What It Is

FERPA (Family Educational Rights and Privacy Act of 1974, 20 U.S.C. §1232g; 34 CFR Part 99) is a U.S. federal regulation safeguarding privacy of student education records and PII. It targets institutions receiving federal education funds, using a rights-based approach with consent requirements balanced by enumerated exceptions for operational needs.

Key Components

• **RightsInspect/review within 45 days, amend inaccurate/misleading records via hearings, prior written consent for disclosures.
• **DefinitionsBroad education records (directly related, institution-maintained), expansive PII (linkable identifiers), directory information.
• **Disclosure rulesGeneral consent + exceptions (school officials/LEI, emergencies, audits, subpoenas).
• **ObligationsAnnual notices (§99.7), disclosure logs (§99.32), access controls. Complaint-based enforcement, no certification.

Why Organizations Use It

• Mandatory to retain federal funding, avoid penalties like fund withholding.
• Mitigates breach risks, builds parent/student trust.
• Enables secure data sharing, vendor integrations, analytics.
• Enhances reputation, supports compliance with state laws.

Implementation Overview

Phased program: governance setup, data inventory/classification, policies/training/RBAC, vendor DPAs/monitoring. Applies to K-12/postsecondary U.S. entities. 6-12 months typical; ongoing audits/incident response essential.

What It Is

C-TPAT (Customs-Trade Partnership Against Terrorism) is a voluntary U.S. public-private partnership framework administered by U.S. Customs and Border Protection (CBP). Its primary purpose is securing international supply chains against terrorism and criminal threats through risk-based security practices. Scope covers partners like importers, carriers, brokers, and manufacturers handling U.S. trade.

Key Components

• 12 Minimum Security Criteria (MSC) domains: risk assessment, business partners, cybersecurity, physical access, personnel security, conveyance security, seals, procedural security, agricultural security, training, and audits.
• Built on governance, self-assessment, and CBP validation.
• Tiered certification model with ongoing revalidation.

Why Organizations Use It

• Trade facilitation: reduced inspections, FAST lanes, priority processing.
• Risk mitigation against terrorism, smuggling, cyber threats.
• Competitive edge via trusted trader status and mutual recognition.
• Enhances reputation and supply chain resilience.

Implementation Overview

• Phased: gap analysis, Security Profile, internal audits, CBP validation.
• Applies to trade entities globally; scalable by size.
• No fee; requires portal application and site validations.