Happy Spring everyone! The Privacy Technical Assistance Center (PTAC) has been very busy over the last few months. We’re excited to share our latest guidance, resource and training updates with our subscribers.
The New Student Privacy Website
PTAC and the Office of the Chief Privacy Officer (OCPO) are excited to announce the launch of the new Student Privacy Website! This new website replaces both the legacy PTAC and the Family Policy Compliance Office’s (FPCO) sites, and further represents a reorganization of the offices at OCPO into the Student Privacy Protection and Assistance Division, or SPPAD. This new division will encompass PTAC and OCPO staff, serving as a centralized office responsible for providing best practices and technical assistance with FERPA and other topics related to student privacy. The Family Policy Compliance Office will retain its role in investigating FERPA complaints and undertaking enforcement actions.
The Student Privacy Website contains all previously issued resources and guidance from both the PTAC and FPCO websites, and also reorganizes the Frequently Asked Questions and Guidance sections to make it easier for users to find resources. The website includes a keyword search function, and allows users to initiate the FERPA complaint process through FPCO.
The webinar section of the website includes recordings and transcripts from all previously posted webinars, including the two most recent, Using Financial Aid Data for Research Purposes and Integrated Data Systems. New guidance and videos will be added as they are developed and presented.
The Student Privacy Website can be found at: https://studentprivacy.ed.gov. Be sure to update your bookmarks accordingly!
Upcoming Regional Conferences
PTAC has two regional conferences planned for this summer:
PTAC Preconference session at the State Higher Education Executive Officers Association (SHEEO) conference, Minneapolis, MN, August 7
We will be holding a preconference session at the State Higher Education Executive Officers Association (SHEEO) conference in Minneapolis, MN on Monday, August 7, 8am - 5pm. Join Privacy and Data Security experts from the PTAC team as we share findings regarding undiscovered postsecondary data breaches, discuss ED’s new focus on data security at participating Title IV institutions, and share best practices through a data breach simulation activity. Additionally, we will review and share the latest guidance from ED regarding data sharing, the use of educational technology, and the use of FAFSA data for program evaluation and research.
To register for the PTAC Preconference session, contact Lauren Wise at Lauren.Wise@aemcorp.com.
PTAC Regional Conference: Securing Your SLDS & Best Practices for Ensuring the Privacy of State Education Agency Data, Detroit, Michigan, August 22-24
During this regional conference, PTAC experts will provide training courses highlighting exigent threats to education data systems, especially SLDS. Training blocks will include:
- Current Trends in Data Security & Implementing Best Practices. This information session is focused on identifying the biggest threats and risk exposures in education data systems today. Utilizing example scenarios from the news, we will discuss how the organizations could have prevented or mitigated the impact of the issues. We will explore best practices for reducing threats from these common avenues of attack, including the recent WannaCry ransomware and other threats, fighting phishing attacks and increasing user awareness.
- Surviving and Audit.First covered at the SLDS Best Practice Conference, PTAC experts will discuss the recent SLDS security audits that affected several states. Attendees will hear about what to expect during an audit and how to best prepare for it.
- Interactive Data Breach Training Sessions.This interactive presentation puts you in the driver’s seat for a simulated data breach. Attendees will be divided into teams to make the critical decisions in addressing an ongoing breach, avoiding pitfalls and guiding an organization through the difficult and often murky issues facing organizations during that time.
- Assessing the Effectiveness of Your Data Systems.Many organizations don’t fully understand their vulnerabilities from the perspective of a hacker. In this session, we will look at resources that you can use and services that are available at no cost or very low cost to get a better, more complete view of the risks your IT systems face.
To register for the PTAC regional, please contact Lauren Wise at Lauren.Wise@aemcorp.com.
We have released three notable guidance documents in the last nine months.
- Our joint guidance with U.S. Department of Labor and Education on the Workforce Opportunities & Investment Act provides States with information about applicable requirements, proceduresand optionsformatching confidential Unemployment Compensation (UC) information from wage records with personal information from Vocational Rehabilitation (VR) records and personally identifiable information (PII) from education records, and for protecting the confidentiality of information contained in such records.
- The Integrated Data Systems and Student Privacy document provides background information on what an Integrated Data System is and why educational authorities may choose to participate in one. It also clarifies how such authorities can participate in an IDS while ensuring student privacy in compliance with FERPA.
- The Use of Financial Aid Information for Program Evaluation and Research discusses the conditions under which federal student financial aid information may be used for program evaluation and research purposes. In addition, this document provides some questions and answers and some possible situations in which these data may or may not be used for that purpose.
Other Items of Note
- We’ve been hard at work with our partners at the Department of Health & Human Services (HHS), assisting with the roll out of their new Head Start regulations. We’ve held two regional meetings, with nearly every state represented, to assess the challenges and potential implementation techniques as States begin work on integrating data with multiple facets of privacy considerations.
- PTAC has added a new site visit option, a collaboration with local privacy experts to ensure both federal and state/local laws are part of our training & discussion. Feedback on this session has been very positive, as the privacy conversation can span the spectrum of privacy issues in one sitting, ensuring that attendees get the true picture of their privacy responsibilities.
PTAC is continuing to monitor the questions coming in from the field and using them to develop new privacy resources. Please don’t hesitate to contact us with your questions.