aacrao-logo_transparent
Watercolor World Map

Retired and Former AACRAO Members

Connect to the world of higher education

With AACRAO membership you'll be connected to more than 11,000 members from institutions around the world. Facilitate your professional development by attending discounted meetings, gaining complimentary subscriptions to our College & University journal and more.

Why should you join? Development never ends, retired or not. Keep current on trends in the field by collaborating with our members and lending your voice to discussions about practices in the field. 

Annual Membership Price: $151

Requirements: YOU BE A RETIRED MEMBER OR A MEMBER WHO LOST EMPLOYMENT AND IS NO LONGER ELIGIBLE FOR INSTITUTIONAL MEMBERSHIP.  

Develop Professionally

Retired Members - Professional Development

Professional Competencies

Keep up to date on skills areas like technical knowledge and professional development and contributions to the field. We have the tools for you.

Online Learning

From free webinars to self-paced on-demand learning, AACRAO's online learning covers a variety of subjects—technology, strategic enrollment management, admissions, FERPA, transfer, credential evaluation, and international education—and allow you to engage with the presenters and instructors.

Take the next step in your career

Maybe you want to reenter the workforce or change the trajectory of your career--AACRAO's Career Navigator is a wealth of job postings and resources for you. 

Gain Recognition

Retired Members - Gain Recognition

Get Published

AACRAO's professional journals College & University and SEM Quarterly are always accepting articles and have a wide circulation base.

Research Opportunities

Leverage the expertise of our over 11,000 members and contribute to one of the premier sources of practice related research within the global higher education community. 

Join a committee

Do work you're passionate about, with support and mentoring from fellow members. From Caucuses to specialized topics, it's all one community. 


AACRAO_Connect_logo_final_transparentbkg

AACRAO's bi-weekly professional development e-newsletter

Comparing FERPA & GDPR

Mar 13, 2018, 16:50 PM
legacy id : 5aa7deff4c15640ed8dc6d4f
Summary : Is FERPA compliance sufficient for complying with GDPR?
Url :

AACRAO has been approached several times to detail whether FERPA compliance is sufficient for complying with GDPR. Fundamentally, the scope and specific parameters are quite different. Specifically, FERPA pertains to the task of storing, handling and releasing student records.

This article is part one in a series on GDPR. (See more in this Inside Higher Ed article, "European Rules (and Big Fines) for American Colleges.")

The European Union General Data Protection Regulation and its articles refer to the processing of Personal Data, which for the purposes of the regulation means any information relating to an identified or identifiable natural person (‘data subject’). Thus,  the EU definition of personal data is very broad, whereas in the United States the processing of personal information is generally permitted and subject to a patchwork quilt of laws in the U.S. which define specific data elements as personal information (e.g., name in combination with SSN).  These include sectoral laws and regulations (e.g., FERPA, HIPAA, state data breach notification laws).

In the EU (and in many other countries around the world) processing of personal data is generally prohibited unless certain requirements are satisfied. In this article we will begin to compare one such sectoral regulation - the Family Education Rights and Privacy Act  (FERPA) - against GDPR.

 

Family Educational Rights and Privacy Act

 

GDPR

Purpose -

The Family Educational Rights and Privacy Act of 1974, as amended, sets forth requirements regarding the privacy of student records.

To enable the free movement of personal data within the Union while protecting fundamental rights and freedoms of natural persons and, in particular, their right to the protection of personal data.

Material Scope

FERPA applies to K-12 schools and postsecondary institutions.Specifically for this match-up the scope is limited to Eligible Students (those 18 or those attending an institution of higher education regardless of age).

Applies to the processing of personal data wholly or partly by automated means, within the scope of Union law.

Territorial Scope

Any educational institution (school or other entity that provides educational services and is attended by students) or educational agency (entity that administers schools directly linked to it) that receive funds under any program administered by the U.S. Secretary of Education.

Applies to processing that takes place in the Union or by a processor who has an establishment in the Union within the context of activities in the Union or to processing activities that are related to the offering of goods and services to (or behavioral monitoring of) data subjects in the Union.

Personal Data

Personally Identifiable Information (Information that would directly identify the student or make the student’s identity easily traceable) known as directory information. Educational Records - directly related to a student and maintained by an educational agency or institution or by a party acting for the agency or institution

Personal data means any information relating to an identified or identifiable natural person (the ‘data subject’). An identifiable natural person is anyone that can be identified, either directly or indirectly, by reference to anything that can ultimately identify them. This includes a name, an identification number, location data, an online identifier or to data that relates to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Sensitive Personal Data

In the 2009 regulations clarification was provided that a social security number (SSN), or part of an SSN, cannot be designated as directory information. In addition, the revised regulations state that a Student Identification Number (SIN also cannot be directory information. For exception see below (1)

Grades, GPA, race, gender, religion and national origin are also items that cannot be designated as directory information.

Special categories of data that are considered particularly sensitive are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

(1) Noted Exception - “a student ID number, user ID, or other unique personal identifier used by the student for purposes of accessing or communicating in electronic systems” can be directory information “Only if the identifier cannot be used to gain access to education records without an additional factor. “ (p.25 FERPA 2012 guide)

 
Categories :
  • FERPA
Tags :
Solid blue background with the letters "GDPR" in the center and various icons such as a key, alarm clock, lock, etc positioned below the letters.
Related people

Build Connections

Retired Members - Build Connections

Attend a event

Our meetings, workshops, and international institutes are designed instruct, educate and foster collaboration between professionals and institutions. Connect with old friends and register for one today.

Learn More

Member Only Benefits

AACCRAO_Transcript-purple

AACRAO's weekly e-newsletter delivering policy and industry news

Member Login Required
Questions? Contact us at membership@aacrao.org or (202) 355-1040