GENERAL
PTAC Toolkit

Glossary of Privacy Terms and Concepts

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

  • Anonymized (Anonymization)

    Anonymized data are data that have been de-identified and do not include a re-identification code. In an anonymized data file, the student case numbers in the data records cannot be linked back to the original student record system. For more information, see the SLDS Technical Brief: Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records, available at http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=2011601.

  • Attendance

    FERPA regulations define attendance to include, but not be limited to: (a) Attendance in person or by paper correspondence, videoconference, satellite, Internet, or other electronic information and telecommunications technologies for students who are not physically present in the classroom; and (b) The period during which a person is working under a work-study program. See also Dates of Attendance.

    For more information, see the Family Educational Rights and Privacy Act Regulations, 34 CFR §99.3, available at http://www2.ed.gov/policy/gen/guid/fpco/pdf/ferparegs.pdf.

  • Attribute Disclosure

    Attribute disclosure occurs when data in a student level file or aggregate data in tabulations reveal sensitive information about a student. For more information, see the SLDS Technical Brief: Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records, available at http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=2011601.

  • Authorized Disclosure

    See also Unauthorized Disclosure, Disclosure, and Identity Disclosure.

  • Biometric Record

    FERPA regulations define a biometric record as one or more measurable biological or behavioral characteristics that can be used for automated recognition of an individual. Examples include fingerprints; retina and iris patterns; voiceprints; DNA sequence; facial characteristics; and handwriting. For more information, see the Family Educational Rights and Privacy Act Regulations, 34 CFR §99.3, available at http://www2.ed.gov/policy/gen/guid/fpco/pdf/ferparegs.pdf.

  • Coarsening

    Coarsening disclosure limitation techniques preserve the individual respondent's data by reducing the level of detail used to report some variables. Examples of this technique include: recoding continuous variables into intervals; recoding categorical data into broader intervals; and top or bottom coding the ends of continuous distributions. For more information, see the NCES Statistical Standards, available at http://nces.ed.gov/statprog/2002/glossary.asp.

  • Dates of Attendance

    FERPA regulations define dates of attendance as the period of time during which a student attends or attended an educational agency or institution. Examples of dates of attendance include an academic year, a spring semester, or a first quarter. The term does not include specific daily records of a student's attendance at an educational agency or institution. See also Attendance.

    For more information, see the Family Educational Rights and Privacy Act Regulations, 34 CFR §99.3, available at http://www2.ed.gov/policy/gen/guid/fpco/pdf/ferparegs.pdf.

  • Direct Identifier

    Direct identifiers include information that relates specifically to an individual such as the individual’s residence, including for example, name, address, Social Security Number or other identifying number or code, telephone number, e-mail address, or biometric record. See also Indirect Identifier. For more information, see the SLDS Technical Brief: Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records, available at http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=2011601.

  • De-identified Data

    De-identified data describes records that have a re-identification code and have enough personally identifiable information removed or obscured so that the remaining information does not identify an individual and there is no reasonable basis to believe that the information can be used to identify an individual. The re-identification code may allow the recipient to match information received from the same source.

    For more information, see the SLDS Technical Brief: Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records, available at http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=2011601.

  • Directory Information

    FERPA regulations define directory information as information contained in an education record of a student that would not generally be considered harmful or an invasion of privacy if disclosed. Directory information includes, but is not limited to, the student's name; address; telephone listing; electronic mail address; photograph; date and place of birth; major field of study; grade level; enrollment status (e.g., undergraduate or graduate, full-time or part-time); dates of attendance; participation in officially recognized activities and sports; weight and height of members of athletic teams; degrees, honors and awards received; and the most recent educational agency or institution attended. Directory information does not include a student's: (1) Social security number; or (2) Student identification (ID) number, except when a student ID number, user ID, or other unique personal identifier is used by the student for purposes of accessing or communicating in electronic systems, but only if the identifier cannot be used to gain access to education records except when used in conjunction with one or more factors that authenticate the user's identity, such as a personal identification number (PIN), password, or other factor known or possessed only by the authorized user.

    For more information, see the Family Educational Rights and Privacy Act Regulations, 34 CFR §99.3, available at http://www2.ed.gov/policy/gen/guid/fpco/pdf/ferparegs.pdf.

  • Disciplinary Action or Proceeding

    FERPA regulations define disciplinary action or proceeding as the investigation, adjudication, or imposition of sanctions by an educational agency or institution with respect to an infraction or violation of the internal rules of conduct applicable to students of the agency or institution. For more information, see the Family Educational Rights and Privacy Act Regulations, 34 CFR §99.3, available at http://www2.ed.gov/policy/gen/guid/fpco/pdf/ferparegs.pdf.

  • Disclosure

    Under FERPA, disclosure means to permit access to or release, transfer, or other communication of personally identifiable information contained in education records by any means including oral, written, or electronic means, to any party except the party identified as the party that provided or created the record. See also Authorized Disclosure, Identity Disclosure, and Unauthorized Disclosure.

    For more information, see the Family Educational Rights and Privacy Act Regulations, 34 CFR §99.3, available at http://www2.ed.gov/policy/gen/guid/fpco/pdf/ferparegs.pdf.

  • Education Agency or Institution

    Under FERPA, education agency or institution refers to any public or private agency or institution to which funds have been made available under any program administered by the Secretary, if the educational institution provides educational services or instruction, or both, to students; or the educational agency is authorized to direct and control public elementary or secondary, or postsecondary educational institutions. This does not apply to an educational agency or institution solely because students attending that agency or institution receive nonmonetary benefits under a program administered by the Secretary, if no funds under that program are made available to the agency or institution. The Secretary considers funds to be made available to an educational agency or institution if funds under one or more of the programs are provided to the agency or institution by grant, cooperative agreement, contract, subgrant, or subcontract; or are provided to students attending the agency or institution and the funds may be paid to the agency or institution by those students for educational purposes, such as under the Pell Grant Program and the Guaranteed Student Loan Program (Titles IV-A-l and IV-B, respectively, of the Higher Education Act of 1965, as amended). Note that if an educational agency or institution receives funds under one or more of the programs covered by this section, FERPA regulations apply to the recipient as a whole, including each of its components (such as a department within a university).

    For more information, see the Family Educational Rights and Privacy Act Regulations, 34 CFR §99.1, available at http://www2.ed.gov/policy/gen/guid/fpco/pdf/ferparegs.pdf.

  • Education Records

    FERPA regulations define education records as those records that are: (1) directly related to a student; and (2) maintained by an educational agency or institution or by a party acting for the agency or institution. The term does not include: (1) records that are kept in the sole possession of the maker, are used only as a personal memory aid, and are not accessible or revealed to any other person except a temporary substitute for the maker of the record; (2) records of the law enforcement unit of an educational agency or institution, subject to the provisions of § 99.8; (3)(i) records relating to an individual who is employed by an educational agency or institution, that: (A) are made and maintained in the normal course of business; (B) relate exclusively to the individual in that individual's capacity as an employee; and (C) are not available for use for any other purpose. (ii) records relating to an individual in attendance at the agency or institution who is employed as a result of his or her status as a student are education records and not excepted under paragraph (b)(3)(i) of this definition; (4) records on a student who is 18 years of age or older, or is attending an institution of postsecondary education, that are: (i) made or maintained by a physician, psychiatrist, psychologist, or other recognized professional or paraprofessional acting in his or her professional capacity or assisting in a paraprofessional capacity; (ii) made, maintained, or used only in connection with treatment of the student; and (iii) disclosed only to individuals providing the treatment. For the purpose of this definition, "treatment" does not include remedial educational activities or activities that are part of the program of instruction at the agency or institution; (5) records created or received by an educational agency or institution after an individual is no longer a student in attendance and that are not directly related to the individual's attendance as a student; (6) grades on peer-graded papers before they are collected and recorded by a teacher.

    For more information, see the Family Educational Rights and Privacy Act Regulations, 34 CFR §99.3, available at http://www2.ed.gov/policy/gen/guid/fpco/pdf/ferparegs.pdf.

  • Eligible Student

    FERPA defines an eligible student as a student who has reached 18 years of age or is attending a postsecondary institution at any age. This means that, at the secondary level, once a student turns 18, all the rights that once belonged to his or her parents transfer to the student. However, a secondary school or postsecondary institution may still provide an eligible student’s parents with access to education records, without the student’s consent, if the student is claimed as a dependent for IRS tax purposes.

    For more information, see the Family Educational Rights and Privacy Act Regulations, 34 CFR §99.3, available at http://www2.ed.gov/policy/gen/guid/fpco/pdf/ferparegs.pdf.

  • Family Educational Rights and Privacy Act (FERPA)

  • Financial Aid

    FERPA regulations define financial aid as a payment of funds provided to an individual (or a payment in kind of tangible or intangible property to the individual) that is conditioned on the individual's attendance at an educational agency or institution. For more information, see the Family Educational Rights and Privacy Act Regulations, 34 CFR §99.31, available at http://www2.ed.gov/policy/gen/guid/fpco/pdf/ferparegs.pdf.

  • Health Insurance Portability and Accountability Act (HIPAA)

  • Identifiable Form

    Identifiable form refers to any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. For more information, see the SLDS Technical Brief: Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records, available at http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=2011601.

  • Identity Disclosure

    Identity disclosure occurs when data in a student level file or aggregate data in tabulations allow the data user to identify a student. For more information, see the SLDS Technical Brief: Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records, available at http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=2011601.

