Rule 50702: Confidentiality and Security of Education Records Subject to the Family Educational Rights and Privacy Act (FERPA)

1.  Title

Confidentiality and Security of Education Records Subject to the Family Educational Rights and Privacy Act (FERPA)

2.  Rule and Regulation

Sec. 1  At the direction of the Chancellor, The University of Texas System shall adopt a Systemwide policy to provide guidance to U. T. System institutions, as well as the offices within System Administration, on compliance with the Family Educational Rights and Privacy Act (FERPA). The purpose of the policy is to promote consistency and best practices throughout U. T. System with regard to FERPA compliance.  

Sec. 2  Each U. T. System institution and U. T. System Administration shall adopt a policy in accordance with the Systemwide policy described in Section 1 as part of its Handbook of Operating Procedures. The policies adopted by U. T. System institutions pursuant to this Rule must also comply with the model FERPA policy developed by the Office of General Counsel that incorporates best practices designed to ensure the confidentiality and security of Education Records.

Sec. 3  Each U. T. System institution and U. T. System Administration shall adopt a process for the review of all proposed contracts to determine if the services will involve the outsourcing of, or any other access to or maintenance of, Education Records or Personally Identifiable Information from an Education Record by a third party contractor. All such contracts shall include terms that ensure that the contractor will employ FERPA privacy and security safeguards as to all of the institution’s Education Records that the contractor or its subsequent subcontractors will maintain and/or access pursuant to the contract.

3.  Definitions

Education Record – any record that is directly related to a Student and created and/or maintained by or for a U. T. System institution, as well as Personally Identifiable Information about a Student derived from an Education Record.

FERPA – Family Educational Rights and Privacy Act; 20 U.S.C. Sec. 1232g and 34 CFR Part 99.

Personally Identifiable Information – any information derived from an Education Record which can be used alone, or in combination with, other information known to a requestor or the university community, to identify a student. It includes, but is not limited to: the student’s name; the name of the student’s parent or other family members; the address of the student or student’s family; a personal identifier, such as the student’s social security number, student number, or biometric record.

Student – an individual, regardless of age, who is or who has been in attendance at a U. T. System institution.

4.  Relevant Federal and State Statutes 

Family Educational Rights and Privacy Act (FERPA): 20 U.S.C. Section 1232g 
34 Code of Federal Regulations Part 99 – Family Educational Rights and Privacy 

5.  Relevant System Policies, Procedures, and Forms 

Regents’ Rules and Regulations, Rule 10101, Board Authority and Duties 
Regents’ Rules and Regulations, Rule 20201, Presidents 
Model Family Educational Rights and Privacy (FERPA) Policy, Office of General Counsel 
Model Notice of Student Rights under FERPA and Notice Concerning Directory Information 
The University of Texas System Administration Policy UTS183, Maintenance of Education Records Subject to the Family Educational Rights and Privacy Act (FERPA) 
The University of Texas System Administration Internal Policy INT183, Confidentiality and Security of Education Records Subject to the Family Educational Rights and Privacy Act (FERPA) 

6.  Who Should Know 

Administrators 
Faculty 
Staff 

7.  System Administration Office(s) Responsible for Rule 

Office of the Board of Regents 

8.  Dates Approved or Amended 

July 10, 2014 

9.  Contact Information 

Questions or comments regarding this Rule should be directed to: 
•  bor@utsystem.edu