risks of not complying with cipa & ferpa
TRANSCRIPT
Privacy & Security Laws
What does compliance look like in education?
YOU SHOULD KNOW
You might’ve heard acronyms like CIPA, HIPAA and FERPA - but what do they mean? They’re different types of compliance
regulations that organizations must follow to make sure that student and staff personal data is safe and confidential.
FERPA Compliance Law
RISKS OF NOT COMPLYING WITH
In order to protect confidential information that is held on cloud servers, compliance regulations are mandatory for any internet infrastructure that offers data storage solutions.
BACKGROUND
Cloud data is constantly at threat from hackers with malicious intent as well as from users who leak sensitive information by error.
FERPA compliance is mandatory for federally funded academic institutions that serve under the U.S Department of Education.
The rules governing FERPA specifically regulate the disclosure of student information by academic institutions, to external parties.
By definition under FERPA, academic institutions are not allowed to disclose information pertaining to finances, grades, discipline, employment, and courses of any student.
The Family Education Rights and Privacy Act, FERPA, is an act that was implemented in 1974 under U.S Federal law. Its main purpose is to ensure the privacy of academic data for students in learning institutions across the United States.
FERPA Compliance
Academic institutions that are FERPA compliant are not allowed by law, to disclose records tostudents who are below 18 years. Where such is the case, the parents are recognized as theonly legal persons who can;
I. File a complaint against an institution that is FERPA non-compliant
II. Request for records to be changed where academic information is misrepresented
III. Review student records
IV. Approve information disclosure for a student’s academic records
However once a student attains the status of ‘eligibility’ at 18 years he or she reserves all the aboverights.
FERPA Compliance
FERPA exception for academic information disclosure is limited to instances where student information is required;
● In legal proceedings on issuance of a subpoena
● By other academic institutions where a student wishes to enroll
● To persons whose interest in specific information is purely educational
● As part of research on an academic institution
● In the event of safety or medical emergency
● In the event of drug abuse by an underage student
Risks and penalties of FERPA non-complianceWhere an academic institution is found to be violating the laws under FERPA either intentionally or unintentionally, consequences may include any of the following;
A. Dismissal of an academic official who is found responsible for information breach
B. Lawsuit from an eligible student of parent
C. Suspension from receiving federal funding or entire loss of funding for the academic institution
D. Fines of up to $1,000 or a jail sentence not exceeding 6 months or both
FERPA Compliance