FERPA Overview - PowerPoint PPT Presentation

About This Presentation
Title:

FERPA Overview

Description:

FERPA Overview & Updates A Private Conversation An overview of the Family Educational Rights and Privacy Act and why it is the right thing to do. – PowerPoint PPT presentation

Number of Views:215
Avg rating:3.0/5.0
Slides: 51
Provided by: caccraoOrg
Learn more at: http://www.caccrao.org
Category:

less

Transcript and Presenter's Notes

Title: FERPA Overview


1
FERPA Overview UpdatesA Private Conversation
  • An overview of the Family Educational Rights and
    Privacy Act and why it is the right thing to do.
  • CACCRAO 2008
  • John Snodgrass, Registrar, Chapman University

2
Some Resources
  • AACRAO FERPA Guide 2006
  • www.aacrao.org/publications/
  • The FERPA Doctors Case Book
  • LRP Publications, www.shoplrp.com
  • FPCO website http//www.ed.gov/policy/gen/guid/fp
    co/index.html
  • AACRAO website http//www.aacrao.org/compliance/f
    erpa/index.htm

3
What is FERPA All About?
  • Providing students guarantees regarding the
    access and confidentiality of their educational
    records
  • Right to access
  • Right to challenge contents
  • Right to control over disclosure highest impact
    on how we deal with educational records

4
99.3 Key Definitions
  • Attendance
  • Directory Information
  • Disclosure
  • Disciplinary Action
  • Educational Record
  • Personally identifiable information
  • Student
  • (Note School Official is not described in 99.3)

5
Key Definition Student (post-secondary)
  • In Attendance institutionally defined
  • applicants, admits, or matriculants (actually
    attending as of the first day of class). Should
    be justified by some reasonable basis of fact and
    applied consistently
  • Credit and non-credit, degree or non-degree
    seeking, all residencies all ages
  • Regarding whom records are maintained
  • Acquire all FERPA rights at the time they become
    a Student (note parents lose all right of access
    to educational records of students at post
    secondary institutions) retain FERPA rights
    until deceased.

6
Proposed Regulation Attendance
  • Adds to current regulation attendance by
    videoconference, satellite, Internet, or other
    electronic information and telecommunications
    technologies for students who are not typically
    in the classroom.

7
Key Definition Educational Record
  • With certain exceptions, all records identifying
    students maintained by the university in any
    medium
  • Exceptions
  • Law Enforcement records
  • Treatment records
  • Alumni records
  • Employment records
  • Sole Possession

8
Key Point To Remember, , ,
  • Nothing in FERPA prohibits a school official from
    sharing information that is based on that
    officials personal knowledge or observation and
    that is not based on information contained in an
    educational record.

9
Proposed Regulations Personally Identifiable
Information
  • Adds biometric record to the current list of
    personal identifiers e.g. name, SSN, ID, and adds
    other indirect identifiers such as date and place
    of birth, mothers maiden name, etc.
  • Removes non-defined term easily traceable and
    provide instead that personally identifiable
    information that would allow a reasonable person
    in the school or its community, who does not have
    personal knowledge of the relevant circumstances,
    to identify the student with reasonable
    certainty.
  • Additionally, personally identifiable information
    includes information that is requested by a
    person who the institution reasonably believes
    has direct personal knowledge of the identity of
    the student to whom the education record directly
    relatestargeted request

10
Update Treatment Records
  • Education records do not include records on an
    eligible student that are
  • Made or maintained by a physician, psychiatrist,
    psychologist, or other recognized professional or
    paraprofessional acting in his or her
    professional capacity or assisting in a
    paraprofessional capacity
  • Made, maintained, or used only in connection with
    treatment of the student and
  • Disclosed only to individuals providing the
    treatment. For the purpose of this definition,
    treatment does not include remedial educational
    activities or activities that are part of the
    program of instruction at the agency or
    institution.

11
Update Treatment Records, continued
  • Once treatment records are disclosed outside of
    the requirements described above, the records
    become education records under FERPA
  • Records maintained by an office of disability
    services are education records because they
    contain information that is directly related to a
    student.
  • Treatment does not include determining
    appropriate accommodations for a disability.
  • There is no exclusion from the definition of
    education records for health or medical
    records, except for treatment records that meet
    the requirements described above.

12
Proposed Regulations Education Record
  • Alumni Records
  • Clarify that with respect to former students,
    education records exclude records that are
    created or received by the institution after an
    individual is no longer a student in attendance
    and are not directly related to the individuals
    attendance as a student.

