Embed Size (px)
Citation preview
FERPA Basics
…and Your Responsibility
Regarding Your Work At Gallaudet University
FERPA BASICS GUIDE & CHECK UP AN OVERVIEW AND SELF INVENTORY
This inventory is self paced and designed to touch on FERPA basics which are important
If you have more than 3 concerns or errors... please feel free to repeat this guide and self inventory as needed
Gallaudet university desires full understanding and compliance
Review and Test Yourself on FERPA Basics
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT OF 1974
The Family Educational Rights and Privacy Act known as FERPA is a federal law that protects the privacy of education records for all students at the university - - The general principle is that student education records are considered confidential and may not be released to third parties (including parents) without the written consent of the student - - Protected elements of the student’s education record include, but are not limited to, financial data, progress in courses, class scheduling, grade information, and academic disciplinary information ~
FERPA is enforced by the Family Policy Compliance Office, U.S. Department of Education, Washington, D.C.
QWhat is FERPA?
Family Emergency Protection Act
Federal Education Protection Act
Financial Educational Provision Act
Family Education Rights and Privacy Act
The Family Educational Rights and Privacy Act of 1974 (FERPA), also known as the Buckley Amendment, is a federal law designed to protect the privacy of, and limit access to, student educational records.
FERPA grants some specific rights to students and sets restrictions on how schools may handle educational records ~
FERPA Is A Federal Law
In Other Words…
FERPA … is a federal law designed to protect the privacy of, and limit access to student educational record information ~
So…Why is FERPA Important?
Why is FERPA Important? AND…Why should I care?
FERPA applies to all institutions that receive federal funds administered by the U.S. Secretary of Education (financial aid, veteran’s benefits, grants, etc) - Institutions found to be in violation could have these federal funds withheld ~
Having access to private information or areas with confidential and educational information about students is not to be taken lightly; under FERPA, universities are legally and ethically obligated to protect the confidentiality of student educational records - - Legal consequences as well as university consequences are possible ~
ALSO REMEMBER to protect all records in transit whether on campus or in postal mailing.
…Is Important
FERPA COMPLIANCE …
ALWAYS Best NOT to Copy, Share, Photograph, Record or Release Academic or Confidential Information Improperly - - Questions … Contact Registrar
Education records are directly related to a student and maintained for all current and former students - - At Gallaudet this would also include those students enrolled in MSSD or KDES ~
Education records do not include: Sole possession (lap drawer) records Peer graded papers (not used for a course
grade) Online forums (e.g., Blackboard discussions,
assignment postings and online course chats) – NOTE: Grades should NOT be posted in these educational support forums
Law enforcement unit records Employment records (unless employment is
based on student status) Medical records • alumni records
Education records include:
Graded papers
Exams
Transcripts
Class lists
Notes from a conversation with a student
Computer screen displaying student information
Email containing information about a student
What are Education Records?
Although some records and information maintained on Gallaudet students may not be considered an education or academic record, they may be confidential OR private and therefore all employees must be mindful of students and others personal proprietary information rights ~
TYPES OF STUDENT INFORMATION
Personally Identifiable and Private Information: Is generally considered much more sensitive or an invasion of privacy if disclosed ..
Directory or Public Information: Is information contained in the record which would not generally be considered harmful or an invasion of privacy if disclosed ..
Gallaudet University protects even the release of ‘directory’ student information ..
ALL requests for student academic and directory information should be passed onto the Registrar’s Office..
CAUTION: Making records with personal confidential information will require ongoing protected access as well as security whether in the cloud or on the internet - - All digital student records or reports made under FERPA require a vendor contract for university ownership ~
SCHOOL OFFICIALS AND LEGITIMATE EDUCATIONAL NEED
School official
• A person employed by the university in an administrative, supervisory, academic, research, or support position (including law enforcement personnel and health staff) ..
• A person or company with whom the university has contracted (attorney, auditor, collection agent) ..
• A person serving on the board of trustees ..
