(Newswire.net — March 29, 2020) — While FERPA (The Family Educational Rights and Privacy Act) was originally passed back in 1974, it has been amended nearly ten times since its original inception and new technology has had a drastic impact on how this law applies throughout the United States. Given these facts, it’s not hard to see why educational institutions frequently either don’t fully understand the law or know how it applies to the way they store student data.
Education IT services professional Adam Mahoney from Network Outsource in New York City shares some insights into FERPA.
What is FERPA?
FERPA is a federal law that stipulates parents have the right to:
-
Have access to their children’s educational records. The school can opt to either provide paper copies to parents (for free or for a fee) or allow them to inspect and review the records either on the premises or via a secure virtual storage system.
-
Seek to have their children’s records amended. If the school refuses to amend the record, the parent (or adult student) has the right to a formal hearing. If the school still refuses to amend the record, the parent or student has the right to place a statement in the record outlining the opposing point of view.
-
Control over the disclosure of personally identifiable information derived from said educational records. This control is actually limited, as schools can disclose what is known as “directory information” after informing parents of their intention to do so and allowing them sufficient time to request that such information remain confidential. “Directory information” includes a student’s name, address, phone number, date of birth, honors/awards, and attendance records. Furthermore, schools do not need permission to share a student’s personally identifiable information with school officials, officials from a school that a student is transferring to, parties evaluating financial aid requests from the student, accrediting organizations, law enforcement officials who have a valid subpoena, and local officials from the juvenile justice system. In certain health and safety emergencies, a school can share personally identifying information with appropriate authorities.
When a student turns eighteen or begins studying at a postsecondary educational institution, the above-mentioned rights transfer from parents to the student.
Schools are required to notify parents and eligible students of their FERPA rights every single year. This can be done by letter, via a PTA bulletin, or even via a newspaper article.
FERPA and IT Technology
Schools are required by FERPA to store student records almost indefinitely. Thankfully, cloud storage can make this monumental task far easier and more convenient than it would have been otherwise. Instead of printing out records and renting or leasing office space to keep them, educational institutions can simply rent cloud storage, increasing or decreasing the amount of space rented per month as needed.
However, storing files on the cloud puts student records at risk of being breached by a cybercriminal. It’s a common threat as the number of cyberattacks on schools tripled in 2019 alone. Many faculty members don’t have the training or IT expertise needed to keep a school’s IT system safe from sophisticated hacks; what’s more, the growing number of personal devices being brought on campus put schools’ IT network at risk as hackers can use third party devices such as private mobile phones to gain access to a school’s entire IT system if the system isn’t properly protected. A successful breach would put an educational institution in violation of FERPA as students’ personally identifiable information is leaked to the dark web, where it is often sold to nefarious third parties. Educational institutions that do opt to store student information on a cloud server should consider hiring an IT managed service to ensure the data cannot be accessed by unauthorized third parties. It’s also important to ensure staff members use basic best cybersecurity practices such as strong passwords, two-factor authentication, and locking down devices when leaving them unattended.
FERPA allows individuals to control their own or their children’s educational records. It also clearly outlines the responsibility of educational institutions to store student data wisely and securely. This is a huge task and using IT technology for the job brings with it both benefits and potential dangers. Educational institutions that use cloud servers need to work with IT experts and provide appropriate IT cybersecurity training to