Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Comments Submitted to Respond to FERPA Proposed Rules

From: Rodney Petersen <rpetersen () EDUCAUSE EDU>
Date: Mon, 12 May 2008 20:21:30 -0600
[Please excuse the cross-posts.]

EDUCAUSE has joined the American Council on Education in submitting
comments in response to the proposed changes to FERPA announced in the
Federal Register on March 24th.  The ACE letter supports the treatment
of SSN's as non-directory information but urges the department to
re-consider its position on Student Identification Numbers.  In short,
the letter recommends that institutions be given the flexibility to
treat the Student ID Number as directory information when the identifier
alone does not provide access to student education records without an
additional act of authentication.  The ACE letter also comments on the
provisions for outsourced service providers.

The EDUCAUSE/Internet2 Security Task Force also commented on the
"Recommendations for Safeguarding Education Records".  The Department of
Education took the curious approach of recommending security practices
without mandating security requirements as part of the proposed rules.
While the task force generally supports efforts to improve data
security, we expressed confusion and concern about the department's
recommendation of safeguards that were premised on guidance developed by
the federal government.  We advised the department that they should
consider guidance developed by the private sector (e.g., ISO 27002) or
the task force before imposing requirements developed by the government
(e.g., see Confidential Data Handling Blueprint available at
www.educause.edu/security/datahandling  and Data Incident Notification
Toolkit available at www.educause.edu/security/incidentnotification .)

We are in the process of evaluating the other comments submitted to the
department.  To review the full comments of ACE and the Security Task
Force, see:

ACE Letter (May 8, 2008)
www.educause.edu/ir/library/pdf/epo0806.pdf

EDUCAUSE/Internet2 Security Task Force Comments (May 8, 2008)
www.educause.edu/ir/library/pdf/epo0805.pdf

Please let me know if you have any questions or comments.

Thanks,

-Rodney

--------------------------------------------------
Rodney J. Petersen, J.D.
Government Relations Officer & Security Task Force Coordinator

EDUCAUSE
1150 18th Street, N.W., Suite 1010
Washington, D.C. 20036
(202) 331-5368 / (202) 872-4200
(202) 872-4318 (FAX) 
EDUCAUSE/Internet2 Security Task Force
www.educause.edu/security
--------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: