FERPA regulation guidelines to email student personal data unencrypted

In order to protect student personal data, FERPA was enacted in 1974. But does protecting that data allow for FERPA educational records to be sent unencrypted via email? Find out in this expert response.

David Mortman, Dell

Can an educational institution ever send a student's FERPA-protected information via unencrypted email (or unencrypted email attachment), even to an authorized party?

FERPA (the Family Educational Rights and Privacy Act) regulations, unlike HIPAA or PCI DSS, do not specifically...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

require that information be encrypted. However, they do require that educational institutions be able to limit access to student data to those who are authorized to view it, such as professors and academic advisors. FERPA also requires institutions provide students (and their parents, if the student is under 18) with information on who accessed their records and when. As a result, many institutions have mandated the use of encryption as an access control mechanism.

This is where things get interesting; many educational institutions have forbidden professors from discussing grades and other FERPA-protected information over email. However, other institutions permit such discussions as long as the conversations take place over university-controlled systems. So, while strictly speaking it is permitted to email unencrypted FERPA data, many institutions opt not to take any chances. The best thing I can tell you is to approach this issue with caution and to discuss this with the legal team before setting any official policy.

For more information:

Read more about how to prepare for a FERPA audit.

This was last published in December 2009

Dig Deeper on Email and Messaging Threats-Information Security Threats

Smarter networks mean smarter students The success of edtech is reliant on the network powering it. Extreme Networks' Mike Leibovitz explains how integrating smart networks with AI, machine learning and IoT makes for a stronger skilled ...

Salesforce.org's CRM for education helps UVA students succeed The University of Virginia is one of a number of institutions using Salesforce.org's Education Cloud CRM to recruit students, track student success and manage alumni relations.

AI for education brings benefits to burdened school staff Using AI in education can have a dramatic impact on the way teachers use their time and the manner in which students are served individually. Expect the trend to continue.

Ankabut creates hyper-connected ecosystem for UAE education United Arab Emirates education network implements cloud-based software to improve students’ access to resources

Are nonprofit organizations subject to FTC data security oversight? Are nonprofit organizations, like higher education institutions, subject to FTC data security regulations and oversight? Expert Mike Chapple explains.

Blue Jeans revamps user interface for video meetings Video collaboration services provider Blue Jeans has launched a new interface, video integrations and analytics capabilities. The new look, considered overdue, should boost usability.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

Please create a username to comment.

How to implement zero-trust cloud security

AWS Access Analyzer aims to limit S3 bucket exposures

How to evaluate CASB tools for multi-cloud deployments

4 SD-WAN vendors integrate with AWS Transit Gateway

Assess the Wi-Fi 6 features available in Wave 1 and Wave 2

3 networking startups rearchitect routing

Shell, Halliburton, Unibap AB execs share real-world AI strategies

What's the difference between RPA and IPA?

The technological evolution of IT industry leaders: 2000 - 2020

Microsoft extends Office 365 benefit to nonprofit volunteers

Cut through confusion of the digital workspace market

Windows 10 issues top list of most read stories for IT pros

Review these Azure Service Bus best practices

Instill cloud change management best practices

How much cloud does an IT disaster recovery plan need?

FCO to boost cloud analysis setup

Tories plan electronic visa waiver for EU citizens

Dutch government must sort IT mess as priority

Dig Deeper on Email and Messaging Threats-Information Security Threats

Related Q&A from David Mortman

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.