Securing PII Under FERPA

With a vast amount of personal and private data available on networks throughout the world, it’s easy to understand just how necessary and important securing PII (personally identifiable information) is today.

Let’s look at student records and the FERPA-compliant world of higher education, for example. A student’s entire education file, filled with academic performance data and PII, can be frighteningly easy to access by a cyber criminal—especially if it is not secured properly within the college or university’s network.

A prominent source of potentially accessible information is educational records, which are required to be secure as mandated by a U.S. privacy law called FERPA. As a college student myself, I know it is extremely important to have ensured the safety of my information and personal records.  But what does the law require of my school?

FERPA, the Family Educational Rights and Privacy Act of 1974, is a federal privacy law that protects the privacy of student education records, including PII. Applicable to any schools that receive funds on behalf of the U.S. Department of Education, this law allows parents certain rights in terms of their children’s educational records. However, once a student either attends a school beyond high school or turns 18, these rights are transferred over to them.

This federal law allows parents or the eligible student the right to:

  • Request amendment to the educational record if an error is recorded
  • Inspect and review their academic record
  • Control disclosure of information

To think about it in another sense, FERPA compliance rules are essentially HIPAA compliance but for school records, since the privacy rules are similar in nature.

Naturally, all of this PII living on school networks is highly vulnerable to cyber theives. The law requires that the school exercise high compliance and take the necessary measures to secure that data properly. Therefore, a school’s IT administrator is typically responsible for choosing the appropriate IT infrastructure to support and protect the vast amount of private educational information. Through vulnerability testing and regular audits, the administrator must also ensure that the infrastructure is FERPA-compliant as well.

Because of this, some administrators view transitioning to the cloud as difficult. The FERPA compliance requirement may be perceived as a technical barrier. However, this should not be the case.

The cloud is, in fact, a cost-efficient option that is both permitted by FERPA and supported by the U.S. Department of Education. (Fun fact: In the federal government, this department was actually an early cloud adopter.)

Therefore, when a school IT administrator is planning a move to the cloud, it it is important to contract with a FERPA compliant cloud hosting provider who understands FERPA compliance and the school’s needs thoroughly. Protecting student PII from a potential breach should be a top concern. Choose an experienced, compliant hosting provider that will not only protect the school’s data but also work with the school to help it pass its IT compliance audits.

AISN is a prime example of a reliable company that has been securing PII for years and is able to meet all of those requirements. Contact us to learn more about our FERPA compliance and how we are helping schools protect data.


Alishia DuBois is pursuing an internship in AISN’s marketing/communications department.