  • Indirect Identifier

    Indirect identifiers include information that can be combined with other information to identify specific individuals, including, for example, a combination of gender, birth date, geographic indicator and other descriptors. Other examples of indirect identifiers include place of birth, race, religion, weight, activities, employment information, medical information, education information, and financial information. See also Direct Identifier.

    For more information, see the SLDS Technical Brief: Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records, available at http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=2011601.

  • Institution of Postsecondary Education

    FERPA regulations define an institution of postsecondary education as an institution that provides education to students beyond the secondary school level. For more information, see the Family Educational Rights and Privacy Act Regulations, 34 CFR §99.3, available at http://www2.ed.gov/policy/gen/guid/fpco/pdf/ferparegs.pdf.

  • Instructional Material

    Instructional Material is defined in Protection of Pupil Rights Amendment (PPRA) as all material provided to a student, regardless of format, including printed or representational materials, audio-visual materials, and materials in electronic or digital formats (such as materials accessible through the Internet). The term does not include academic tests or academic assessments.

    For more information, see the September 2009 Letter to Superintendents, available at http://www2.ed.gov/policy/gen/guid/fpco/pdf/pprasuper.pdf.

  • Law Enforcement Unit

    FERPA regulations define a law enforcement unit as any individual, office, department, division, or other component of an educational agency or institution, such as a unit of commissioned police officers or non-commissioned security guards, that is officially authorized or designated by that agency or institution to: (i) enforce any local, State, or Federal law, or refer to appropriate authorities a matter for enforcement of any local, State, or Federal law against any individual or organization other than the agency or institution itself; or (ii) maintain the physical security and safety of the agency or institution. A component of an educational agency or institution does not lose its status as a "law enforcement unit" if it also performs other, non-law enforcement functions for the agency or institution, including investigation of incidents or conduct that constitutes or leads to a disciplinary action or proceedings against the student. See also Records of Law Enforcement Unit.

    For more information, see the Family Educational Rights and Privacy Act Regulations, 34 CFR §99.8, available at http://www2.ed.gov/policy/gen/guid/fpco/pdf/ferparegs.pdf.

  • Party

    FERPA regulations define a party as an individual, agency, institution, or organization. For more information, see the Family Educational Rights and Privacy Act Regulations, 34 CFR §99.3, available at http://www2.ed.gov/policy/gen/guid/fpco/pdf/ferparegs.pdf.

  • Personally Identifiable Information (PII)

    Personally identifiable information, as defined in FERPA, includes, but is not limited to:

    1. a student's name;
    2. the name of the student's parent or other family members;
    3. the address of the student or student's family;
    4. a personal identifier, such as the student's Social Security Number, student number, or biometric record;
    5. other indirect identifiers, such as the student's date of birth, place of birth, and mother's maiden name;
    6. other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty; and
    7. information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates.

    For more information, see the Family Educational Rights and Privacy Act Regulations, 34 CFR §99.3, available at http://www2.ed.gov/policy/gen/guid/fpco/pdf/ferparegs.pdf.

  • Re-identification Code

    A re-identification code enables an authorized researcher to return to the source of de-identified data and match the de-identified data to the source records. For more information, see the SLDS Technical Brief: Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records, available at http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=2011601.

  • Student

    FERPA regulations define student as any individual who is or has been in attendance at an educational agency or institution and regarding whom the agency or institution maintains education records. For more information, see the Family Educational Rights and Privacy Act Regulations, 34 CFR §99.3, available at http://www2.ed.gov/policy/gen/guid/fpco/pdf/ferparegs.pdf.

  • Targeted Request

    A targeted request refers to a request for data in which the person requesting the information is trying to get information about a specific student. For example, if there was a rumor published in the local paper that a public official was disciplined for cheating during his senior year in high school, a request to the high school for the disciplinary records of students who were caught cheating during the year the public official was a senior would be considered a targeted request.

    For more information, see the SLDS Technical Brief: Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records, available at http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=2011601.

  • Unauthorized Disclosure

    Unauthorized disclosure occurs when personally identifiable information from a student’s education record is made available to a third party who does not have legal authority to access the information. Such an unauthorized disclosure can happen inadvertently, as occurs when information about an individual is unintentionally revealed through, for example, a security breach of the electronic system that is used to maintain and access the education records or when a teacher or administrator accidentally leaves paper reports that include personally identifiable information in an unsecured location. See also Authorized Disclosure, Disclosure, and Identity Disclosure.

    For more information, see the SLDS Technical Brief: Basic Concepts and Definitions for Privacy and Confidentiality in Student Education Records, available at http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=2011601.

Home | About PTAC | Technical Briefs | Issue Briefs & White Papers
Security Checklist | Webinars & Presentations | FAQs
Legal References and Model Notices | Glossary | Contact Us


 
Print this page Printable view Bookmark and Share
Last Modified: 11/25/2011