Sharing Student Records: How to securely share files without compromising privacy 

WHAT IS FERPA? 

In 1974, the government enacted the Family Educational Rights and Privacy Act (FERPA) to support and promote the protection of privacy and reasonable governance of student records. Under FERPA, students have the following rights over their education records: 

  • The right to inspect and review their education records 
  • Governance over disclosure of their education records 
  • The ability to amend incorrect education records  

Any records, documents, files or other materials containing information directly related to a student and maintained by an educational institution are considered educational records and are protected under FERPA. While FERPA is similar to other federal privacy regulations, such as HIPAA, it does not outline specific security controls that institutions must comply with when handling student records. Yet, despite this lack of clarity, FERPA violations can be detrimental and schools risk loss of federal funding, negative publicity and a breach of trust between schools and their students.  

Education is one of the top three most breached data areas according to Privacy Rights Clearinghouse  

 

Throughout the academic year, schools are consistently communicating with parents and students about academics, grades, discipline, and, in the cases of higher education and private schools, financial aid. With thousands of educational institutions across the country transitioning to remote learning due to COVD-19, while privacy laws have not changed, school environments have. In an effort to accommodate remote learning, educators have adopted several new platforms and strategies for communicating with students including video conferencing (Zoom), Google Classroom, Blackboard, email and even social media. Now that remote learning is a significant player in the “new normal” of education, this communication (and the requisite data transfer) is taking place on a much larger scale.  

So, what is the best way to ensure educational institutions are securely sharing student records and information? 

 

GOING OLD SCHOOL

MAIL  

  • Pro: The surprise of getting a piece of mail other than a bill?  
  • Con: There is a reason it is nicknamed “snail mail.” If instant delivery is required, expect to pay a hefty overnight fee.  
  • Con: Not only is mail bulky, cumbersome, time consuming — its insecure  

FAX 

  • Pro: Fax can be highly secure, when using a digital solution. Leave the dated, paper-fed fax machines behind.  
  • Con: The end receiver — most parents and students lack easy access to send or receive fax.  
  • Con: The process can be quite cumbersome if needing to share information regularly.  

EMAIL 

  • Pro: Email is ubiquitous and is often the default for sending files because its fast, easy and convenient 
  • Con: The Department of Education has stated that email is not secure enough for sending certain student records and personally identifiable information.  
  • Con: Size limitations prevent the sharing of larger files. Large files also slowdown mail servers and increase mailbox size.  
  • Con: Email is easily compromised  

SECURE FILE TRANSFER  

How SFT differs from email   

  1. SFT is secure  
  2. SFT guarantees delivery 
  3. SFT is auditable  

Secure file transfer or managed file transfer solutions enable users to share confidential or large files and folders internally and externally with a simple email-like interface.  

Protecting data is the cornerstone of secure file transfer. Make sure that your school’s data transfer solution is encrypted. The entire transfer should be encrypted in-transit and at rest using AES 256-bit encryption. A two-factor authentication can be used when looking to obtain a higher level of security.  

Further, the success of a file transfer solution is dependent on its use. When you choose a solution that’s easy-to-use, adoption rates will increase. Solutions with intuitive interfaces that mirror common email programs require no training and one with multiple options to initiate a file transfer (web client, email plug-in, mobile app) makes it simple for users to operate across devices.  

There were 113 breaches involving educational institutions in 2019. Breaches involving educational institutions accounted for 7.6% of all security breaches and more than 2.2 million sensitive records were exposed. -ITRC 2019 Annual report

YOUR GUIDE TO MODERNIZED, FERPA COMPLIANT COMMUNICATION  

Make sure that your school’s data transfer solution checks the following boxes: 

  • Secure Email: Look for solutions that allow staff to send secure email as well as large files which can come in handy when exchanging financial aid and other sensitive personally identifiable information.  
  • Collaboration: Choose a solution that allows users to work together by providing secure workspaces where users can share files, comments and track activity history and have online discussions. File access privileges should be configurable so that certain users can only view files while others can create and edit them and custom notifications should be utilized to let others know when a workspace has been updated.  
  • Help out IT: Solutions with intuitive interfaces do not require extensive training or heavy IT involvement and SFT reduces the overall size of your Exchange server mailbox by encrypting and storing files on a secure server.  

There has been a 38% increase in the instances of phishing scams and other cybersecurity incidents – Global State of Information Security Survey 2017 (PwC) 

Many traditional methods used to share education records are not FERPA compliant. Therefore, it’s vital to have a secure, easy-to-use solution to share confidential information both externally and internally. The right secure file transfer solution will reduce the risks of compromised data, identity theft, privacy breaches, and loss of federal funding due to compliance. Furthermore, secure file transfer solutions offer the ease of use of email and the ability to audit all file transfer activity. Take control of securing private student information, become FERPA compliant, and provide better service to students and their proxies with secure file transfer. 

HOW WE CAN HELP  

Biscom Secure File Transfer (SFT)

SFT combines a secure email, large file transfer capability, and collaboration into one integrated solution. With Biscom’s SFT you can replace FTP servers, secure sensitive information sent via email, and reduce the attachment load on Exchange servers. SFT fully leverages the Microsoft Environment by using Active Directory and integrating with both Outlook and Sharepoint to send files. SFT can also be deployed in several ways including private-cloud (on-premises server) and private/public cloud (using Amazon Web Services and others). Users can access via a Microsoft Outlook/SharePoint plug-in, web client, or from their mobile devices. A secure back-end architecture includes three tiers — web, application, and data — for security and scalability. 

Biscom Could SFT 

Biscom Cloud SFT is a secure cloud file sharing and email solution that provides businesses with a way to send documents, large files, and email messages as easily as email but with embedded encryption and activity reports that enable you to meet your security and compliance requirements. 

If you’d like to learn more about how Biscom can help you with FERPA compliance, email us at [email protected].

Looking for more information?

Email us today to speak with one of our specialists.