As the Common Core standards come into full swing, bringing computer-based standardized testing with them, many districts are finding themselves in a race to digitize their student records. As the era of snail-mailed report cards comes to an end, many districts are finding themselves navigating new terrain. Not only do districts have to make student records easily accessible for both students and administrators, but they also have to make sure they’re still keeping up with FERPA compliance.
This becomes even more of a mess when you consider that teachers and administrators often communicate with each other (and parents) through email, potentially setting themselves up for a data breach that could lead to a large FERPA violation.
FERPA compliance doesn’t have to be such a minefield. Through email encryption, student data can remain secure, and administrators don’t have to sacrifice an avenue of communication to do it.
A Brief Overview of FERPA
FERPA, or the Family Educational Rights and Privacy Act, was signed into law in 1974. The law established some ground rules for educational institutions that receive federal funding, giving parents the right to review, challenge, and consent to the disclosure of the education records of their children. Under the law, standardized test scores, health information, behavior reports and grades are all protected. Once students turn 18, however, they gain control over their educational records.
If a school’s FERPA compliance isn’t up to par, this doesn’t necessarily give parents the right to sue them. What it does do, however, is potentially threaten a school’s federal funding. If a school fails to achieve FERPA compliance after a set amount of time determined by the Family Policy Compliance Office (FPCO), then the school’s federal funding could be lost.
The Risk of Email
Although data breaches to financial and medical institutions are more likely to create big headlines, the education sector accounts for many breaches. Schools are entrusted with medical records, PII, transcripts, and IEPs (individualized education plans), not to mention any social services information or public benefits data. Clearly, email is a huge security hazard for students, with every outbound message presenting a potential threat to FERPA compliance.
Problems with Encrypting Student Info
While it isn’t technically necessary to encrypt student data in order to achieve FERPA compliance, FERPA does require schools to do everything in their power to protect student data. That means that if encryption was a viable option, then schools are heavily encouraged to use it — especially when it comes to email.
Unfortunately, this presents a difficult problem for schools, as email encryption portals and legacy solutions are often difficult to use. Then there’s the need to keep track of encryption keys across an entire district, something that would be next to impossible considering employee turnover and staffing changes.
How Virtru Can Help With FERPA Compliance
Email encryption doesn’t have to be difficult, nor does it mean that you have to sacrifice usability for security. Virtru provides true client-side email encryption that is easy to use, both for your internal senders (admins and teachers) and recipients (families). Virtru also doesn’t require you to use a special client or program, meaning that administrators don’t have the monumental task of convincing an entire district to abandon their current email addresses and clients in order to use a clunky portal system.
Don’t get caught in a FERPA compliance nightmare. Enable encryption today, and make sure that your students (and your teachers) are protected.
