John Jennings Digital and Social Media Manager Tweet Watch the Video Prefer to read it? Here's the transcript: 1974. That’s the year the Family Educational Rights and Privacy Act, more commonly known as FERPA, was introduced. You know what else happened that year? The human population reached 4 billion, Hank Aaron hit his 715th home run, and the book “Jaws” by Peter Benchley stayed on the best seller's list for 44 weeks. So what’s our point? 1974 was a long time ago. Yet, somehow, FERPA remains the guiding piece of legislation protecting the privacy of student education records. How can that be? Just think about how much has changed in the past 40 years! Once upon a time, “education records” consisted of papers on desks and in file folders. There were enrollment forms, report cards, transcripts, and disciplinary records stacked high and filed deep. The office employees responsible for safeguarding these records did the best they could to keep them private and in order, but records like these aren’t easy to manage, and paper, by nature, can be difficult to keep out of sight. That’s one of the reasons why, as technology continues to take over, schools are moving to digital student records. After all, a line of binary code should be much easier to keep secure than stacks of papers. Although security measures are improving, there is still a question we must ask ourselves – are we doing enough to ensure that student information is adequately protected in the digital age? With the emergence of cloud technology, the comfort of actually seeing the security precautions in place is not always there. Instead, schools rely on cloud providers to do their part. That’s why it’s more important than ever for school technology leaders to carefully research the companies they’re doing business with. Reputable technology providers will wrap their applications in multiple layers of security to keep prying eyes away. The majority of school districts right now are collecting and storing student data through a combination of old-school paper records, data servers, and cloud technology. But security is only one consideration. Perhaps just as important is the question of accessibility. It should be easy for anyone who works for the school to access data, right? Wrong! According to FERPA, the only people who should ever access these records are those who have a “legitimate educational interest” in the students’ information. While the interpretation of “legitimate educational interest” is ultimately left up to the school district, a good rule of thumb is that teachers should only be able to pull up educational records for students that are currently enrolled in their classes, coaches should only be able to see those that are currently on their rosters, and so on. Therein lies one of the main challenges associated with the sharing of student data. At the end of the day, school districts need to keep student information secure and remain compliant with FERPA. To do that, they must follow four fundamental steps: Make sure adequate physical safeguards are in place. Hold edtech companies and cloud storage providers accountable for strict adherence to privacy and security standards. Maintain internal controls limiting data accessibility to those with a legitimate educational interest. Effectively communicate these privacy and security strategies internally and throughout the surrounding community. This is a lot to chew on, and it’s really just the tip of the iceberg. But for now, we’d like you to think about a scenario. Imagine you’re talking to a parent at your school about the latest big box store to suffer a data breach. The parent turns to you and asks, “What are you doing to protect our students’ data?” Do you know? What would you say? As of November 2015, 46 states introduced 182 bills addressing student data privacy. 15 states passed 28 new student data privacy laws. Proposed revisions to FERPA were submitted to a congressional committee in July 2015. For more information on Skyward's commitment to helping you protect your students' data, read the white paper or contact us today.