Protecting Student Information in the Cloud
In the U.S., requirements for personal information protection extend to the education field and student personal information. The Family Educational Rights & Privacy Act of 1974 (FERPA) is a Federal law that gives students access to their education records, the ability to seek to have the records amended, and control over the release of the information to third parties. With some exceptions, schools must have a student’s consent prior to disclosure of personal data including grades, enrollment status, and billing information. The law applies to educational agencies and institutions that receive funding from the U.S. Department of Education.
Similar to Enterprise Management Systems in the corporate world, Student Information Systems (SIS) and School Management Systems (SMS) process massive amounts of data encompassing admissions, enrollment, scheduling, grading, communication, attendance, etc. Larger systems can include human resource information for staff, as well as student health records. As education budgets shrink, local school systems and colleges and universities all over the country are moving to the cloud for their information technology needs. And protection of student information per FERPA guidelines has become a key consideration in the transition, particularly with cloud-based SaaS applications that handle student records.
For higher education institutions, email services and CRM systems also come into consideration for the cloud. And FERPA, state laws, and laws regarding evidence preservation and electronic discovery must be factored into any cloud service provider contracts. Published in Information Security and Privacy News, “The Ivory Tower in the Cloud” discusses the information security and privacy legal implications for higher education moving into the cloud and describes results of recent trials of cloud computing services by universities and colleges. With PerspecSys, these organizations have the ability to move to the cloud. Our Cloud Data Protection Gateway can help school systems and universities solve the data privacy issue by allowing them to encrypt or tokenize protected information when it’s in the cloud.
Only PerspecSys Can Deliver:
- Cloud Data Protection – No data is shared in “the clear” outside of your network control; data is secured with field-level control based on user defined tokenization or encryption options.
- Tokenization and Industry Approved “Strong Encryption” – Organizations can select from an array of included tokenization or encryption options or utilize their own encryption approaches.
- Simple Configuration and Deployment – Administrative dashboard allows companies to easily configure their data protection policies and adapters provide connections with popular Cloud-based applications.
- Flexibility – The solution is designed to fit with the way organizations want to do business. For example, the Cloud Data Protection Gateway can be deployed in a variety of architectural configurations to meet an organization’s specific security needs.
Learn more about the PerspecSys Cloud Data Protection Gateway by visiting our Resource Center.