ALL ARE REQUIRED TO PROVE LEGITMATE@ EDUCATIONAL NEED & PURPOSE WHEN REQUESTING
STUDENT INFORMATION
@ Legitimate Educational Need
When a verifiable need for specific student information is demonstrated – is compliant
with FERPA and student disclosure rights for the information can be determined ~
FALSE
ONLY IF THEY HAVE A LEGITIMATE EDUCATIONAL PURPOSE
Faculty have a right to inspect education records of any student attending GU without giving a proper reason
TRUE or FALSE
QTRUE OR FALSE
Education records include only those records contained in a student’s permanent file in the Registrar’s Office
TRUE IS NOT THE CORRECT
ANSWER
OTHER STUDENT RECORDS
• HEALTH - SHS/MHC
• FINANCIAL AID
• STUDENT ACCOUNTING
• ADVISING
• MAJOR PROGRAM RECORDS
• JUDICIAL
• TUTORING
• CAREER CENTER
• CAMPUS DB LOGIN/USE
TRUE OR FALSE
GRADES.. GPA .. or other STUDENT INFORMATION may be viewed shared, copied or released publicly at any time
FALSE IS THE CORRECT ANSWER STUDENTS LEGAL RIGHTS ARE VIOLATED WHEN RECORDS ARE NOT HANDLED CAREFULLY AND CONFIDENTIALLY
GALLAUDET UNIVERSITY HAS AN OBLIGATION UNDER THESE LAWS TO PROTECT A STUDENT’S RIGHTS WITH REGARD TO THEIR ACADEMIC AND PERSONAL CONFIDENTIAL INFORMATION
WHEN IN DOUBT …CHECK WITH THE REGISTRAR’S OFFICE
FALSEANSWER
Q Who is at risk of violating FERPA?
Faculty
Staff
Administrators
Students
Student Workers
Contractors & Employees
Visitors
Others
Q
Who is at risk of violating FERPA?
Who?
Who?Who?
Who?
ALL
The MOST Correct ANSWER is…
QTRUE OR FALSE
Only the records of currently enrolled students are protected by FERPA
FALSE
FERPA also protects the records of all former students
FALSE
FALSE
FYI
Education Records May Include Any Record
Directly Related To A Student & Maintained
By The University
In Any Format Or Medium
NO
TE
What DO YOU DO? ONTO THE NEXT
SLIDE
…are you entitled to under FERPA to view any records, copy or to re-disclose any information you inadvertently see or hear to any other party?
You have been granted access to certain offices with educational records in accordance with your duties at GU. Since this is information is in an area where you work…
YES OR NO
THE CORRECT ANSWER IS
Only officials that have been assigned and granted appropriate work access should be viewing, using, discussing and properly sharing a record to complete a university work related task or duty ~
NO!
Scenario Q:
Local police call, a person claiming to be a student has been arrested ~
The police have a policy of releasing an arrested student for minor infractions and if they can verify that the person is a student ~
Can you give out any information on this student?
You should respond …“I have no information that I can release on that individual …I will transfer your call to the Registrar’s Office ”
You will be honoring the student’s FERPA rights and be FERPA compliant for yourself as well as Gallaudet ~
NOTE: Under FERPA once a block on information is requested, confidentiality ‘FERPA Blocks’ stay in force until the student revokes it in writing
REVOCATIONS MUST BE SUBMITTED WITH THE ABILITY TO AUTHENTICATE THE STUDENT OR ALUMNI WITH NO DOUBT CONCERNING THEIR ID OR DATED SIGNATURE~
Some examples of information protected by FERPA include:
• University ID number• Social security number• Birthdate• Grades/exam scores• GPA• Current class schedule• Parent name and address• Race/ethnicity• Gender• Country of citizenship• Religious affiliation• Disciplinary status• Marital status• Test scores (i.e., SAT, GRE, etc.)
Private & Academic Information
FERPA QUICK ACADEMIC GUIDE
NO POSTING OF ..
Student ID #s
Test Scores
Course Grades
GPA
Evaluations
NO SHARING OF..
Student Personal Proprietary Information (PPI)
Email Addresses
Advisory Information
Peer Evaluations
REGARDING EMAILS..
