Issue Briefs & White Papers

	General
			Legislation

			Regulations

			Policy Guidance


	Adult Education

	Civil Rights

	Elementary & Secondary Education

	Grants & Contracts

	Higher Education

	Research & Statistics

	Special Education & Rehabilitative Services

	Vocational Education

GENERAL
PTAC Toolkit

Issue Briefs & White Papers

The Privacy Technical Assistance Center (PTAC) has developed a series of short issue briefs on the key privacy topics related to data privacy, confidentiality and security. The goal of the series is to provide state education agencies, local education agencies, institutions of higher education, and other interested stakeholders working with or contributing data to local or state longitudinal data systems with guidance on the most effective approaches to addressing common data security challenges.

In December 2011, the U.S. Department of Education (Department or we) released new regulations governing the Family Educational Rights and Privacy Act (FERPA), (76 FR 75604 (Dec. 2, 2011)), and supplemental non-regulatory guidance. We are providing the following case studies to illustrate how specific provisions of FERPA may be implemented. This case study uses fictional agencies, does not address individual circumstances, and does not consider additional legal requirements that may be required under other Federal, State, or local laws. We will be releasing additional case studies, and welcome suggestions for future topics.

Case Study #1: High School Feedback Report [PDF, 106K]
Case Study #2: Head Start Program [PDF, 98.9K]
Case Study #3: Enforcement [PDF, 127K]
Case Study #4: PTAC Technical Assistance [PDF, 127K]

Responding to IT Security Audits: Improving Data Security Practices

The first brief of the series, "Responding to Security Audits," describes the best practices organizations can draw on to minimize stress often associated with undergoing an IT Security audit and to maximize their benefits from the experience. By following these practices and incorporating solutions outlined in the brief into their auditing process, agencies can help ensure a productive outcome, including diminished vulnerabilities to cyber threat and improved IT security.

Data Security: Top Threats to Data Protection

The second brief, "Threats to Your Data," [PDF, 218K] outlines critical threats to educational data and information systems. Threats are divided into two categories: technical and non-technical. A brief description of each threat is followed by a suggestion of appropriate risk mitigation measures.

Data Governance and Stewardship

The third brief, "Data Governance and Stewardship," [PDF, 231K] provides guidance on how to successfully manage complex data systems by establishing a comprehensive data governance approach. Data governance principles discussed in this paper apply to a large number of audiences and can be used to improve data management of systems spanning pre-school through postsecondary education and into the workforce.

Data Security and Management Training: Best Practice Considerations

The fourth brief, "Data Security and Management Training: Best Practice Considerations," [PDF, 858K] provides best practices for data security and data management trainings for educational leaders. The brief discusses key training concepts to follow, content, delivery methods, and possible audiences for these trainings.

Commonly Cited Resources

Printable view

Last Modified: 03/29/2012

	Key Policy Letters