By Audience: Education Technology Vendors

The resources on this page are intended for vendors and other third party providers who are developing, or selling educational technology apps or services that utilizes or collect or uses Students’ Personally Identifiable Information.  Resources found here are intended to provide technical assistance and best practices for those vendors to ensure they are properly handling FERPA-protected information.

Guidance

Improving the Effectiveness and Efficiency of FERPA Enforcement

The Department is committed to protecting student privacy. To provide more timely and effective assistance to parents and students and to address a recommendation made by the Department’s Office of the Inspector General to “implement a risk-based approach to processing and resolving FERPA complaints,”  the Department is modifying its investigatory practices to more efficiently address and resolve complaints and violations under FERPA.  

Recorded Webinars

Credit Interoperability and Blockchain Solutions - Webinar

In the first installment of our three part webinar series, we will discuss an important credit interoperability use case — reverse transfer, where postsecondary institutions facilitate data transactions between with other academic institutions to award credentials to students when they physically transfer. During this session, we will explore where in the implementation of this system occur implications for data privacy and security, how FERPA applies in these cases, and what questions were addressed by the institutions involved to ensure FERPA compliance.

Guidance

Best Practices for Data Destruction

The Data Destruction Document is a best practices guide on properly destroying sensitive student data after it is no longer needed.  It details the life cycle of data and discusses various legal requirements relating to the destruction of data under FERPA, and examines a variety of methods for properly destroying data.  The guide also discusses best practices for data destruction and provides some real-world examples of how to implement it within your organization.

Letters

FTC and the Department of Education to Host Workshop on Student Privacy and Ed Tech; Seeking Public Comments

The U.S. Department of Education and the Federal Trade Commission (FTC) will host a joint workshop on December 1, 2017 to explore the intersection of Children's Online Privacy Protection Rule (COPPA) and the Family Educational Rights and Privacy Act of 1974 (FERPA).

This workshop will solicit input from a variety of education technology vendors, schools, parents, advocates, and privacy professionals to discuss their experiences navigating FERPA and COPPA while implementing education technology in a classroom setting.  The Department and the FTC are interested in learning about experiences, both positive and negative, in navigating the intersection of these statutes.   

You can find a full list of questions, and information about how to submit comments, in the attached document.   The workshop, which is free and open to the public, will be at the FTC’s Constitution Center, 400 7th St., SW, Washington, DC.  It will be webcast live on the FTC’s website. 

Guidance
Guidance Videos

The A-B-C's of Student Directory Information

FERPA allows schools and districts to designate certain basic student information as directory information, and share that information without consent if certain additional requirements are met. This video describes why a school would want to use designated student directory information and the types of information that fall into this category. It also explains the process that schools and districts must adhere to when designating directory information.