FERPA Email Privacy Regulations and Requirements with Proofpoint

The Family Educational Rights and Privacy Act (FERPA or the Buckley Amendment; 20 U.S.C.§ 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The FERPA privacy regulations and requirements apply to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA privacy regulations prohibit the improper disclosure of personally identifiable information (PII) derived from education records. Records include transcripts or other records obtained from a school in which a student was previously enrolled.

With certain defined exceptions, an educational record is any record, maintained by an institution or agent of the institution where a student can be personally identified. Personally identifiable information includes the address of the student or student’s family, a personal identifier such as social security number or student identification number, financial aid information, or any other unique or personally identifiable characteristics.

Institutions may, however, disclose what it has defined as "directory information" on a student without violating FERPA privacy regulations. Directory information includes, but is not limited to, the student’s name, address, telephone listing, email address, date and place of birth, major field of study, grade level, enrollment status, dates of attendance, participation in activities and sports, and other similar information.

How Proofpoint Addresses FERPA Privacy Regulations:

  • Proofpoint Enterprise Privacy ships with a Smart Identifier for social security numbers, ensuring detection accuracy without false positives.

  • Proofpoint Enterprise Privacy allows creation of customizable identifiers for PII such as student identification numbers.

  • Proofpoint Enterprise Privacy provides support for custom dictionaries to detect commonly used terms such as financial aid terminology and other terminologies related to education records.

  • Proofpoint Enterprise Privacy provides granular policies that allow educational institutions or agents of the institution to automatically encrypt or block PII.

Proofpoint Enterprise Privacy Key Capabilities:

  • Accurate Detection of PII: Accurate identification of PII is done utilizing a combination of Smart Identifiers along with customizable dictionary terms. The ability to associate the presence of multiple key terms such as a student identification number, a financial aid term, plus a loan amount, is critical in accurate detection.

  • Flexible Policy Management: Granular policies can be set, allowing specific sets of users to send and receive PII via a secure email encryption with Proofpoint Encryption, yet prevent other groups of users from sending PII altogether.

  • Compliance Dashboard: Compliance officers have a dashboard view of their organization. Incidents that require review are highlighted, with one-click drill-down access to each specific incident that may require intervention or remediation. Reports summarize the number of encrypted email messages that have been sent and the type of content that triggered the encryption.

  • Full support for cloud-based email systems (e.g., MS Office 365): Proofpoint Enterprise Privacy is available as a cloud based email solution and provides all the same rich functionality available as an on-premise email solution. This also seamlessly integrates to any cloud-based email solution, such as Microsoft's Office 365, ensuring FERPA privacy requirements compliance while leveraging the cost benefits of the cloud.
©2014 Proofpoint, Inc.