13
Proposed Regulations Education Record
  • Peer Grading
  • Clarify that peer-graded papers that have not
    been collected and recorded by a teacher are not
    considered maintained by an educational
    institution and, therefore, are not education
    records under FERPA (implementation of Supreme
    Court Case Owasso)

14
Key Definition School Officials
  • Individual or group providing a necessary service
    for or on behalf of the institution
  • No inherent rights re accessing educational
    records May access based upon need to know
  • Are equally responsible for following FERPA
    regulations, re-disclosure requirements

15
Proposed Regulation School Officials
  • Other School Officials
  • Expand the school official exception to include
    contractors, consultants, volunteers, and other
    outside parties to whom an educational
    institution has outsourced institutional services
    or functions so long as
  • --In order to be considered a school official
    an agency or institution must be able to show
    that a non-employee or other outside party is
    providing an institutional service or function
    that the agency or institution would otherwise
    use employees to perform.
  • --The school must also show that the outside
    party would have legitimate educational
    interest in the information disclosed if the
    service were performed by employees.

16
Proposed Regulation School Official
  • Other School Officials, continued
  • --an agency or institution must be able to show
    that the outside party, in providing these
    services, is doing so under the direct control of
    the agency,
  • --outside party is subject to the same
    redisclosure conditions applicable to other
    school officials
  • --records directly related to a student that are
    maintained by such parties are education records,
    including any new student records created under
    an outsourcing agreement that are maintained by
    the outside service provider
  • --the institution must comply with annual FERPA
    notification requirements in 99.7 by specifying
    their contractors, consultants, and volunteers as
    school officials retained to provide various
    institutional services and functions

17
Proposed Regulations School Officials
  • Legitimate Educational Interest--Access
  • Proposed regulations would require an
    institution to use reasonable methods to ensure
    that teachers and other school officials obtain
    access to only those education records in which
    they have legitimate educational interest.
    Such methods/controls may include
  • Physical locked filing cabinets
  • Technological software which implements role
    or field based security features
  • administrative an institutional policy that
    prohibits access except for legitimate
    educational interest must be effective in
    ensuring compliance

18
99.4/99.5 Rights of Parents and Students
  • 99.4Parents. Full rights to both parents.
  • 99.5Student. all rights move from the parent to
    the student in post secondary environment.
  • Exception if applicant to another component of
    institution, no right of access to records
    maintained by that component until the student is
    accepted and attends that other component

19
Proposed Regulations Release to
Parents--Clarification
  • Proposed regulations in 99.5 clarify that even
    after a student has become an eligible student,
    an educational agency or institution may disclose
    education records to the students parents,
    without the consent of the eligible students if ,
    ,

20
Proposed Regulations Release to Parents,
continued
  • --If the student is a dependent for Federal
    income tax purposes (99.31(a)(8)
  • Note 99.31(a)(8) permits an educational agency
    or institution to disclose education records,
    without consent, to either parent if at least one
    of the parents has claimed the student as a
    dependent on the parents most recent tax return.
    Neither the age of the student nor the parents
    status as custodial parent is relevant.
  • To make such a dependency determination, a
    school may
  • -ask the parent to provide a copy of the most
    recent Federal income tax form (financial
    information may be redacted) showing dependency
    or
  • -ask students to indicate if they are claimed
    as a dependent for income tax purposes by either
    parent (at registration, etc)

21
Proposed Regulations Release to Parents,
continued
  • --In connection with a health or safety emergency
    (99.31(a)(10)
  • --If the student is under the age of 21 and has
    violated a law or an institutional rule or policy
    governing the use or possession of alcohol or a
    controlled substance (99.31(a)(15)
  • --If the disclosure falls within any other
    exception to the consent requirement in 99.31 (a)
    of the regulations, such as the disclosure of
    directory information or in compliance with a
    court order or lawfully issued subpoena.
  • Ensures that institutions understand that FERPA
    does not block information sharing with parents
    if the above exceptions apply.

22
Proposed Regulations Health or Safety Emergency
  • Removes language requiring strict construction
    of this exception
  • Disclosure of education records is permitted when
    an institution, taking into account the totality
    of the circumstances, determines there is an
    articulable and significant threat to the health
    and safety of the student or other individuals.
  • Disclosure may be made to any person whose
    knowledge of information is necessary to protect
    health and safety of student or others includes
    release to students parents.
  • Department of Ed will not substitute its
    judgment for that of the institution in
    evaluating the circumstances and making its
    determination.

23
Remember, , ,
  • While institutions may choose to follow a policy
    of not disclosing education records to parents of
    eligible students in these circumstances, FERPA
    does not mandate such a policy.

