EDU 5390

Ethics Review Notes

FERPA  (Family Educational Rights and Privacy Act of 1974) is federal

legislation in the United States that protects the privacy of students'
personally identifiable information (PII). FERPA applies to all
educational institutions that receive funding from the U.S. Department of
Education.
Parents are given 1. They have the right to access their student’s education record,
three main rights
under FERPA: 2. They can seek to amend their student’s education record, and
3. They can consent to disclose information from their student’s
education record. 
Education
Record:  Anything that directly relates to a student and is maintained by an
educational agency or institution, or by a third party acting for the
agency
Eligible Student:
A student age 18 or older or enrolled in a postsecondary institution at any
age and all rights formerly given to parents under FERPA transfer to the
student.
FERPA:
Family Educational Rights and Privacy Act
Parent:
Natural parent, a guardian, or an individual acting as a parent in the
absence of a parent or guardian
(PII) Personally
Identifiable Includes information that can be used to distinguish or trace an
Information: individual's identity either directly or indirectly through linkages with
other information.
FERPA FERPA requires written parental consent in order to share student PII.
Expectations However, there are certain exceptions that allow you to share student PII
without parental consent. 

Directory
Information Directory information, which is information that is generally not
Exception considered harmful or an invasion of privacy if released, can also be
disclosed to outside organizations without a parent’s prior written
consent. Each school must define the data elements they consider to be
directory information. Schools must give parents a way to opt-out of
directory information. 
School Official A school official allows you to share student information with those who
Exception have a legitimate educational interest in a student. A “school official”
includes a teacher, school principal, president, chancellor, board
member, trustee, registrar, counselor, admissions officer, attorney,
accountant, human resources professional, information systems
specialist, and support or clerical personnel. It also applies to vendors
that are performing a function the school would otherwise do themselves.
Studies Exception The studies exception can be used if the disclosure of PII from student
education records is for, or on behalf of, an educational agency or
institution in order to:
a. Develop, validate, or administer predictive tests;
b. Administer student aid programs; or
c. Improve instruction.
Eligible Student:
A student age 18 or older or enrolled in a postsecondary institution at any
age
FERPA:
Family Educational Rights and Privacy Act
(LEA) Local
Education A commonly used acronym for a school district or charter school
Agency:
Parent:
Natural parent, a guardian, or an individual acting as a parent in the
absence of a parent or guardian
(SIS) Student
Information A computer system that a school uses to track grades, attendance,
System: schedules, and many other student-related data needs in a school

Educational Apps and Websites

FERPA and Anytime you use an application or website that discloses student PII you
Technology should consult your local policies.

Websites and Educators should not be using any applications or websites that disclose
Apps student PII without written parental consent or by using one of the
FERPA exceptions.
FERPA:
Family Educational Rights and Privacy Act
(LEA) Local
Education : A commonly used acronym for a school district or charter school 
Agency
Parents:
Natural parent, a guardian, or an individual acting as a parent in the
absence of a parent or guardian
(PII) Personally
Identifiable Includes information that can be used to distinguish or trace an
Information: individual's identity either directly or indirectly through linkages with
other information 
(SIS) Student
Information : A computer system that a school uses to track grades, attendance,
System schedules, and many other student-related data needs in a school

Student Data Protection Act

Utah Student Data The Student Data Protection Act requires that each local education
Protection Act agency develop a data governance plan to help secure student level data.
It also requires each LEA to designate a Data Manager and publicly post
a Metadata Dictionary.
Ask Before You Before using an application or website that receives student PII you
App should first check the list of approved applications for your district or
school. Each district and charter school will have a different title for the
list of approved applications. This list usually called something like
"Approved Applications List," "Approved Technology," or "Metadata
Dictionary."
Utah FERPA
Except as provided in Subsection (7) (Links to an external site.)Links to
an external site., Section 53G-9-604 (Links to an external site.)Links to
an external site., and Section 53G-9-702 (Links to an external site.)Links
to an external site., policies adopted by a school district or charter school
under Section 53E-9-202 (Links to an external site.)Links to an external
site. shall include prohibitions on the administration to a student of any
psychological or psychiatric examination, test, or treatment, or any
survey, analysis, or evaluation without the prior written consent of the
student's parent or legal guardian, in which the purpose or evident
intended effect is to cause the student to reveal information, whether the
information is personally identifiable or not, concerning the student's or
any family member's:
a) political affiliations or, except as provided under Section 53G-10-202
(Links to an external site.)Links to an external site. or rules of the State
Board of Education, political philosophies;
b) mental or psychological problems;
c) sexual behavior, orientation, or attitudes;
d) illegal, anti-social, self-incriminating, or demeaning behavior;
e) critical appraisals of individuals with whom the student or family
member has close family relationships;
 f) religious affiliations or beliefs;
g) legally recognized privileged and analogous relationships, such as
those with lawyers, medical personnel, or ministers; and
e) income, except as required by law.

Data Security Basics

Security Basics Data privacy cannot exist without data security. Schools need to use
"reasonable methods" to ensure that data are not used for unauthorized
purposes. Check your local policies.
Storing Records Educators have access to a lot of student education records and it's
important to store them securely. Physical records should be locked in a
safe place and electronic records should be protected by strong
passwords.
Malware Attacks It's important to protect education records from malware attacks. You
shouldn't click on links or attachments in an email unless you know it's
safe and secure.
Education Anything that directly relates to a student and is maintained by an
Record: educational agency or institution, or by a third party acting for the
agency
Malware: Software that is intended to damage or disable computers and computer
systems

Student Data Review Basics

Final Review Respect parental rights
Disclose data appropriately
Review applications and websites
Properly collect data
Practice data security
Brief Overview: Optional: Signup to receive updates about Data Security and Privacy,
subscribe to USBE's Data Security and Privacy Distribution List: USBE
Student Data Privacy
Respond to Padlet prompt for extra credit.