Ferpa Compliance

Mandatory Regulations

The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. FERPA covers the release of a broad list of information about students, including grades, behavior, test scores, disciplinary action, etc. — and also how mandatory testing data are transferred to federal agencies and colleges. Regular FERPA Assessments are critical to ensure compliance with these established statutes.

Blurred Lines

Although protecting our childrens’ privacy is undeniably important, the lines that FERPA draws are not always 100% clear. There have been many instances related to the misapplication of FERPA, to conceal public records that are not “educational” in nature. And although FERPA violations do not expose an institution to private litigation, violations can and have damaged an institution’s reputation, and repeated violations can also lead to a catastrophic and debilitating loss in government funding.

Expert Guidance

Aerstone’s deep cybersecurity experience can help your institution protect itself against violations with our FERPA Assessments. Our services in this space are comprehensive, and include:

• Helping prepare mandatory annual privacy notices to students
• Structuring the implementation of an approved signed consent system
• Training faculty and staff on FERPA compliance
• Investigating compliance from potential third-party data consumers
• Conducting a security audit of current information systems, to ensure data protection