(a)
- (1) According to the Family Educational Rights and Privacy Act of 1974, 20 U.S.C. § 1232g, enacted as Section 438 of the General Education Provisions Act, 20 U.S.C. § 1221 et seq., student information that is considered "private" cannot be shared with anyone who is not designated on a release of confidential information form that has been signed by the student.
(2) Examples of confidential information disclosures include:
- (A) Disabilities;
- (B) Recovering substance abuse condition;
- (C) AIDS/HIV; or
- (D) Other medical information.
- (3) If the student discloses any condition or disability that falls under the Privacy Act, the disclosed information cannot be shared with anyone without a release of confidential information form, including all appropriate signatures.
(b)
- (1) Adult education and literacy council providers are responsible for keeping confidential student information secure.
- (2) The personal confidentiality statement should be completed and signed by all persons designated as having access to student records for legitimate educational and/or reporting purposes.
- (3) Care must be taken to ensure that student data is safe from access by unauthorized persons.
(c)
- (1) All confidential student data should be aggressively protected, especially a student’s Social Security number.
- (2) The Adult Education Section of the Division of Workforce Services collects Social Security numbers to allow for authorized use in data match with other state agencies.
- (3) Students must give permission for programs to use their information for data match.
Codification Notes: “AIDS” means acquired immunodeficiency syndrome. "HIV" means human immunodeficiency virus. This section as promulgated prior to codification into the Code of Arkansas Rules provided as follows: "INFORMATION/RATIONALE: The purpose is to follow the Family Educational Rights and Privacy Act (FERPA) policy and ensure that learners' rights to confidentiality of personal information are protected and that all staff and volunteers understand their respective roles in relation to confidentiality and data protection." "EFFECTIVE DATE: DECEMBER 31, 2017"