dataLocks148650499Colleges and universities frequently hire third-party vendors to provide services that involve student data—cloud storage, online education delivery, and online grade books to name a few. Although the arrangements are common, they can run afoul of the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g; 34 CFR Part 99) (FERPA) and other data privacy best practices. Colleges and universities should contemplate privacy and security issues when contracting with third-party vendors and include language in the service agreement that identifies exactly what information is being shared and protects how the information can be used in the future. Continue Reading 5 simple rules for FERPA contracting compliance

chalk board question 000015283667Family Educational Rights and Privacy Act (FERPA) regulations allow colleges and universities to disclose personal information from a student’s education records without consent when the disclosure is to school officials with “legitimate educational interests.” What does it mean to (i) be a school official and (ii) have a legitimate educational interest in a record? Continue Reading

Computer media and internet communication conceptThe U.S. Department of Education is urging institutions to include privacy protections that reach beyond the Family Educational Rights and Privacy Act (FERPA) in contracts with app and other online educational service providers. Guidance from the Department’s Privacy Technical Assistance Center (including model contract terms and a basic employee training video) provides insight on Department expectations when third parties have access to student data online. Continue Reading