24
Institutional Requirements
  • Annual Notification (99.7)
  • Access and Review (Subpart B)
  • Amendment (Subpart C)
  • Disclosure (Subpart D)

25
99.7 Annual Notification
  • Must include--
  • Right method to inspect review
  • Right method to seek amendment
  • Right to consent other than 99.31 exceptions
  • Right to file a complaint with Dept of ED
  • Definition of school official
  • Definition of legitimate educational interest
  • DistributionAny means reasonably likely to
    inform
  • Typically includes Directory information per
    99.37 requirements

26
SubPart B Student Rights to Review Records
  • 99.10 Right to inspect review --Must
  • Student must be allowed access within 45 days
  • may charge a fee for copies (not retrieval)
    unless
  • Cant destroy record once requested
  • 99.12 Limitations on right to review
  • parent financial information
  • confidential letters
  • Education records of the student that contain
    information on more than one student

27
More on Inspect Review, AKA Access
  • 99.10(d) If circumstances effectively prevent the
    eligible student from exercising the right to
    inspect and review the students education
    records, the educational institution shall
  • Provide a copy, or
  • Make other arrangements to inspect review

28
So does that mean we dont have to give a copy of
  • Grades? Nope
  • Transcript? Nope
  • Diploma? Nope
  • But can we if we choose? Yep
  • Should we? Hmmmm

29
Subpart C Amendment
  • Request, Review, Hearing, decision
  • Yes amend and notify
  • No Notify, right to include statement
  • Statement maintained life of related record
  • Disclosed with related

30
Subpart D Disclosure
  • 99.30 Prior Consent Required
  • 99.31 Prior Consent Not Required
  • 99.32 Recordkeeping, redisclosure, conditions on
    99.31

31
99.30 Consent Required
  • Signature required (everything except 99.31)
  • Provided directly to the institution
  • Provided to a third party
  • Electronic
  • Consent includes
  • What
  • Purpose of disclosure
  • To whom

32
Proposed Regulations Identification
Authentication
  • Electronic/Telephonic Environments
  • Proposed regulations would require an educational
    agency or institution to use reasonable methods
    to identify and authenticate the identity of
    students, parents, school officials, and any
    other parties to whom the institution discloses
    education records.
  • Unique challenges exist re identification and
    authentication in electronic/telephonic
    environments. Students parents complaints re
    unauthorized access via use of widely available
    information, e.g the name and date of birth, name
    and SSN or other student ID number when providing
    .access
  • This is a failure to properly authenticate
    identity.

33
Proposed Regulations Identification
Authentication
  • Electronic/Telephonic Environments, continued
  • --Authentication of identity generally involves
  • -requiring a user to provide something that
    only the user knows, such as a PIN, password, or
    answer to a personal question
  • -requiring something that only the user has,
    such as a smart card or token
  • -or a biometric factor associated with no one
    other than the user, such as a finger, iris, or
    voiceprint.
  • --The institution must insure it does not
    deliver a password, PIN, smart card, or other
    factor used to authenticate identity in a manner
    that would allow access to unauthorized
    recipients. This includes use of a common form
    user name (e.g. last name and first name initial)
    along with date of birth, SSN, or a portion of
    the SSN, as an initial password to be changed
    upon first use of the system.
  • -

34
99.31 Key Exceptions
  • Institution may disclose without consent if
    disclosure meets one or more of the following
    conditions (there or more these are most common)
  • School Officials
  • Parents of dependent students
  • To institutions of post secondary education where
    the student seeks to enroll
  • Financial Aid
  • Judicial order/Subpoenas/Patriot Act
  • Health Safety
  • Disciplinary
  • Sex Offender
  • Directory

35
Proposed Regulations Disclosure to institution
in which student has enrolled
  • Would allow institution to disclose education
    records, without consent, to another institution
    even after a student has already enrolled (and
    not just if student seeks to enroll) if the
    disclosure is for purposes related to the
    students enrollment or transfer.
  • Intent is to allow institution to update,
    correct, or explain information originally
    disclosed. (Note current regulations allow
    institutions to send any and all education
    records, including disciplinary records to
    institutions to which a student seeks to enroll)

36
Proposed Regulations Disclosure definition re
institutions previously attended
  • Excludes from definition of disclosure the
    release/return of an education record to the
    institution/party that created the record.
  • Allows institutions to return transcripts,
    recommendations, etc that appear to have been
    falsified back to the institution or school
    official identified as the creator/sender in
    order to confirm authenticity. Allows sending
    school to confirm or deny accuracy of record, and
    send correct version. Consent from the student is
    not required.

