Data Governance

Letter to the Commonwealth of Virginia’s Attorney General Mark Herring providing guidance and technical assistance regarding the applicability of FERPA to the potential public release of an executive summary of a report provided to the University of Virginia’s Board of Visitors.

This brief offers best practice recommendations for developing and implementing effective authentication processes to help ensure that only appropriate individuals and entities have access to education records. General suggestions provided in the brief are applicable to all modes of data access, be it in person, over the phone, by mail, or electronically.

This document is designed to assist educational agencies and institutions that are considering using cloud computing solutions for education data. It contains responses to frequently asked questions about meeting necessary data privacy and data security requirements, including compliance with the Family Educational Rights and Privacy Act, to ensure proper protection of education records.

This presentation reviews security threats to education data systems, including common ways in which these systems can be exploited. It also offers suggestions on assessing system vulnerabilities and mitigating the risks.

This checklist is designed to assist stakeholder organizations with developing and maintaining a successful data security program by listing essential components that should be considered when building such a program, with focus on solutions and procedures relevant for supporting data security operations of educational agencies.

This guidance document is intended to help educational agencies and institutions create visual “maps” of how their data flows in the data systems.  Including maps in data governance plans can help organizations better understand what data are in their systems, where the data reside, what sources they come from, why those data are collected, what limitations or restrictions apply, how they are linked, and what policy questions those data are used to answer.

mapping data flow flows

This document was developed as a companion piece to the video Developing a Privacy Program for your School District.  The document provides an overview and rationale for why districts need, and should take the time to create and implement a program to protect personally identifiable information from student records.

This PTAC Document aims to assist schools and districts in crafting data use policies to ensure appropriate protection of students’ data.  While it is not mandatory to develop a data use policy, the U.S. Department of Education recommends doing so as a best practice.

This document is intended for state educational agencies (SEAs) and/or their contracted companies to use to inform the contractors’ staff about their responsibilities to protect students’ personally identifiable information acquired under FERPA’s audit or evaluation exception.

This version is a single-page .pdf intended for use as a standard FERPA-only acknowledgement.

This document is intended for state educational agencies (SEAs) and/or their contracted companies to use to inform the contractors’ staff about their responsibilities to protect students’ personally identifiable information acquired under FERPA’s audit or evaluation exception.

This version is a tri-fold brochure for Microsoft Word that leaves space to amend applicable state or local privacy laws.