- Количество слайдов: 18
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material to be shared for noncommercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
Consent Provisions l l § 99. 30 Consent Except for specific exceptions, a student shall provide a signed and dated written consent before a school may disclose education records. – The consent must: l Specify records that may be disclosed; l State purpose of disclosure; and l Identify party or class of parties to whom disclosure may be made.
Electronic Signatures l l l April 21, 2004 – Final Rule issued amending § 99. 30 of the FERPA regulations to permit a school to choose to accept an electronic signature as consent to disclose education records to a third party, if certain conditions are met. See Federal Register at 69 FR 2167021672. Students can access their own education records using a Personal Identification Number (PIN) and the Internet if the institution can ensure that the request is from the student. Schools should ensure that they are using reasonable and appropriate steps consistent with current technological developments to maintain the integrity and security of education records maintained and transmitted via electronic methods.
Regulatory Change 2. Section 99. 30 is proposed to be amended by adding a new paragraph (d) to read as follows: § 99. 30 Under what conditions is prior consent required to disclose information? * * *
Regulatory Change, cont. (d)“Signed and dated written consent” under this part may include a record and signature in electronic form that— (1) Identifies and authenticates a particular person as the source of the electronic consent; and
Regulatory Change, cont. (2) Indicates such person’s approval of the information contained in the electronic consent.
Who has the right to consent? l Parents are afforded rights under FERPA until the student becomes an eligible student when the student l Turns 18 years old or l Attends an institution of postsecondary education
Authenticating Electronic Signatures l l FERPA is technology neutral. Regulating methods of authenticating electronic signatures: – – l Goes beyond the scope of FERPA Could limit current or future methods FPCO will issue guidance on acceptable methods.
Authenticating Electronic Signatures, cont. l “Trusted Third Party” – – Institutions that use a third party that is NOT an agent for the institution must have prior consent for disclosure to that party for the purpose of authenticating electronic signature. Other methods of authentication are acceptable, including physical verification of photographic identification issued by a government agency.
Federal Student Aid Standards l Federal Student Aid (FSA) Standards – – – Referenced as a “Safe Harbor” standard on which institutions can build means and method to accept electronic signatures for FERPA purposes. Some FSA Standards do not have FERPA parallels and are not intended to be referenced. May use Sections 3 -7 of FSA Standards for guidance on security measures for electronic signatures.
FSA Standards, cont. l “Safe Harbor” – – Not the minimally acceptable standard Not unduly rigorous l – Education records contain sensitive information Gramm-Leach-Bliley imposed additional privacy standards on financial institutions – including postsecondary institutions l Should be kept in mind when institution develops standards and methods
FSA Standards, cont. l Issuing a PIN – FSA Standards l l – Do not permit school officials access Allow students to change PINs and passwords required to be maintained in a secure database not generally accessible to school officials or others PINs and passwords required to be encrypted when stored in a database Other methods of security are acceptable l Must not use a process that results in PIN that is visible or easily accessible
Use of Current Systems l Many current systems designed to communicate between a school and the student – – – l E-mail, admissions, enrollment, and fee payment systems FERPA requires that school ensures the receiver of the information is the student FERPA written consent not required Current systems used for student communications MUST have acceptable level of security to be used in accepting electronic consent
Who can submit the consent? l FERPA requires that students provide consent. l Consent does not have to be provided directly to the institution by the student, but can be supplied by the student through the third party to whom the student would like the records disclosed. l FPCO would support a policy of accepting third party consent only from certain parties, such as Federal or State agencies.
Other Federal Standards l Health Insurance Portability and Accountability Act (HIPAA) – Records subject to FERPA are excluded from HIPAA by statute because Congress has addressed how these records should be protected.
Technical Assistance For technical assistance and advice to school officials: Family Policy Compliance Office U. S. Department of Education 400 Maryland Avenue, SW Washington, DC 20202 -5901 (202) 260 -3887 Telephone (202) 260 -9001 Fax
Informal Technical Assistance For informal requests for technical assistance, email us at: [email protected] gov
Visit our web site: www. ed. gov/offices/OII/fpco/