37
Proposed Regulations Updating FERPA
  • Updates or amends FERPA regulations to
    specifically include language related to
    releasing or re-releasing of information in
    accordance with the following Acts
  • Patriot Act allows response to Ex Parte Order
    without notice to the student
  • Campus Sex Crimes Prevention Act-- allows
    disclosure of information received under
    community notification program concerning
    registered sex offenders who are students
    (although institutions are not required under
    FERPA to collect or maintain information about
    registered sex offenders)
  • Clery Act clarifies responsibility of
    institution to disclose information to accuser
    and accused allows re-disclosure by accuser

38
Directory Information
  • Directory Information records which are neutral
    or not necessarily harmful if released to third
    parties
  • institutions must specify what their Directory
    Information includes
  • Cannot include SSN, Student ID, Gender,
    Nationality, Ethnicity, religion, grades, gpa
  • Release not required may do so arbitrarily or
    capriciously.
  • Students may withhold release--opt out
  • Directory holds do not pertain to school
    officials having access to student educational
    records

39
Proposed Regulations Directory Information
  • Would provide that
  • --an educational agency may not designate as
    directory information a students SSN or other
    student ID number however
  • --directory information may include a students
    user ID or other unique identifier used by the
    student to access or communicate in electronic
    systems, only if identifier is used in
    conjunction with one or more factors that
    authenticate the students identity, e.g. PIN,
    password, or other factor known only by the
    student.

40
Proposed Regulations Opting Out of Directory
Information
  • Clarification of the regulations, affirming that
    an institution must continue to honor any valid
    request to opt out of directory information
    disclosures made while the individual was a
    student unless the student rescinds the decision
    to opt out of directory information disclosures.

41
Proposed Regulations Opting Out of Directory
Information
  • Opt out of directory information does not prevent
    an educational institution from disclosing or
    requiring a student to disclose the students
    name, electronic identifier, or institutional
    email address in the classroom.
  • Opt-out does not allow a student to remain
    anonymous in a class, and cannot be used to
    impede routine classroom communications, whether
    in person or on-line.
  • Note proposal provides no authority to disclose
    any directory information outside of the
    students class nor does it allow for release of
    directory information not used for class
    communications if a student has opted out.

42
Proposed Regulations Use of SSN As An Aide in
Directory Confirmation
  • Would prohibit an institution from using an SSN
    to identify or help identify a student or the
    students records when disclosing or confirming
    directory information unless the student has
    provided written consent in accordance with FERPA.

43
Disclosure requirements
  • Conditions
  • Record keeping
  • Redisclosure

44
Proposed Regulations De-identification
  • De-identification of information. Current
    regulations permit release of information without
    consent if all personally identifiable
    information has been removed.
  • Proposed regulations will
  • provide objective standards re when information
    releases may be considered de-identified
  • apply to records at both student and aggregate
    form
  • clarify permitted use of de-identified data
    releases for research purposes

45
Proposed Regulations Redisclosure
  • Redisclosure under court order or subpoena
  • Clarifies that redisclosing part has same
    responsibility as original disclosing party re
    notifying students prior to compliance.
  • Redisclosure by federal and state officials
    (currently not permitted)
  • Permits federal and state officials to
    redisclose under the same conditions as other
    recipients of education records allowed in 99.31
    (forward to another school, health/safety,
    accrediting agency, etc)

46
Proposed Regulations State Auditor
  • Auditordefine State auditor as a party under
    any branch of government with authority to
    conduct audits (note that the audit must be a
    federal or state supported education program)

47
Proposed Regulations Organizations Conducting
Studies
  • Current language for or on behalf of
  • Proposed
  • school does not have to initiate research
  • school does not have to agree with or endorse
    conclusions
  • school must agree with purposes of study
  • school must maintain control over information
    disclosed

48
Proposed Regulations Organizations Conducting
Studies
  • Institution must have written agreement with
    receiving organization that specifies
  • -purpose of study
  • -information can only be used to meet purposes
    of study
  • -restriction on redisclosure
  • -destruction of information when no longer
    required

49
Proposed Regulations Enforcement
  • Clarify the Departments responsibilities related
    to authority and enforcement
  • Affirms FPCOs authority to investigate a school
    when a student files a complaint
  • Clarifies information FPCO may require to
    investigate and resolve complaints
  • Clarifies that violation may be determined
    without being based upon a policy or practice of
    the school
  • Clarifies that Secretary may take action to
    terminate assistance only when a school has been
    found to have a policy or practice in violation
    of FERPA, AND the school fails to voluntarily
    come into compliance.
  • FPCO affirms that there is no intention or plan
    to initiate FERPA institutional compliance
    reviews or expand investigations beyond current
    practice.

50
Closing , , ,
  • Remember It is the right thing to do
  • Web Site http//www.chapman.edu/registrar/Privacy
    index.html
  • snodgras_at_chapman.edu
Write a Comment
User Comments (0)
About PowerShow.com