Educause Security Discussion mailing list archives
Comments Submitted to Respond to FERPA Proposed Rules
From: Rodney Petersen <rpetersen () EDUCAUSE EDU>
Date: Mon, 12 May 2008 20:21:30 -0600
[Please excuse the cross-posts.] EDUCAUSE has joined the American Council on Education in submitting comments in response to the proposed changes to FERPA announced in the Federal Register on March 24th. The ACE letter supports the treatment of SSN's as non-directory information but urges the department to re-consider its position on Student Identification Numbers. In short, the letter recommends that institutions be given the flexibility to treat the Student ID Number as directory information when the identifier alone does not provide access to student education records without an additional act of authentication. The ACE letter also comments on the provisions for outsourced service providers. The EDUCAUSE/Internet2 Security Task Force also commented on the "Recommendations for Safeguarding Education Records". The Department of Education took the curious approach of recommending security practices without mandating security requirements as part of the proposed rules. While the task force generally supports efforts to improve data security, we expressed confusion and concern about the department's recommendation of safeguards that were premised on guidance developed by the federal government. We advised the department that they should consider guidance developed by the private sector (e.g., ISO 27002) or the task force before imposing requirements developed by the government (e.g., see Confidential Data Handling Blueprint available at www.educause.edu/security/datahandling and Data Incident Notification Toolkit available at www.educause.edu/security/incidentnotification .) We are in the process of evaluating the other comments submitted to the department. To review the full comments of ACE and the Security Task Force, see: ACE Letter (May 8, 2008) www.educause.edu/ir/library/pdf/epo0806.pdf EDUCAUSE/Internet2 Security Task Force Comments (May 8, 2008) www.educause.edu/ir/library/pdf/epo0805.pdf Please let me know if you have any questions or comments. Thanks, -Rodney -------------------------------------------------- Rodney J. Petersen, J.D. Government Relations Officer & Security Task Force Coordinator EDUCAUSE 1150 18th Street, N.W., Suite 1010 Washington, D.C. 20036 (202) 331-5368 / (202) 872-4200 (202) 872-4318 (FAX) EDUCAUSE/Internet2 Security Task Force www.educause.edu/security --------------------------------------------------
Current thread:
- Comments Submitted to Respond to FERPA Proposed Rules Rodney Petersen (May 12)