FERPA 101: How to Keep Student Data Safe and Secure

Data privacy and security are probably destined to always be hot-button issues when it comes to storing information online. Even more so when that data is connected to children and teenagers. That’s why the federal government created the U.S. Family Educational Rights and Privacy Act, or FERPA. It imposes strict requirements on how electronic student records are stored and protected—and dictates who can and who cannot get their hands on them.

FERPA applies to all schools, public or private, that receive funding from the U.S. Department of Education—that includes K–12 schools as well as colleges, universities, trade schools, and vocational schools. The regulation gives parents or guardians the right to control who sees their child’s educational records, as well as the right to review the records and correct inaccurate information. The student gains control over the records at age 18 or upon enrollment in college.

A school can only disclose personally identifiable information (PII) from a record to third parties if they obtain written permission from the parent or eligible student. PII isn’t just the student’s name or ID number, either—it includes what are considered “indirect” identifiers such as date or place of birth or disciplinary records.

Like many other government regulations, there’s no formal compliance auditing or certification process. It’s left to the schools and universities to ensure that their IT systems and practices are FERPA-compliant. Mercifully, the Department of Education has established the Privacy Technical Assistance Center (PTAC) with online documentation, webinars, and videos to help schools get familiar with FERPA and inform education IT professionals on security best practices and FERPA compliance. An online Data Security Checklist highlights 17 “essential components that should be considered when building a data security program”—such as policy and governance, physical security, secure configurations, network mapping and authentication.

Wasabi Aids FERPA Compliance

Here’s why we care: Schools can rely on Wasabi hot storage to store and maintain electronic student education records in accordance with FERPA regulations. Our cloud storage service is engineered to ensure the protection, privacy, and integrity of customer data. It’s built and managed according to security best practices and standards, with U.S. Department of Education PTAC data security guidelines in mind. And the Wasabi Terms of Use agreement ensures that institutions maintain exclusive ownership of electronic records are required by FERPA.

Unlike legacy cloud storage services with confusing storage tiers and complex pricing schemes, Wasabi hot storage is easy to understand and implement, and cost-effective to scale. One product, with predictable and straightforward pricing, supports virtually every cloud storage application for academic institutions, including:

• Low-cost primary storage for on-premises or cloud-based workloads
• Economical secondary storage for backup, disaster recovery in the cloud, or data migration initiatives
• Affordable and reliable archival storage for long-term data retention

Wasabi takes a “defense-in-depth” approach, employing multiple layers of security for ultimate protection in accordance with PTAC recommendations. We ensure the physical security of our data centers; institute strong authentication and authorization controls for all cloud compute, storage and networking infrastructure; and encrypt data at rest and in transit to safeguard confidential student information.

And Wasabi isn’t just for safely storing electronic student records. It’s ideal for a wide variety of education applications, such as content management systems; digital education and online learning materials and video files; big data for academic research; campus security video; digital media for sporting events, fine arts performances, and speaking events; and student and business analytics.