Family Educational Rights and Privacy Act (FERPA)
The Family Educational Rights and Privacy Act (FERPA) was enacted to control student educational data, and it applies to all educational organisations in the United States that handle student data. Any public or private school, as well as any state or local education institution, must operationalize and verify compliance by safeguarding children’s data and preventing a data breach.
The Act defines terms for the use of data about students, protects the privacy of student education records, and ensures the security of their information technology (IT) solutions
Essential
FERPA imposes certain requirements on school systems receiving federal funding:
- Eligible students (high school graduates or age 18+) or parents of minor students have the right to inspect and review their educational records maintained by the school.
- Parents or eligible students may request a correction to records they believe are inaccurate or misleading, and have the right to a formal hearing if the request is denied.
- Schools may not release any information on a student without written consent from the parent or eligible student, with a few exceptions such as between schools or with financial aid parties.
- Schools may release “directory information” (name, address, birthdate and place, phone number, etc) without consent, but must inform the parent or eligible student with enough advance notice to request the school not disclose this information.
Challenges
The following are the issues created by FERPA laws that the majority of organizations face:
- The The education system collects massive amounts of student data but lacks the capability to comply with privacy and security rules for the regulation.
- Manually managing data mapping and inventory to provide adequate security based on the risk related to the respective data collected.
- School systems lack the capacity to identify data related to specific students and comply with federal law requiring that parents and eligible students be able to access their full records.
Solutions
-
Our AI-based, patented solution, TurtleShield DD (Data Discovery and Intelligence) discovers all personal and sensitive data in structured and unstructured data systems across on-premises and multi-cloud environments. It enables organizations to inventory & map their entire “Data footprint”, enabling them to protect what matters the most.
Often, organizational silos between business and IT teams make it difficult to get a complete view of data flowing in and out, especially when shared with third parties or partners. TurtleShield DD automatically maps your “data sharing” to provide clear visibility and actionable insights.