Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Glossary of TermsRabbitMQ LogsHow to Remove All RabbitMQ and Erlang Artifacts from Previous Installations (v13-v13.5)Service Task Type 10Can a Spirion Agent be set to run as "low priority"?Tips: How can I monitor pagefile usage during a scan?Tips: What are the Best Practices to Optimize Memory Usage During Scans?Tips: How does Despeckle interact with other OCR settings like Deskew?Tips: How to find the Outlook Folder GUIDs to use?Tips: How do I handle permission issues with Folder GUID scanning?Tips: What are common errors when Folder GUID permissions are insufficient?Tips: How to automate retrieving Folder GUIDs for multiple usersWhat permissions are needed for service accounts scanning GUIDs?What are the risks of scanning Email (Exchange) Public Folders in large organizations?Can I scan both Cached and Online Exchange Stores simultaneously?Tips: What are best practices for scanning large (Exchange) mailboxes?Tips: What are the Best Ways to Handle Duplicate Results from Scans of (Email) Public Folders?What are common mistakes when configuring Global Ignore Lists?Tips: How does scanning Online Archives affect scan duration?How can I optimize scan policies for Online Archives?What does a report for health information look like?How do I customize data types in the health information report?How do I test my custom RegEx before deployment?How to Install and Set Up the PostgreSQL ClientWhat Common File Types are Supported?Test Data for Local Spirion ClientWhat Version is My Spirion Sensitive Data Platform?What is Residual Data and Why is it Important?
FERPA
How can I Customize Reports for Specific FERPA Data Types?Is There an Example FERPA Compliance Report Template?Which Reports Best Demonstrate FERPA compliance?FERPA in Spirion Sensitive Data Platform
CCPA
CMMC
HIPAA
Release Notes
Reporting API
Customer Support Articles

How can I Customize Reports for Specific FERPA Data Types?

Customizing your Spirion reports for specific FERPA data types enables you to identify where the data risk is in your organization.

To customize reports for specific FERPA data types, you need to bridge the gap between technical "patterns" (like a 9-digit ID) and the legal definition of an Education Record.

Here is the step-by-step workflow to customize your reporting for FERPA-specific data:

1. Define Your "FERPA Data Type Group"

Before building the report, you should group your relevant Data Types so you can filter for them all at once.

  • Standard Identifiers: Include SSN, Date of Birth, and Name.
  • Custom FERPA Patterns: Create or select custom Sensitive Data Definitions (SDDs) for:
    • Student ID Numbers: (e.g., a specific 8-digit format used by your institution).
    • Academic Keywords: Use "Proximity" rules to find numbers near words like "GPA," "Transcript," "Grade," or "Financial Aid."
  • Action: In the Data Types management page, create a "Tag" or "Group" called FERPA_Scope.

2. Use the Report Builder to Filter by "Data Type"

Once your groups are defined, go to the Reports or Scan Results page to customize the view:

  1. Filter by Data Type: Set the filter to Data Type Group EQUALS FERPA_Scope. This ensures your report doesn't get cluttered with unrelated data like PCI (Credit Cards) or system files.
  2. Filter by Target Segment: If you only care about student data on faculty laptops, add a filter for Asset Type EQUALS Workstation.

3. Customize the Table Columns for FERPA Context

A FERPA auditor needs different information than a security analyst.

Customize your columns to include:

  • Object Name & Path: To show exactly where the student record was found.
  • Data Type: To distinguish between "Directory Information" (Name) and "Non-Directory Information" (SSN/Grades).
  • Match Count: To identify "Mass Leaks" (e.g., a spreadsheet with 5,000 student records).
  • Remediation Status: To prove the data was secured (e.g., "Quarantined" or "Shredded").

4. Grouping and Aggregation (The "Executive View")

To make the report readable for a Dean or Registrar, use the "Group By" feature:

  • Group by Department: If you have tagged your targets by department (e.g., Dept: Athletics), group the report by this tag. This shows which departments are the "highest risk" for FERPA non-compliance.
  • Group by Risk Level: Use the SDV3 Risk score to bubble the most critical FERPA violations to the top.

Example: The "Registrar’s Monthly FERPA Audit"

If you were building a custom report for the University Registrar, it would look like this:

  • Report Name: Monthly_FERPA_Exposure_Report
  • Filters:
    • Data Type = Student_ID, GPA, SSN
    • Location NOT EQUAL \\Secure_Registrar_Server\
  • Columns: Department, Target Name, Match Count, Last Scan Date, Remediation Action.
  • Visualizations: A pie chart showing "FERPA Matches by Department."

5. Automate the Delivery

FERPA compliance is an ongoing obligation. Once you have customized the report:

  1. Save the View: Save it as a "Custom Report Template."
  2. Schedule: Set the report to automatically email a PDF summary to the Privacy Officer or Registrar on the first of every month.

Tip: The "False Positive" Filter

Student IDs often look like other random numbers. To customize your report for higher accuracy:

  • Use Validation: Ensure your custom Student ID Data Type uses a Check Digit or Regex specific to your school.
  • Exclude Known Locations: If your Student Information System (SIS) is a known secure location, exclude it from the "Risk" report so you are only reporting on "Data Sprawl" (data in places it shouldn't be).

Summary

To customize for FERPA you perform the following high-level steps:

  1. Group your student-related Data Types.
  2. Filter by that group and by unauthorized locations.
  3. Group results by Department or Asset Owner to drive accountability.
  4. Schedule the report for the stakeholders responsible for student privacy.


Was this article helpful?

Powered by Product Fruits