Educational organizations have a legal and ethical responsibility to protect the privacy and security of education data, including PII. The Family Educational Rights and Privacy Act (FERPA) protects PII from education records regardless of whether those records are paper or electronic; however, the best practices to protect the data do differ depending on the technology used to maintain the records.
Data breaches of electronically-stored data are a growing concern affecting industry, non-profit organizations, civilian government, and defense organizations. Educational agencies and institutions at all levels should implement privacy and security best practices targeted to their unique concerns and data systems. Establishing and implementing a clear data breach response plan outlining organizational policies and procedures for addressing a potential breach is an essential step in protecting the privacy of student data. This document provides educational agencies and institutions with a checklist of critical breach response components and steps to assist them in building a comprehensive data breach response capability.