FERPA Does Not Require…*

Notification is not explicitly required following a breach, but…

ServIcons_ITAudit_01

Recently we published a short piece on the Family Educational Rights and Privacy Act (FERPA) and how it factors in to your incident response program. While we were working on that piece, though, we came across something we thought was odd: notification isn’t explicitly required by FERPA after a data breach.

While FERPA does not require it, we are firm believers that schools must abide by state and federal law that does require notification in their incident response plans.

Sure, you won’t get in trouble under FERPA, but we believe you still need to protect parents and faculty in the event of a breach.  Given that disclosure practices exude our priorities, we must exercise the disclosure components of our plan on a regular (we recommend annual) basis.

same_strip_012513

 

Related Posts

Considerations – Why you should choose infotex, Inc. as your next MSOC!

Reasons why we should be considered! infotex provides a number of services that can be checked out if you click over to offerings.infotex.com! We even made a movie with all the reasons why infotex...
READ MORE

The Magnificent Seven 2023

Seven Trends . . . …that small bank Information Security Officers face in 2023 Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcom...
READ MORE

infotex

MANAGING TECHNOLOGY RISK

Linkedin-in Facebook-f Youtube Twitter

SERVICES

EDUCATION

COMPANY

CONTACT

SIGN UP FOR OUR BLOG

As part of infotex‘s service to our clients, find “non-mainstream” articles about relevant security issues.

Facebook Youtube Twitter