The Family Educational Rights and Privacy Act (FERPA) applies to “student records.” Broadly, this is any data on a student that Penn State collects. More information on FERPA can be found at the Penn State University Registrar, including a training tutorial. For the purposes of compliance with information security and/or privacy controls related to FERPA, you must determine whether the student information you interact with contains PII (as defined in University Policy AD 53). If the student record contains PII, it must be treated as high-risk data pursuant to University Policy AD95 and its supporting standards. You can learn more about high-risk data and how to protect it on our data classification page. Your local IT or Security Liaison can help you understand what exactly that entails for you, or you can contact OIS at email@example.com for more information.