DO NOT RELEASE Record Information via Email */@
Full Name, ID or Any PPI to be Excluded from Email Subject Lines
Student Named Advisory Information in a Group Email
Group Departmental Emails w/o Using ‘BCC’ Distribution
*Student records are released from the Registrar’s Office - - PPI = Personal Proprietary Information - - Confidential Information - - An inappropriate release of information could harm a student if they have a need for confidentiality or result in a violation of federal law and trigger a federal FERPA audit
CAUTION WITH CONFIDENTIAL or PRIVATE INFORMATION!
AVOID being exposed to student information or records not considered your university work - - Curiosity does NOT qualify as a legal right to know
Legally that information & how it is released may not be within your realm of work duties or responsibilities
Employees need to use restraint with regard to sharing, copying/scanning and even digitally conveying information in any way with others or by any public disclosure
BEST PRACTICES FOR NON-EDUCATIONAL OR STUDENT SUPPORT STAFF: BE SURE THE OFFICE STAFF ARE WITHIN THE OFFICE BEFORE ENTERING TO ATTEND TO YOUR DUTIES - - THIS WILL HELP INSURE YOU ARE NOT CONSIDERED IN ANY WAY RESPONSIBLE IF THERE IS A FERPA COMPLIANCE CONCERN, VIOLATION REVIEW OR INVESTIGATION BY FEDERAL OFFICIALS
Employees who have been assigned personal access codes to work with systems that generate - store or manage confidential information bear the responsibility for preserving the complete confidentiality of such codes to ensure against unauthorized use by any other person…
Employees who negligently or intentionally share their system passwords or accounts with anyone else for any reason will be held responsible for any resulting misuse of the system by others…
Employees who have any reason to believe or suspect that someone else is using their personal access codes must immediately notify their supervisor and Registrar’s Office…
Employees are prohibited from logging onto University data bases and administrative systems with their personal access codes and then permitting another person to access information in those data bases and/or systems…
Accessing information not directly germane or relevant to your specifically assigned tasks / duties as an employee…
Disclosing, discussing and/or providing confidential information to any individual not authorized to view or access that data, including but not limited to third parties, volunteers, vendors and other university employees - - This includes digital copying, conveyance or sharing…
Being reckless, careless, negligent, or improper in handling of office materials, disposal of waste which may contain printed documents and reports containing confidential information…
Viewing an open computer monitor and then using it with any files, databases exposed, possibly deleting or altering information without authorization…
Generating and/or disseminating false or misleading information…
Using information viewed or retrieved from the systems for personal or any other unauthorized or unlawful use…
BE AWARE YOU WILL BE HELD ACCOUNTABLE - - It is Important to NOT Avoid Your Responsibility to Gallaudet University Policies & Federal Laws (FERPA, Privacy & HIPAA) ~
AVOID… CAUTIONS…
EDUCATION RECORDS RELEASE & EXCEPTIONS
The university will not release personally identifiable information from a student's record without the student's prior written consent ~
Even parents are not permitted access to their son or daughter's records unless the student has provided written authorization for the specified information each time needed - - This also includes other family members and spouses - - An annual copy of the income tax return proving a student’s dependent status may also be submitted and be in the Registrar’s student files for semester requests for grades or transcripts for their son or daughter ~
Exceptions are all determined to have a "legitimate educational need” or involves the work responsibilities as determined by the university for a university official; such as awarding financial aid, records updating, 3rd party certifications and legal subpoenas ~
Point of release for student’s academic record or personal information should always be the Registrar’s Office ~
• Students may have ‘FERPA Blocks’ or holds on the release of academic or personal information ~ • An inappropriate release of information could harm a student if they have a need for confidentiality or result in a violation
of federal law and trigger a federal FERPA audit ~ • Confidential & academic information such as grades or transcripts should be via a secure encrypted controlled single
release only ~
An unauthorized staff person retrieves information from a computer screen that was left unattended.
Under FERPA, is the staff member and the institution responsible?
YES OR NO
THE CORRECT ANSWER IS
Remember only authorized university officials have access to records for their assigned work ..
