As the Common Core standards come into full swing, bringing computer-based standardized testing with them, many districts are finding themselves in a race to digitize their student records. As the era of snail-mailed report cards comes to an end, many districts are finding themselves navigating new terrain. Not only do districts have to make student records easily accessible for both students and administrators, but they also have to make sure they’re still keeping up with FERPA compliance.
This becomes even more of a mess when you consider that teachers and administrators often communicate with each other (and parents) through email, potentially setting themselves up for a data breach that could lead to a large FERPA violation.
A Brief Overview of FERPA
FERPA, or the Family Educational Rights and Privacy Act, was signed into law in 1974. The law established some ground rules for educational institutions that receive federal funding, giving parents the right to review, challenge, and consent to the disclosure of the education records of their children. Under the law, standardized test scores, health information, behavior reports and grades are all protected. Once students turn 18, however, they gain control over their educational records.
If a school’s FERPA compliance isn’t up to par, this doesn’t necessarily give parents the right to sue them. What it does do, however, is potentially threaten a school’s federal funding. If a school fails to achieve FERPA compliance after a set amount of time determined by the Family Policy Compliance Office (FPCO), then the school’s federal funding could be lost.
The Risk of Email
Although data breaches to financial and medical institutions are more likely to create big headlines, the education sector accounted for nine percent of all breaches in 2013. Likewise, data from the CSID, a large security firm, shows that 50 percent of all colleges and universities submit protected student information through email. If colleges and universities aren’t securing their email, it’s likely that K-12 institutions are just as bad — if not worse.
Clearly, email is a huge security hazard, with every message carrying grades potentially a threat to FERPA compliance.
Problems with Encrypting Student Info
While it isn’t technically necessary to encrypt student data in order to achieve FERPA compliance, FERPA does require schools to do everything in their power to protect student data. That means that if encryption was a viable option, then schools are heavily encouraged to use it — especially when it comes to email.
Unfortunately, this presents a difficult problem for schools, as email encryption, especially using common methods such as PGP and S/MIME, is often difficult to implement. Then there’s the need to keep track of encryption keys across an entire district, something that would be next to impossible, especially when you consider that 20 percent of teachers quit per year, meaning that keys will be have to be almost constantly changed and shuffled.
How Virtru Can Help With FERPA Compliance
Email encryption doesn’t have to be difficult, nor does it mean that you have to sacrifice usability for security. Virtru provides true client-side email encryption without the need for key exchanges, or for the juggling of digital certificates. Virtru also doesn’t require you to use a special client or program, meaning that administrators don’t have the monumental task of convincing an entire district to abandon their current email addresses and clients in order to use a clunky portal system.
As Virtru is easy to use, parents can also communicate with teachers and administrators securely, plus once a student turns 18, Virtru can be used to rescind permission to previously sent emails, enabling students to have full control over who sees their records.