FERPA Does Not Require…*
Notification is not explicitly required following a breach, but…
Recently we published a short piece on the Family Educational Rights and Privacy Act (FERPA) and how it factors in to your incident response program. While we were working on that piece, though, we came across something we thought was odd: notification isn’t explicitly required by FERPA after a data breach.
While FERPA does not require it, we are firm believers that schools must abide by state and federal law that does require notification in their incident response plans.
Sure, you won’t get in trouble under FERPA, but we believe you still need to protect parents and faculty in the event of a breach. Given that disclosure practices exude our priorities, we must exercise the disclosure components of our plan on a regular (we recommend annual) basis.
Leave a comment
A simplified method for Change Management! (a proposal for small banks) We all suffer Read more
“Deep Fake” Technology is Behind The New Trend of AI-Assisted Fraud… An article revie Read more
Four out of five schools have experienced a cybersecurity incident… An article review Read more
Another awareness poster for YOUR customers (and users). Now that we have our own em Read more
These tools will help you assess and improve your cybersecurity preparedness… An arti Read more