Anyone seeking to view, copy, use or alter records without the proper authority to be working with records should be reported to the University Registrar ..
All that have mishandled information from a record no matter they type of record – puts the university at risk of non-compliance under FERPA as well as privacy violations ..
YES!
Should you enter an office with confidential records in varied formats even if you have a key for that office without any staff that work in that office being in the office? YES OR NO
YES IS NOT THE CORRECT ANSWER
THE CORRECT ANSWER IS
It is always best for employees with keys and access to offices with confidential records.. to only enter these offices when regular office staff are with you.. Office staff can vouch for your time and activity in the office as well as possibly be able to prevent an investigation into your work ethics and movement within their assigned work offices..
When a violation occurs – anyone on campus with access to the area(s) of concern can be in question ..
NO!
YES OR NOCan any employee view, use or make copies of student records?
The Correct Answer is NO! Student records have compliance limits for copying, sharing and use.
As communication devices are with us all the time…Including digital internet connected devices
…SHOULD YOU use a smart phone in the area of an office with records or confidential meetings ?
CONFIDENTIAL AREAS INCLUDE: The Registrar’s Office, Financial Aid Office, Student Financial Services Office, SHS, MHC, Academic Advising, Career Center, Judicial Board, BOT, MSSD, KDES and DPS.
NOTE: Privacy should be afforded in conference areas being used by faculty, faculty senates, university administrators or student support offices, classrooms used for class instruction, tutoring, private student advisory conferences/ meetings. library areas for research, instructional science labs, computer labs used for work, online courses, personal communications, judicial board, SBG, other closed door organizational meetings and athletic team training meetings.
ALL these can present privacy concerns with digital smart technology around.
‘YES’ is not the correct answer!
See on the next slide …
… IS THE CORRECT ANSWER
GO TO THE NEXT SLIDE
NO is the correct answer because all current technology is capable of capturing images, video, conversations & other information that may breach FERPA and privacy law requirements ~
NO
NOTE: THIS IS ALL THE SAME KIND OF PRIVACY ACCORDED TO YOU WITH YOUR PERSONAL RECORDS HELD BY A BANK, A DOCTOR, LAWYER OR YOUR EMPLOYER. THEY ARE NOT THERE FOR OTHERS TO USE OR COPY.
FERPA, HIPPA, PII and other federal laws, rules and policies hold institutions to a high standard to protect personal privacy as well as personal confidential, academic , health, employment, judicial/legal and other records .
What is the best thing to do with digital internet devices such as your smart phone?
WARNING:
THE PATHWAYS FOR BREACHING STUDENT CONFIDENTIALITY, (WHETHER DUE TO SIMPLE CARELESSNESS OR INADEQUATE SECURING OF RECORDS, DISCARDING OF RECORDS , TAKING RECORDS, RECORDING INFORMATION & INAPPROPRIATE USE OF TECHNOLOGY) CONTINUE TO MULTIPLY AS TECHNOLOGY ADVANCES - SUCH ACTIVITIY & ACTIONS ALL HAVE CONSEQUENCES
SMART PHONE & DIGITAL INTERNET DEVICESTIPS & WARNINGS!!
BEST PRACTICES It is best not to use smart phones in any academic or confidential area You may need to pocket your phone and limit use to after leaving a confidential/record office, meeting, classroom/lab or library areas - - Cover camera eye sights on digital internet connected laptops, tablets and wrist devices in confidential areas as current technology allows for remote activation
Scanning and facsimile copiers should be ‘digitally wiped clean’ same as PCs and lap tops before releasing to a vendor or individual to protect any saved academic and personal confidential information
‘E-Discovery ‘is a technological investigative tool that the feds use with all digital and internet connected devices to track or determine fraud, electronic digital copying, audio /video taping, illegal activity and all related communications
REGISTRAR’S END NOTE…
The FERPA BASICS GUIDE & FERPA CHECK UP ARE reference tools to help you engage in understanding FERPA as well as other confidential privacy considerations on campus.
You are welcome to use these campus tools at any time…
