 Data Breaches
|Title IV Participating Institutions are subject to Gramm Leach Bliley Act (GLBA) data security requirements and, pursuant to the Participation Agreement, are required to report data breaches to FSA. Information specific to these requirements can be found on the FSA Cyber Security page.|
Cyber Advisory - New Type of Cyber Extortion / Threat Attack