FERPA: Friend or Foe? by Steve Cunningham

Author:
Publish date:
Social count:
0

Educational institutions are encrypting all mobile storage devices—including yours.

This month I have another brief story of computer trouble, but this time it is not about a hard drive. I ran into a colleague this week who told me that the screen on his university-supplied laptop computer began to go black for no apparent reason. Just before it blanked out for the last time, he'd purchased a new laptop, with his own money, and transferred all his data to the new unit. I asked him why he didn't simply submit the old one for repair or replacement.

He replied that it was too old to be a worthwhile repair, and figured that IT would give him a new one...one whose hard drive was completely and totally encrypted. "Pro Tools won't run on an encrypted hard drive, will it?" he asked me. I admitted that it would not, nor would several other programs. "That's why I bought this one myself. I'll still be able to use all my software and won't have to use data-encryption."

I was aware that university policy was moving toward full data encryption on all university laptops. The problem for both of us is that we teach classes based on the use of high-end audio and video editing software, none of these will actually run on an encrypted hard drive. But since my current laptop was old, I thought I was immune. Not so.

FERPA vs. mobility

This particular issue of data encryption on mobile devices came about as a result of a collision between FERPA, the Family Educational Rights and Privacy Act of 1974, and network mobility. Originally designed to allow parents and students to see, correct, and control the outside distribution of the contents of a student's records, FERPA has been amended multiple times over the years. Today it represents a detailed guide to what an educational institution may and may not do with regards to the privacy of a student's records. Moreover, compliance with the FERPA regulations is handled by an entity known as the Family Policy Compliance Office, which is part of the U.S. Department of Education. This Office can conduct investigations of an educational institution when a violation of privacy is suspected, be it willful or otherwise. Direct remedies available to this Office include the withdrawal of all federal funds to that institution. Indirect results of such an investigation include the general upheaval created by the investigation, along with a potential blast of negative publicity. Clearly it is something to be avoided.

As faculty, staff, and administrators began adding laptop computers to their academic toolboxes, a certain amount of FERPA-class information has found its way on to the hard drives of these laptops. We have all heard multiple accounts in the media of university laptops that have disappeared, exposing in some cases thousands of individuals to possible identity theft. As the incidents of loss and outright theft of laptop computers have increased, so has the concern about protecting this sensitive data, and thereby perhaps avoiding the nasty business of an investigation.

The university decided to handle this issue by establishing a policy of data encryption on any laptop computer or mobile storage device used for university business. It requires that computers purchased after April 2009 come equipped with either built-in encryption or a software-based encryption solution for subsequent installation. Where the device was purchased or who paid for it are immaterial; an employee who purchases a device at Fry's or Best Buy or Costco must provide written proof that the device is equipped with an acceptable encryption solution. Furthermore, the university requires a software snapshot (essentially a full backup) of each hard drive's contents at the beginning of a new semester. This ensures that should a device be lost or stolen, the snapshot will show whether or not FERPA-class information was on the hard drive when the snapshot was taken. Enforcement of this policy is handled by the individual school's IT department.

I haven't yet told my colleague that his newly purchased laptop will also have to be encrypted. Moreover, I'm due for a new university laptop which will definitely be subject to the policy. I'm certainly not buying myself a new laptop, but I am considering removing all FERPA-class data from this one and just bringing encrypted hard drives to work. I'll keep you posted on what I find.

Steve Cunnigham is an assistant professor of practice at USC's Thorton School of Music, and an AV Tech Advisor. Send your feedback to AVTIntern@nbmedia.com.

Related

Thunderbolt Cometh by Steve Cunningham

  If you get a new Apple, prepare to carry another set of adapters. It came as a pleasant surprise last week when I was issued a new laptop for the fall semester. I could have made it through another school year with the 2008 Core2 Duo laptop I had (although the screen hinge needs repair, and that involves a nasty te

Backing Up the Back Up by Steve Cunningham

There's nothing like a hard drive failure to bring one's backup strategy into sharp focus, and lately I seem to be surrounded by hard drive failures. The first incident occurred just before finals week, when I lost my laptop's year-old 500 GB internal drive after a spontaneous crash. The computer simply would not boot

Virtualization Cometh by Steve Cunningham

Virtualization has finally arrived at the urban yet bucolic campus where I spend my weekdays (and occasional weekends). I'm talking about the full deployment of a big and shiny new server with eight cores and 64 gigabytes of memory, which is further connected to a hardware RAID with over ten terabytes of storage. Nice

Facebook Privacy: Buyer Beware by Steve Cunningham

Last year I wrote about my students' use of Facebook as a primary means of communication amongst themselves and with me. I signed up several years ago, and students immediately began communicating with me via Facebook e-mail and postings on my Wall, often to the exclusion of the normal university e-mail system. Howeve

Should Education Follow Google? by Steve Cunningham

Recently I signed up for a small slew of new-to-me Google services — Google Voice, Google Talk, and Google Reader (which now serves as my browsers' home page). These are in addition to all the Google goodies I'd already been using, including Analytics and Docs, plus those extra Gmail accounts that work so well as thro

Calling Mister Goodwrench by Steve Cunningham

It’s lab rehab time again, and this week at my shop new disk images will be created, complete with all the system and application software updates available since the first of the year. These will then be pushed over the network to each of the nearly fifty computers that now make up our audio and video computer labs.

The Joys of Relocation by Steve Cunningham

When circumstances dictate a move, it’s often planning versus expediency It would appear that the on-again, off-again, move of our departmental computer lab is back on again. We've known this was coming for awhile, and the particular building that serves as home to the lab has been scheduled for demoli

How the Tablet Wars Can Impact End-Users by Steve Cunningham

A few short months after the introduction of Amazon's $199 Kindle Fire, the situation I will henceforth refer to as the "tablet wars" went from warm to simmer. The players in this imaginary contest include Apple's iPad of course, along with a collection of Android-powered devices from the likes of Samsung, Asus, Acer,