Security Task Force Submits Comments on Proposed FERPA Rules

Created by Valerie M. Vogel (EDUCAUSE) on May 29, 2008

The EDUCAUSE/Internet2 Security Task Force recently commented on the "Recommendations for Safeguarding Education Records". The Family Educational Rights and Privacy Act (FERPA) has never contained regulations related to the security of student education records, although it is implied as a necessary safeguard to help keep student education records private. The department chose to include in this Notice some recommendations that included references to guidance issued by the National Institute of Standards in Technology (NIST) and the Office of Management and Budget (OMB). While the Security Task Force shared the department's concerns about cybersecurity, it was concerned that focus on government approaches may be misinformed and encouraged the department to consider resources developed by the task force (e.g., see Effective IT Security Practice Guide). The task force further cautioned the department that "the inclusion of recommended safeguards causes considerable confusion about the department's intentions and future plans."

See Rodney Petersen's blog for additional details. To review the full comments of ACE and the Security Task Force, see:

Valerie's blog
Login or register to post comments
324 reads

		Security Task Force Submits Comments on Proposed FERPA Rules Created by Valerie M. Vogel (EDUCAUSE) on May 29, 2008 The EDUCAUSE/Internet2 Security Task Force recently commented on the "Recommendations for Safeguarding Education Records". The Family Educational Rights and Privacy Act (FERPA) has never contained regulations related to the security of student education records, although it is implied as a necessary safeguard to help keep student education records private. The department chose to include in this Notice some recommendations that included references to guidance issued by the National Institute of Standards in Technology (NIST) and the Office of Management and Budget (OMB). While the Security Task Force shared the department's concerns about cybersecurity, it was concerned that focus on government approaches may be misinformed and encouraged the department to consider resources developed by the task force (e.g., see Effective IT Security Practice Guide). The task force further cautioned the department that "the inclusion of recommended safeguards causes considerable confusion about the department's intentions and future plans." See Rodney Petersen's blog for additional details. To review the full comments of ACE and the Security Task Force, see: ACE Letter (May 8, 2008) EDUCAUSE/Internet2 Security Task Force Comments (May 8, 2008) Cybersecurity Initiative Announcements \| Campus Policies \| Cybersecurity \| Elimination of Social Security Numbers as Primary Identifiers \| Federal Privacy Law \| Policy and Law: Federal \| social security number \| Student Information Systems Valerie's blog Login or register to post comments 324 reads
		© Copyright 1999-2009 EDUCAUSE Need Help? \| Feedback \| Privacy Policy
	Unless otherwise noted, EDUCAUSE holds the copyright on all materials published by the association, whether in print or electronic form. In certain cases the work remains the intellectual property of the individual author(s) (see Special Circumstances). Content from conference speeches, presentations, blogs, wikis and feeds reflect the opinions of the author, and not necessarily those of EDUCAUSE or its members.