Dissent Doe :cupofcoffee: · @PogoWasRight
1287 followers · 102 posts · Server infosec.exchange
Today's FERPA questions:
Part 1:
Assume parents of students sign a media release like the one attached to this post where the release mentions specific activities but also a more general release to promote the program.
Now assume that the district is the victim of a cyberattack and the attackers dump all the school photos with the students' names and student ID numbers.
Does the release allowing pictures of the student mean that there was no FERPA breach? I would say that the release is restricted to the activities mentioned in the release and that a data dump on the internet would still be a #FERPA breach.
Agree or disagree?
Part 2. Now assume that the district's "Directory Information" exemptions include student photos unless the parent opts out. Assume the same attack and data dump.
Now is it a #FERPA breach?
#FERPA #dataprotection #students #privacy #EduSec #DirectoryInformation #databreach #cyberattack #infosec
#FERPA #dataprotection #students #privacy #edusec #directoryinformation #databreach #cyberattack #infosec
Dissent Doe :cupofcoffee: · @PogoWasRight
1254 followers · 139 posts · Server infosec.exchangeIf you're going to "attack" a public school district, learn what FERPA permits districts to make public anyway:
#FERPA #edusec #directoryinformation #infosec