Information Privacy & Security (IPS)

IPS covers the principles of data protection, focusing on basic information security requirements and the educational records and data-related requirements of the Family Educational Rights and Privacy Act (FERPA).


About these Courses

IPS consists of two courses, Information Security and the Family Educational Rights and Privacy Act (FERPA), which can be utilized based on organizational needs. Each course includes content for individuals who only need basic information, as well as content tailored to specific roles, applications, devices, and settings. It is suitable for anyone who works with individually identifiable data or FERPA-covered educational records and data or has responsibilities for setting policies and procedures with respect to these types of data.

These courses were authored and peer-reviewed by experts.

Language Availability: English, Korean

Suggested Audiences: Administrators, Educators, Individuals Working with Identifiable Data, Instructors, IRB Administrators, IRB Members, Researchers, Students, Teachers


Basic Courses

Information Security
CME/CEUUpdated

This course provides information on basic techniques for data and device security, including email and mobile devices.

hand unlocking smartphone with fingerprint security feature
Family Educational Rights and Privacy Act (FERPA)
CME/CEU

This course covers the core requirements of the federal Family Educational Rights and Privacy Act (FERPA).

Child student holding tablet in front of face


Included Webinars

Data Management and Security for Student Researchers: An Overview
Featured

Covers the best practices of data management and security for graduate student researchers.

3d cloud graphic with a security lock hanging from it
FERPA and Online Learning in the Time of COVID-19
Featured

This webinar covers student data privacy issues with online learning including compliance with FERPA and other regulations.

Information Privacy & Security (IPS)
Bring Your Own Device (BYOD) Studies
Featured

Discusses BYOD study best practices, implementation, and Institutional Review Board (IRB) review.

collection of different mobile devices
Partnering with Technology Companies
Featured

Provides an overall approach to and best practices for partnering with technology companies to design and conduct research.

two arrows coming together to merge into one arrow
Leveraging IT Insight in IRB Review
Featured

Discusses why technology-based expertise is critical to human subject protections and how to add IT insights to IRB review.

illustration of two people with torso-sized puzzle pieces


FAQs

What subject areas does IPS training cover?

The Information Privacy and Security courses address legal-regulatory requirements for data protection by subject area. The Information Security course discusses the protection of information in any context, regardless of the subject matter. FERPA-related content focuses on educational records.

Note: For HIPAA-related requirements for health data, refer to the HIPAA series.

What privacy and security topics are addressed?

The Information Security course is organized to provide a basic foundation of data and device security techniques, supplemented by more detailed information relevant to the particular activities and context of the learner.

The Family Educational Rights and Privacy Act (FERPA) course includes content on the basics of federal FERPA requirements, which also touches on state and local requirements. An introductory module is complemented by audience-specific modules.

What information security topics are addressed?

The Information Security track is organized to provide a basic foundation of data and device security techniques, supplemented by more detailed information relevant to the particular activities and context of the learner. Learn more.

What is the recommended course setup?

For a basic Information Security course, we recommend that the two “Basics” modules be required as a foundation. A subset of the remaining modules could be used as electives, or as purely supplemental (optional) modules.

For a basic course in Family Educational Rights and Privacy Act (FERPA), we recommend that the “FERPA: An Introduction” module be required as a foundation, along with at least one of the role-specific modules, depending on the type of learner.

What is the recommended training frequency?

The regulations nor the federal agencies offer specific guidance on the frequency of information security or FERPA-related training. It is up to each organization to determine when a “refresher” is appropriate. Sometimes state laws or organizational policies may provide a standard. Absent other considerations, we recommend retraining of some kind at least every three to four years.

Standards for the frequency of information security training are also elusive. Generally, it is up to each organization to determine when a “refresher” is appropriate, except where a controlling law or regulation provides a standard. Absent such a standard, or a requirement from the organization’s own policies, we recommend some kind of retraining at least every three to four years.

What changes are in place for the IPS series?

Effective April 1, 2023, the Health Privacy (HIPAA) modules that were included in the Information Privacy and Security (IPS) series are no longer part of the IPS series.

A new HIPAA series includes the Health Privacy (HIPAA) modules as well as a new HIPAA Basics for Healthcare Professionals course. Organizations that have Health Privacy (HIPAA) modules in their gradebooks will have the new HIPAA series added to their renewal invoices (for an additional fee).

The IPS series will continue to include Information Security and FERPA courses. The series will also be expanded to include five topic-focused webinars. Organizations that subscribe to IPS will have access to these five webinars for no additional charge.

The added webinars include:

The HIPAA series will have three courses:

We are also retiring the Health Privacy Issues for Clinicians module (ID 1418), which was previously part of the Health Privacy (HIPAA) (retirement effective April 1, 2023).