CREST Practitioner Security Analyst (CPSA) Practice 2025 - Free CPSA Practice Questions and Study Guide

The Family Educational Rights and Privacy Act is commonly referred to as FERPA. This federal law was enacted to protect the privacy of student education records and provides specific rights to students and their parents regarding access to these records. Under FERPA, educational institutions must obtain written consent from students or parents before disclosing personally identifiable information from education records, ensuring the confidentiality of sensitive data related to a student’s educational experience.

In contrast, the other options refer to different acts with separate focuses: FISMA, or the Federal Information Security Management Act, pertains to the management and protection of federal information systems; GLBA, or the Gramm-Leach-Bliley Act, deals with financial privacy in the banking and financial sector; and HIPAA, the Health Insurance Portability and Accountability Act, is centered around the protection of health information. Thus, only FERPA is involved with the rights and privacy of educational records, making it the correct choice.