FERPA regulation guidelines to email student personal data unencrypted

In order to protect student personal data, FERPA was enacted in 1974. But does protecting that data allow for FERPA educational records to be sent unencrypted via email? Find out in this expert response.

David Mortman, Dell

Can an educational institution ever send a student's FERPA-protected information via unencrypted email (or unencrypted email attachment), even to an authorized party?

FERPA (the Family Educational Rights and Privacy Act) regulations, unlike HIPAA or PCI DSS, do not specifically...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

require that information be encrypted. However, they do require that educational institutions be able to limit access to student data to those who are authorized to view it, such as professors and academic advisors. FERPA also requires institutions provide students (and their parents, if the student is under 18) with information on who accessed their records and when. As a result, many institutions have mandated the use of encryption as an access control mechanism.

This is where things get interesting; many educational institutions have forbidden professors from discussing grades and other FERPA-protected information over email. However, other institutions permit such discussions as long as the conversations take place over university-controlled systems. So, while strictly speaking it is permitted to email unencrypted FERPA data, many institutions opt not to take any chances. The best thing I can tell you is to approach this issue with caution and to discuss this with the legal team before setting any official policy.

For more information:

Read more about how to prepare for a FERPA audit.

This was last published in December 2009

5 technology strategy tips for higher education CIOs

Pandemic exposes difficulty of data management in education

Blackbaud admits hackers stole banking details, passwords

Enabling learning, whether at school or at home during Covid-19

Google forms cyber insurance pact with Allianz, Munich Re

Dispelling 4 of the top cloud security myths today

Guide to cloud security management and best practices

Cisco completes $4.5 billion Acacia deal

5 steps to conduct network penetration testing

5 benefits of Wi-Fi 6 for enterprise networks

Racial, gender diversity in tech improving at a glacial pace

The future of trust must be built on data transparency

What are the advantages and disadvantages of RPA?

Microsoft makes Productivity Score useful to tech buyers

Microsoft makes Universal Print generally available

Microsoft bolsters data security in 365

Microsoft ACS going GA with preview of Teams integration

Modernize and migrate mainframe apps to the cloud

How to create snapshots for Azure VMs and managed disks

T-Mobile targets post-pandemic workplace with remote working suite

Connectivity the ‘unsung hero’ of the future of work

Williams F1 car launch disrupted by data leak