Data Security: K-12 and Higher Education
The Department of Education is committed to helping the education community better safeguard the security of student data in schools at all levels. While FERPA does not require institutions to adopt specific security controls, it does require the use of “reasonable methods” to safeguard student records (34 CFR § 99.31). Despite this requirement, hundreds of educational data breaches happen every year. Not only does the disclosure of this information potentially violate FERPA, but disclosures can expose students to a host of negative consequences such as identity theft, fraud, and extortion.
This page is a portal to recent PTAC guidance and best practice resources for the educational community to use to enhance the security of their information systems. While these resources are principally geared to K-12 agencies and institutions, the security principles are the same regardless of grade level. Post-secondary institutions should refer to the FSA Cyber Security page for additional requirements.
In the Enterprise
Resources:
Data Security and Management Training: Best Practice Guidance
Identity Authentication Best Practices
Data Destruction Best Practices
Data Security Threats: Education Systems in the Crosshairs
Online Apps & the Cloud
Resources:
Protecting Student Privacy While Using Online Educational Services
Protecting Student Privacy While Using Online Educational Services: Model Terms of Service
Title IV Participating Institutions are subject to Gramm Leach Bliley Act (GLBA) data security requirements and, pursuant to the Participation Agreement, are required to report data breaches to FSA. Information specific to these requirements can be found on the FSA Cyber Security page. | ||
Cyber Advisory - New Type of Cyber Extortion / Threat Attack |