COMPLIANCE > FERPA
US schools in spotlight
post secondary institutions
in the US
U.S. Department of Education's
annual budget
cost of data breach
in education sector
The Family Education and Privacy Act (FERPA), also called as the Buckley Amendment, is a U.S. law enacted to protect the privacy of student records. Educational institutions collect and use student information for various purposes, but under FERPA, students and their parents have rights to:
This law applies to all schools and colleges that receive funding from the U.S. Secretary of Education. Non-compliance doesn't just risk reputational damage; it can also result in loss of federal funding. As a solution naturally designed to safeguard your corporate data and ensure privacy, Endpoint Central is perfectly equipped to help institutions meet FERPA requirements. It helps organizations comply with multiple global privacy laws, such as GDPR, CCPA, POPIA, and DPDPA, while ensuring the highest standards of data protection for your student records.
Endpoint Central simplifies managing sensitive data in educational institutions. Its Data Leakage Prevention (DLP) features identify and classify Personally Identifiable Information (PII) and prevent unauthorized uploads to clipboards or public cloud platforms, ensuring proactive data security.
With ransomware attacks on K-12 schools doubling between 2022 and 2023, Endpoint Central provides advanced anti-malware and anti-ransomware protection. Its non-erasable backup solutions ensure quick recovery, safeguarding your data and operations.
Gain real-time visibility across your endpoints with Endpoint Central's DPO Dashboard. Monitor compliance, track endpoint activity, and strengthen cybersecurity effortlessly, ensuring both FERPA compliance and robust data protection.
Under FERPA, directory information means information contained in an education record of a student that wouldn't generally be considered harmful or an invasion of privacy if shared. This may include:
The student's name, address, and phone number.
Email ID, photos, date and place of birth.
Field of study, grade level, and enrollment status
Attendance dates, participation in school activities or sports, and athletic team details like weight and height.
Degrees, honors, awards
Most recent school attended.
However, directory information does NOT include details like:
Social Security numbers.
Student ID numbers, except,
In these two circumstances, they are considered Directory Information.
Under FERPA Subpart D, Section 99.37, educational institutions can share; Directory Information; without needing prior consent. However, the institutions must clearly define what qualifies as Directory Information and inform eligible students (those aged 18 or older) and parents publicly about this definition. If the parents or eligible students do not agree with this definition, they have the right to opt out by notifying the school in writing.
Personally Identifiable Information (PII) refers to any information that can directly or indirectly identify a student. This includes:
The student's name, and their parents' name or other family members.
Addresses - of the student or their family.
Personal identifiers such as social security numbers, student ID numbers, or biometric records
Indirect identifiers, such as the student's date of birth, place of birth, or a parent's maiden name.
Any combination of details that could reasonably allow someone within the school community, without direct knowledge of the student, to figure out their identity.
Information requested by someone who is believed to know the identity of the student in question already.
Subpart D of the FERPA act extensively deals about processing of PII and Directory information. Endpoint Central comes to rescue with these features.
Detect and classify Personally Identifiable Information (PII) with precision, while maintaining full control over data flows in your IT environment by setting policies for data transfers through cloud platforms and peripheral devices.
Restrict or block unauthorized external storage devices with ease. Define a trusted list of devices that end users can securely access on their endpoints.
Ensure sensitive data is accessed only by authorized users with robust permission controls.
Protect data at rest with industry-standard encryption tools like BitLocker for Windows and FileVault for Mac, ensuring maximum security for sensitive information.
Generate detailed reports to gain deep insights into your endpoint environment, supporting governance, auditing, and compliance efforts.
Monitor and track user access to critical endpoints through detailed logon reports, ensuring accountability and security.
Enforce Restrictions on the devices - Connecting to corporate Wifi, USB control, etc. Leverage Per-app VPN to securely access corporate data.
Separate corporate data from personal data on employee-owned devices (BYODs) to maintain data integrity and security.
Establish virtual boundaries for devices, ensuring data access is restricted to your office premises and protecting against unauthorized use.
Safeguard sensitive data by remotely erasing it from corporate devices in case of loss or theft, preventing potential data leaks.
Stay ahead of cyber threats with intelligent ransomware detection that flags unusual file movements and supports the creation of unerasable data backups.
Gain actionable insights into your IT landscape, including endpoint vulnerabilities, encryption status, devices nearing end-of-life, user access controls, firewalls, and more, to strengthen data protection and compliance efforts
"Endpoint Central has allowed us to move towards our goal of a centralized application to cover off IT support activities. The deployment was really simple with no real issues. We use it mainly for the integration with ServiceDesk Plus and the reports it provide for our ISO implementation"
Feel free to connect with our experts to address your specific queries and discover how Endpoint Central can assist you in meeting FERPA requirements.