Moodle - FERPA compliance
The Registrar's office would like to see a Moodle configured with a few settings in order to meeting the established university FERPA compliance. Here is the list of setting (below are the details of how to make the settings.)
Registrar's suggested setting for FERPA compliance in Moodle when roster information is available through the CRIS data service.
- Set a Site Policy A site policy implies that all users view, read, and agree to the privacy responsibilities and rights established by the university in order to meet FERPA compliance.
- Limited access to a student's full name Full Names of students are only available to those in the same course. This includes limiting access to forums and blogs to people who share a course.
- Upload an html file that will be used as the content of the Site Policy page. Use the attached file policy.html. It contains the Registrar's FERPA information clause.
Site Administration ► Front Page ► Site files
- The policy URL can point to anywhere - one convenient place would be a file in the site files. eg http://yoursite/file.php/1/policy.html
Site Administration ► Security ► Site policies Site Policy URL: a site file with the Registrar's FERPA information clause.
- Update permissions on Guest role to comply with FERPA
FERPA mandates that we protect enrollment information, even if the student hasn't requested additional protection. So, guest access should not be able to see anything that has a user name tied to it. This means you have to take out permission to view things like forum posts, and user details.
Administration ► Users ► Permissions ► Define roles Guest role Edit Permissions: moodle/user:viewdetails : Prohibit moodle/blog:view : Prohibit mod/chat:chat : Prohibit mod/data:viewentry : Prohibit mod/forum:viewdiscussion : Prohibit
- Limit access to a users blogs to only those who share the course
Site Administration ► Security ► Site policies Blog Visibility: Users can only see blogs for people who share a course