Until recently, the main concern regarding confidentiality and privacy of education records centered on individuals hacking into central computer systems or otherwise illegally accessing records through other security breaches. With technology increasingly used to ensure the availability of timely and accurate information, however, the scope of this issue has expanded to include portable storage devices (flash drives), handheld computers, electronic information transfers (e-mail), and other tools and devices used to store or transfer data.
Today's information portability makes performing many school-related tasks more convenient; however, it also increases the risk of unauthorized access to protected information. As school administrators, teachers, and support staff find new ways to store and access student records, they must still ensure the information's confidentiality and privacy.
For example, if an administrator misplaces a handheld computer, any personally identifiable information it contains becomes potentially available to anyone who finds the device. Teachers carrying grade files home on a flash drive or storing other personally identifiable student information on home computers, create the risk of unauthorized access to protected education records. Likewise, education records transferred through electronic mail could potentially be intercepted by unauthorized individuals. Since such situations occur daily in schools across the country, local education agencies must take precautions to guard against the unintentional release or unauthorized disclosure of education records.
Each education institution subject to FERPA should consider establishing policies, procedures, and best practices to address the following questions:
Establishing policies, procedures, and best practices is not a cure-all, but it sets the foundation for ensuring a deliberate effort to safeguard the confidentiality and privacy of education records.