by Sherry Waldon Wells, Ed.D, Vice Provost for Digital Learning, Lamar University
In this well-attended session at the 2019 AACRAO Annual Meeting, Karen Jarrell & Jennifer Wondracek from the University of North Texas College of Law began with an overview of the U.S. Department of Education’s role in protecting student privacy with their oversight of the Family Educational Rights & Privacy Act commonly known as FERPA.
After covering the basics such as directory information and when FERPA applies to education records Jarrell referenced LeRoy Rooker, Senior Fellow and resident FERPA expert at AACRAO, as FERPA applies to digital education. According to Rooker, “Any discussion concerning the world of vendor contracting needs to start with the understanding that FERPA is technology-neutral so long as any resulting disclosures are FERPA compliant.” No matter what medium the education record is kept in the institution must control how it is disclosed. This includes learning management systems (LMS) or any other technology a student is required to use in a class. Wondracek discussed the importance of educating everyone on campus including faculty about the need for any system or application to be FERPA compliant.
Different scenarios were given where the audience was asked to respond if FERPA had been violated. The first scenario covered vendor contracts. On this subject Rooker was again quoted: “At a minimum, vendor contracts should include terms relating to the ownership of the data being stored, the status of deleted information, how data will be protected, and limitations of the use of data.”
The second scenario covered lecture capture videos; the third covered free online resources; and the fourth and final scenario was a professor wanting to combine two sections of the same class in the LMS. In all four scenarios the answer to whether FERPA would be violated was “it depends”. The last scenario on combining classes led to a very robust discussion between the audience and the presenters.
The session ended with a list of best practices, including:
Maintaining awareness of other relevant federal, state, tribal, or local laws
Being aware of all online educational services being used at your institution
Having policies and procedures to evaluate and approve proposed educational services
Using a written contract or legal agreement whenever possible
Taking extra precautions when consumer applications require the acceptance of terms of service
Determining whether consent is necessary
The session concluded with a quote from Senator Ron Wyden (D-Oregon), “Your data is yours, no matter on whose server it lives.” It is up to us to be diligent in protecting the data in all digital formats while complying with FERPA as well as international laws when students reside outside of the United States.