Rule 10-601-7.2 - Compliance with the Federal Education Rights and Privacy Act of 1974 (FERPA)I. The Family Educational Rights and Privacy Act of 1974 (FERPA), is a federal law that grants important privacy rights to students regarding their educational records. More specifically, unless required by federal law, the information contained in educational records may not be disclosed to third parties, including parents, without the written consent of a student who is 18 or over. In addition to granting privacy rights, FERPA gives students the right to review their educational records and the right to request an amendment of those records should they feel the records contain inaccurate information.II. The term, "educational records," as used in the FERPA statute, includes more than academic records in its meaning. Educational records may also be financial aid records, transcripts, letters of recommendation, disciplinary files, grades, test scores, admissions applications and course enrollments. In essence, any records maintained by an institution and which contain information directly related to a student are educational records. Additionally, FERPA designates certain types of student information which may be published or released without the consent of the student. This information is referred to as "directory information". Although such information is contained within an educational record, it is not generally considered harmful or an invasion of privacy if disclosed. Directory information can include a student's name, address, telephone listing, email address, photograph, birth date, place of birth, area of study, grade level, dates of attendance, and recognition for activities, honors and awards. III. Applicants for state student financial assistance complete an educational records release form at the point of application and may update the educational records release permissions at any time by accessing the student account online. To provide permission for the Office to release a student's non-directory information, the student must provide the name of the person to whom information can be released, the relationship of that person to the student, the person's date of birth, and the last four digits of the person's Social Security Number. Non-directory information will be released only to persons with an active records release form on file with the Office.IV. The Office seeks to ensure the security of non-directory information, also referred to as Highly Confidential Information. Therefore, the Office will abide by the following policies when transmitting and storing such information: A. The preferred method of transmitting Highly Confidential Information is via the Office's Secure Document Share Portal, which is protected via SSL technology. Some Highly Confidential Information may also be shared via the Office's Secure Counselor Web Application.B. If it is necessary to mail physical copies of Highly Confidential Information, the Highly Confidential Information will be mailed in a tamper-proof, labeled container, with a tracking number and a delivery confirmation receipt.C. When it is necessary to mail Highly Confidential Information on electronic media, such as CDs, DVDs, electronic tape, etc., the Highly Confidential Information will be encrypted. The Highly Confidential Information shall only be mailed in accordance with the provisions of IV.B. above.D. If it is necessary to transmit Highly Confidential Information electronically via any method not listed in IV.A. above (such as email), the Highly Confidential Information will be encrypted.E. Passwords or other information sufficient to allow decryption of Highly Confidential Information will not be emailed along with the Encrypted Highly Confidential Information.F. Physical copies (paper or other physical representations) of Highly Confidential Information will be kept under lock and key when not in immediate use. Highly Confidential Information will not be left unsecured and unattended at any time.G. Highly Confidential Information stored on electronic media, such as CDs, DVDs, tape, flash drives, etc. will be Encrypted. Further, such electronic media shall be kept locked, or otherwise have sufficient physical access control measures to prevent unauthorized access. Highly Confidential Information in any electronic format, including computer databases, will not be left unsecured, meaning accessible without a password, and unattended at any time.H. Any laptop or computer that contains Confidential Information or Highly Confidential Information will be password protected. Additionally, any laptop or computer that contains Highly Confidential Information shall have its full hard drive encrypted. No laptop or computer will be left unattended without enabling a screen-lock or otherwise blocking access to the laptop or computer. No password or other information sufficient to access a laptop or computer containing Highly Confidential Information will be attached to or located near the laptop or computer at any time.I. Access to Highly Confidential Information through modems, networks, and the Internet will be carefully monitored and limited to authorized users.J. Only authorized users who have signed a Certification Statement shall have access to Highly Confidential Information.10 Miss. Code. R. 601-7.2
20 U.S.C. § 1232g; 34 CFR Part 99.