Privacy Technical Assistance Center (PTAC) and Family Policy Compliance Office (FPCO): Moving Forward Under the New FERPA Regulations

Download Report

Transcript Privacy Technical Assistance Center (PTAC) and Family Policy Compliance Office (FPCO): Moving Forward Under the New FERPA Regulations 

PTAC and FPCO: Moving Forward
Under the New FERPA
Regulations
MIS 2012
February 15, 2012
Michael Hawes, Statistical Privacy Advisor
Baron Rodriguez, Director, PTAC
Allison Camara, PTAC
Pop Quiz
From 2009 to 2011, what is the percentage change of
organizations conducting an annual privacy review?




- 26 %
+ 26 %
- 13 %
+ 13 %
2
Pop Quiz
From 2009 to 2011, what is the percentage change of
organizations conducting an annual privacy review?




- 26 %
+ 26 %
- 13 %
+ 13 %
In 2009, 52% of companies invested in annual privacy
policy reviews. In 2011, only 39% conducted an annual
privacy review.
3
Presentation Overview
 Overview of ED privacy initiatives
 PTAC/FPCO coordination
 FERPA overview
 Understanding the new FERPA regulations
 Moving forward -- priorities for 2012
 Popular PTAC/FPCO resources
Early 2011 — ED Privacy
Initiatives Begin




FERPA Notice of Proposed Rulemaking
Guidance — NCES Technical Briefs
Privacy Technical Assistance Center (PTAC)
Chief Privacy Officer
5
Chief Privacy Officer:
Organizational Structure
6
Late 2011 — Building on Progress
 Regulation changes finalized
– 274 Comments received
– Final FERPA regulatory changes
• December 2, 2011 Federal Register
• Effective January 3, 2012
 PTAC guidance documents
 Privacy Advisory Committee
 Soliciting input
7
FPCO Mission and Resources
 Administers
– FERPA
– Protection of Pupil Rights Amendment (PPRA)
– Military recruiter provisions in the Elementary and
Secondary Education Act (ESEA)
 Investigates alleged violations of these laws
 Issues guidance documents
 Coordinates with PTAC
8
PTAC Mission and Resources





“One-stop” resource center
Regional Meetings and Lessons Learned Forums
Technical Assistance Site Visits
Help Desk
Web resources
–
–
–
–
–
Technical Briefs, Issue Briefs, and White Papers
Case studies
Checklists
Frequently Asked Questions
Monthly Webinars, Presentations, and Training Materials
9
PTAC Experts
 Baron Rodriguez – State Support Team
 Mike Tassey – Security Expertise
 WestStat – Statistical Expertise
 Margie Bates – Support/Legal
10
How is a request to PTAC
handled?
11
12
What is FERPA?
 Family Educational Rights and Privacy Act (FERPA)
enacted 1974
– Protects the privacy of students’ education records
– Affords parents and eligible students rights to
• inspect and review education records,
• seek to amend these records, and
• consent to the disclosure of personally identifiable
information (PII) from education records.
13
Disclosure of Education Records
under FERPA
 Requirement for written consent to disclose PII
 Parents and eligible students
 Exceptions to consent
– Studies
– Audit or evaluation
– Other (e.g., court order, health or safety emergency)
14
FERPA and Student Privacy —
Recent Developments




Move to electronic records
Student longitudinal databases
New risks and vulnerabilities
ED privacy initiatives
– Most recent FERPA amendment—January 3, 2012
15
Key FERPA Regulatory Changes
“You know how sometimes
FERPA can tie your brain in a
knot trying to think through
it all?”
[quote from an email to PTAC]
16
FERPA Regulatory Changes —
Definitions
 Authorized Representative
– Any entity or individual designated by a State or local educational
authority or an agency headed by an official… to conduct—with
respect to Federal- or State-supported education programs—any
audit or evaluation, or any compliance or enforcement activity in
connection with Federal legal requirements that relate to these
programs (FERPA regulations, §99.3).
 Education Program
– Any program principally engaged in the provision of education,
including, but not limited to, early childhood education, elementary
and secondary education, postsecondary education, special
education, job training, career and technical education, and adult
education, and any program that is administered by an educational
agency or institution (FERPA regulations §99.3).
17
FERPA Regulatory Changes —
Audit or Evaluation Exception




Authorized Representative
Written Agreements
Reasonable Methods
“Guidance on Reasonable Methods and Written
Agreements”
18
FERPA Regulatory Changes —
Studies Exception
OLD
NEW
INTERPRETATION
INTERPRETATION
Not clear that a
redisclosure by
State educational
FERPA-permitted
authorities acting
entity (e.g., SEA)
“on behalf of” their
would be “on behalf
constituent schools
of” an educational
agency
19
FERPA Regulatory Changes —
Directory Information
 Definition of directory information
 Conditions for disclosure
– Student ID cards and badges
– Limited directory information
20
A Couple of Case Studies
 Technical Assistance
 Enforcement
21
ED Priorities for 2012
 Guidance for SEAs and LEAs
– Assistance with privacy, confidentiality, and security
concerns
– Case Studies
 FPCO resources and initiatives
– Focus on legal interpretation of FERPA
– Modernizing FPCO
 PTAC resources and initiatives
– Focus on best practices
– Coordinating with FPCO
22
POP Quiz # 2
 In 2011, what percentage of organizations dedicate
resources to business continuity and/or disaster
recovery?
–
–
–
–
21%
52%
5%
14%
23
POP Quiz # 2
 In 2011, what percentage of organizations dedicate
resources to business continuity and/or disaster
recovery?
–
–
–
–
21%
52%
5%
14%
That’s down more than 10% from 2009!
24
2012 — PTAC Initiatives
 Expansion to LEAs
 Coordination with FPCO
 Helping organizations come into compliance
– Statistical and data security experts
– Site visits and regional meetings
– Best practices guidance documents and training
materials
– Compliance vs. transparency
25
Upcoming Events
 25th Annual MIS Conference Presentation
– February 16, 2012, Session VI, 10-11am (Nautilus 5):
Protection of Personally Identifiable Information
Through Disclosure Avoidance Techniques
 PTAC Webinar
– March 15th, 2012, 2:00 p.m. EST: Special Education:
The Intersection of FERPA and IDEA Confidentiality
Provisions
26
Available Resources
 Guidance on Reasonable Methods and Written Agreements
 Data Stewardship: Managing Personally Identifiable Information in
Electronic Student Education Records
 Basic Concepts and Definitions for Privacy and Confidentiality in Student
Education Records
 Responding to IT Security Audits: Improving Data Security Practices
 Data Security: Top Threats to Data Protection
 Data Security Checklist
 Data Governance and Stewardship
 Data Governance Checklist
 Data Security and Management Training: Best Practice Considerations
27
Contact Information
Family Policy
Compliance Office
Privacy Technical
Assistance Center
Michael Hawes,
Statistical Privacy
Advisor
TEL: (202) 260-3887
TEL: (855) 249-3072
TEL: (202) 453-7017
FAX: (202) 260-9001
FAX: (855) 249-3073
FAX: (202) 401-0920
Email:
[email protected]
Email:
[email protected]
Email:
[email protected]
Website:
www.ed.gov/fpco/
Website:
www.ed.gov/ptac/
28