You might’ve heard acronyms like CIPA, HIPAA and FERPA - but what do they mean? They’re different types of compliance regulations that organizations must follow to make sure that student and staff personal data is safe and confidential.

1. Privacy & Security Laws
What does compliance look like in education?
YOU SHOULD KNOW

2. You might’ve heard acronyms like CIPA, HIPAA and FERPA - but what
do they mean? They’re different types of compliance regulations that
organizations must follow to make sure that student and staff personal
data is safe and confidential.

6. FERPA
Compliance Law
RISKS OF NOT COMPLYING WITH

7. In order to protect confidential
information that is held on cloud
servers, compliance regulations
are mandatory for any internet
infrastructure that offers data
storage solutions.
BACKGROUND
Cloud data is constantly at
threat from hackers with
malicious intent as well as
from users who leak sensitive
information by error.

8. FERPA compliance is mandatory for federally
funded academic institutions that serve under the
U.S Department of Education.
The rules governing FERPA specifically regulate the
disclosure of student information by academic
institutions, to external parties.
By definition under FERPA, academic institutions
are not allowed to disclose information pertaining
to finances, grades, discipline, employment, and
courses of any student.
The Family Education Rights and
Privacy Act, FERPA, is an act that was
implemented in 1974 under U.S Federal
law.
Its main purpose is to ensure the
privacy of academic data for students
in learning institutions across the United
States.
FERPA Compliance

9. Academic institutions that are FERPA compliant are
not allowed by law, to disclose records to
students who are below 18 years. Where such is the
case, the parents are recognized as the
only legal persons who can;
I. File a complaint against an institution that is
FERPA non-compliant
II. Request for records to be changed where
academic information is misrepresented
III. Review student records
IV. Approve information disclosure for a student’s
academic records
However once a student attains the status of
‘eligibility’ at 18 years he or she reserves all the
above
rights.
FERPA Compliance
FERPA exception for academic information
disclosure is limited to instances where
student information is required;
● In legal proceedings on issuance of a
subpoena
● By other academic institutions where a
student wishes to enroll
● To persons whose interest in specific
information is purely educational
● As part of research on an academic
institution
● In the event of safety or medical
emergency
● In the event of drug abuse by an
underage student

10. Risks and penalties of FERPA non-
compliance
Where an academic institution is found to be
violating the laws under FERPA either intentionally
or unintentionally, consequences may include any
of the following;
A. Dismissal of an academic official who is
found responsible for information breach
B. Lawsuit from an eligible student of parent
C. Suspension from receiving federal funding
or entire loss of funding for the academic
institution
D. Fines of up to $1,000 or a jail sentence not
exceeding 6 months or both
FERPA Compliance