I noticed a FERPA question circulating on my twitter feed this morning. For non US readers, FERPA (Family Educational Rights and Privacy Act) is the US national law covering how higher education institutions must conduct themselves with regards to student records. There’s a dizzying list of rules and exceptions as to what the institution may and may not disclose without a student’s written permission. It applies to records maintained by the institution.
This got me to thinking. When a student deploys a personal cyberinfrastructure, they maintain the data repositories. How does this affect FERPA compliance in that the institution is not maintaining the records of the students actual work (as opposed to documents stored in an institutional LMS, for example). Has anyone gathered resources on the legal implications of this model?