Privacy Technical Assistance Center (PTAC) and Family Policy Compliance Office (FPCO): Moving Forward Under the New FERPA Regulations
Download
Report
Transcript Privacy Technical Assistance Center (PTAC) and Family Policy Compliance Office (FPCO): Moving Forward Under the New FERPA Regulations
PTAC and FPCO: Moving Forward
Under the New FERPA
Regulations
MIS 2012
February 15, 2012
Michael Hawes, Statistical Privacy Advisor
Baron Rodriguez, Director, PTAC
Allison Camara, PTAC
Pop Quiz
From 2009 to 2011, what is the percentage change of
organizations conducting an annual privacy review?
- 26 %
+ 26 %
- 13 %
+ 13 %
2
Pop Quiz
From 2009 to 2011, what is the percentage change of
organizations conducting an annual privacy review?
- 26 %
+ 26 %
- 13 %
+ 13 %
In 2009, 52% of companies invested in annual privacy
policy reviews. In 2011, only 39% conducted an annual
privacy review.
3
Presentation Overview
Overview of ED privacy initiatives
PTAC/FPCO coordination
FERPA overview
Understanding the new FERPA regulations
Moving forward -- priorities for 2012
Popular PTAC/FPCO resources
Early 2011 — ED Privacy
Initiatives Begin
FERPA Notice of Proposed Rulemaking
Guidance — NCES Technical Briefs
Privacy Technical Assistance Center (PTAC)
Chief Privacy Officer
5
Chief Privacy Officer:
Organizational Structure
6
Late 2011 — Building on Progress
Regulation changes finalized
– 274 Comments received
– Final FERPA regulatory changes
• December 2, 2011 Federal Register
• Effective January 3, 2012
PTAC guidance documents
Privacy Advisory Committee
Soliciting input
7
FPCO Mission and Resources
Administers
– FERPA
– Protection of Pupil Rights Amendment (PPRA)
– Military recruiter provisions in the Elementary and
Secondary Education Act (ESEA)
Investigates alleged violations of these laws
Issues guidance documents
Coordinates with PTAC
8
PTAC Mission and Resources
“One-stop” resource center
Regional Meetings and Lessons Learned Forums
Technical Assistance Site Visits
Help Desk
Web resources
–
–
–
–
–
Technical Briefs, Issue Briefs, and White Papers
Case studies
Checklists
Frequently Asked Questions
Monthly Webinars, Presentations, and Training Materials
9
PTAC Experts
Baron Rodriguez – State Support Team
Mike Tassey – Security Expertise
WestStat – Statistical Expertise
Margie Bates – Support/Legal
10
How is a request to PTAC
handled?
11
12
What is FERPA?
Family Educational Rights and Privacy Act (FERPA)
enacted 1974
– Protects the privacy of students’ education records
– Affords parents and eligible students rights to
• inspect and review education records,
• seek to amend these records, and
• consent to the disclosure of personally identifiable
information (PII) from education records.
13
Disclosure of Education Records
under FERPA
Requirement for written consent to disclose PII
Parents and eligible students
Exceptions to consent
– Studies
– Audit or evaluation
– Other (e.g., court order, health or safety emergency)
14
FERPA and Student Privacy —
Recent Developments
Move to electronic records
Student longitudinal databases
New risks and vulnerabilities
ED privacy initiatives
– Most recent FERPA amendment—January 3, 2012
15
Key FERPA Regulatory Changes
“You know how sometimes
FERPA can tie your brain in a
knot trying to think through
it all?”
[quote from an email to PTAC]
16
FERPA Regulatory Changes —
Definitions
Authorized Representative
– Any entity or individual designated by a State or local educational
authority or an agency headed by an official… to conduct—with
respect to Federal- or State-supported education programs—any
audit or evaluation, or any compliance or enforcement activity in
connection with Federal legal requirements that relate to these
programs (FERPA regulations, §99.3).
Education Program
– Any program principally engaged in the provision of education,
including, but not limited to, early childhood education, elementary
and secondary education, postsecondary education, special
education, job training, career and technical education, and adult
education, and any program that is administered by an educational
agency or institution (FERPA regulations §99.3).
17
FERPA Regulatory Changes —
Audit or Evaluation Exception
Authorized Representative
Written Agreements
Reasonable Methods
“Guidance on Reasonable Methods and Written
Agreements”
18
FERPA Regulatory Changes —
Studies Exception
OLD
NEW
INTERPRETATION
INTERPRETATION
Not clear that a
redisclosure by
State educational
FERPA-permitted
authorities acting
entity (e.g., SEA)
“on behalf of” their
would be “on behalf
constituent schools
of” an educational
agency
19
FERPA Regulatory Changes —
Directory Information
Definition of directory information
Conditions for disclosure
– Student ID cards and badges
– Limited directory information
20
A Couple of Case Studies
Technical Assistance
Enforcement
21
ED Priorities for 2012
Guidance for SEAs and LEAs
– Assistance with privacy, confidentiality, and security
concerns
– Case Studies
FPCO resources and initiatives
– Focus on legal interpretation of FERPA
– Modernizing FPCO
PTAC resources and initiatives
– Focus on best practices
– Coordinating with FPCO
22
POP Quiz # 2
In 2011, what percentage of organizations dedicate
resources to business continuity and/or disaster
recovery?
–
–
–
–
21%
52%
5%
14%
23
POP Quiz # 2
In 2011, what percentage of organizations dedicate
resources to business continuity and/or disaster
recovery?
–
–
–
–
21%
52%
5%
14%
That’s down more than 10% from 2009!
24
2012 — PTAC Initiatives
Expansion to LEAs
Coordination with FPCO
Helping organizations come into compliance
– Statistical and data security experts
– Site visits and regional meetings
– Best practices guidance documents and training
materials
– Compliance vs. transparency
25
Upcoming Events
25th Annual MIS Conference Presentation
– February 16, 2012, Session VI, 10-11am (Nautilus 5):
Protection of Personally Identifiable Information
Through Disclosure Avoidance Techniques
PTAC Webinar
– March 15th, 2012, 2:00 p.m. EST: Special Education:
The Intersection of FERPA and IDEA Confidentiality
Provisions
26
Available Resources
Guidance on Reasonable Methods and Written Agreements
Data Stewardship: Managing Personally Identifiable Information in
Electronic Student Education Records
Basic Concepts and Definitions for Privacy and Confidentiality in Student
Education Records
Responding to IT Security Audits: Improving Data Security Practices
Data Security: Top Threats to Data Protection
Data Security Checklist
Data Governance and Stewardship
Data Governance Checklist
Data Security and Management Training: Best Practice Considerations
27
Contact Information
Family Policy
Compliance Office
Privacy Technical
Assistance Center
Michael Hawes,
Statistical Privacy
Advisor
TEL: (202) 260-3887
TEL: (855) 249-3072
TEL: (202) 453-7017
FAX: (202) 260-9001
FAX: (855) 249-3073
FAX: (202) 401-0920
Email:
[email protected]
Email:
[email protected]
Email:
[email protected]
Website:
www.ed.gov/fpco/
Website:
www.ed.gov/ptac/
28