Is your school’s IT infrastructure meeting expectations for FERPA compliance? Consider FERPA compliant hosting. 

Migrating school data to a secure cloud built by a FERPA compliant hosting provider may help significantly. But how should you first approach moving to the cloud?

The Family Educational Rights and Privacy Act (FERPA) is a U.S. privacy law designed to protect student education records, including PII (personally identifiable information), with administrative, physical and technical safeguards. Think HIPAA compliance for school records – because FERPA compliance rules are similar in nature.

To some school administrators, FERPA may seem like a barrier to migrating school records to the cloud. But, indeed, it is not. In fact, moving data to the cloud is a cost-efficient option that is both permitted by FERPA and supported by the U.S. Department of Education, which was itself an early cloud adopter in the federal government.

How Do You Move Forward?

Unfortunately, FERPA offers little guidance about selecting and managing relationships with secure cloud hosting providers. If you are an educational institution that is in the process of selecting a cloud hosting provider or deciding whether or not moving to the cloud is right for you, consider these five tips:

Choose to Keep Sensitive Student Records in the United States

While FERPA does not make distinctions based on state/ international lines, it’s important to remember that transferring PII and education records across international boundaries may be risky. Among the legal concerns, be aware that it is often difficult to enforce privacy laws outside of the U.S. and hold non-U.S. entities accountable for violations.

Write Compliance Language Into Your Contract

Ensure that your written contract or service agreement with your hosting provider is specific with regard to how the data is being safeguarded under FERPA.

Contract With a FERPA-Compliant Cloud Hosting Provider

Select a reputable provider who understands FERPA compliance and the importance of protecting PII from a potential breach. An experienced, compliant hosting provider will help you pass your FERPA audits, enabling you to do your job better.

Do Due Diligence on Security During the Cloud Hosting Provider Selection Process

Review all appropriate administrative, physical and technical safeguards that the provider may use to protect the data, including data destruction policies.

Use Best Practices

As you evaluate your needs, be sure to conduct a risk management assessment and make a list of security considerations such as privacy, legal and compliance issues that must be addressed.

Naturally, your school should also have prepared and implemented adequate information governance protocols with regard to FERPA and any additional applicable federal and individual state data privacy laws that may contain more stringent requirements for data protection (other than those set forth by FERPA). Always consult with your organization’s legal team to ensure that you consider and address all applicable regulations.

For more information, the U.S. Department of Education Privacy Technical Assistance Center is a great resource. Access the Frequently Asked Questions document on their site.

Inquire About Our FERPA Compliant Services. Complimentary Consultations Available!