Purpose

To give a brief explanation of FERPA data and how COC controls for compliance. This describes how the security controls are in place and not how information is disseminated to others. Please refer to the GT policies and standards when working with FERPA data.

Scope

Anyone using FERPA on COC information systems

What is FERPA

FERPA, Family Educational Rights and Privacy Act, is a federal law that protects the privacy of student education and gives students and parents (if a student is under 18) the right to request amendments. Note that FERPA data includes whether the student is enrolled and their student IDs. Also, if the information is being shared with, provided by, or collected on behalf of the federal government, then it is classified as CUI

FERPA that is not CUI is classified by GT as "Sensitive" and must follow federal regulations. There are no specified requirements for security controls, but NIST 800-53 fulfills the FERPA control requirements.

FERPA Directory Information

Under FERPA, “Directory Information” refers to student information that is not generally considered harmful or an invasion of privacy if disclosed. USG has designated the following categories of information as Directory Information:

  • Student’s name
  • Hometown
  • Institution-assigned email address. Under this category, an institution-assigned email address may be disclosed without consent only to other current students. In addition, students may not request email listings of the entire student body or segments thereof, except for academic purposes.
  • Major field of study
  • Enrollment status (e.g., full-time, part-time)
  • Participation in officially recognized activities and sports
  • Dates of attendance
  • Degrees, honors, and awards received
  • Thesis/Dissertation title
  • The most recent educational institution attended
  • Height and weight of athletes
  • Class Level

Please note this section is denoting what USG is referring to as directory information and is not implying it can be disclosed. Please refer to GA Tech policies on FERPA.

Data Security Checklist

The checklist of controls can be downloaded here.

Related Links

  • Protecting Student Privacyhttps://studentprivacy.ed.gov/
    Ga Tech Ferpa educational informationhttps://registrar.gatech.edu/ferpa