As learning environments steadily move toward digital curriculum, protecting student data privacy becomes more and more critical. In fact, K12 school districts who receive government funding must demonstrate they comply with regulations related to the privacy of their students’ data, which can be a tedious and difficult task.
To ease the process for school districts, Identity Automation has earned three new certifications: the FERPA Certification, COPPA Safe Harbor Certification, and California Student Privacy Certification. Each of these certifications were issued by the Internet Keep Safe Coalition, or iKeepSafe, an experienced privacy protection organization.
Essentially, these new certifications ensure our Identity and Access Management (IAM) solution, RapidIdentity, meets proper compliance with federal and state-specific laws around student data privacy. For this blog, we will focus on two major federal mandates: the Family Educational Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA).
What are COPPA and FERPA?
Before we discuss the details of the certification process, we first need to understand what these laws mean, and why they were enacted by Congress. Passed in 1974, FERPA is a federal law that protects the privacy of student education records. In particular, this regulation is concerned with personally identifiable information, or PII, in student records, and bans third parties from using this data without parental consent.
FERPA applies to all schools that receive funds under an applicable program of the U.S. Department of Education (DoED). The law gives parents or eligible students access to their appropriate education records, an opportunity to amend the records, and some control over the disclosure of information from the records.
Similarly, COPPA is a federal law surrounding to the collection of personal information from children under the age of 13 and is regulated by the Federal Trade Commission. It requires operators to publish clear privacy policy notices whenever personal information is being obtained and to disclose any personal information that is collected to a child’s parents.
COPPA applies to websites, applications, and online social media providers and requires that these entities obtain appropriate parental consent before attempting to gather information from students and children covered under the act. The law gives parents the right to revoke their consent, as well as to have any applicable information deleted from the site or application. COPPA requires that proper care is taken to ensure the confidentiality, security, and integrity of all information obtained from the children.
Why is Certification for Student Data Privacy Important?
Identity Automation has always been committed to protecting student data privacy and ensuring comprehensive security and privacy guidelines that support COPPA and FERPA's objectives are maintained. Earning iKeepSafe’s COPPA, FERPA, and California Student Privacy Certifications is the next step in extending these efforts and commitment.
Identity Automation chose to drive efforts towards earning iKeepSafe’s certifications, particularly FERPA and COPPA, due to Identity Automation’s strong presence in the K12 industry. K12 school districts who receive government funding must demonstrate they comply with regulations related to the privacy of their students’ data. This is important as RapidIdentity is used by thousands of students in school districts nationwide, and the majority of these districts receive government aid.
The new certifications verify RapidIdentity’s compliance with their respective federal and state mandates, which make it easier for RapidIdentity customers to demonstrate compliance during their audits. It’s important to note that the certifications are not actually required of Identity Automation, however, Identity Automation is taking extra steps to go above and beyond in ensuring it’s easy for school district customers to demonstrate compliance while utilizing Identity Automation’s tools and services.
“These certifications allow school districts to feel safe and secure using our software to help them overcome their IAM challenges and enable digital learning,” stated Thomas Loving, Identity Automation’s Cyber Security Manager, adding: “It’s important they know we take those controls and policies seriously.”
Before receiving these certifications, assisting school districts in ensuring proper compliance with COPPA and FERPA regulations was manual process. Identity Automation worked with each school district individually, submitting documentation to provide the government an understanding of RapidIdentity and whether it fell within compliance and regulatory requirements.
For current and future customers moving forward, Identity Automation will simply provide school districts documentation of the earned iKeepSafe’s FERPA, COPPA, and California Student Privacy Certifications, as applicable.
What Does it Take to Get Certified?
For the certification process, Loving explained he had to demonstrate that Identity Automation abides by the controls and conditions held in each of these regulations on a consistent basis, which took approximately six months.
iKeepSafe was provided access to RapidIdentity for a thorough review in order to prove those policies and controls are in place. To remain certified, Identity Automation will work with iKeepSafe on an annual basis to ensure compliance.
Extending Our Commitment to Student Data Privacy
By getting independently certified, Identity Automation is providing validation of RapidIdentity’s seamless fit into K12 programs from a security standpoint. These certifications prove Identity Automation follows the requirements set forth by FERPA, COPPA, and California-specific student privacy laws.
However, Identity Automation goes above and beyond these requirements by keeping students protected and parents notified about what it is we do with student data.
Read more about the announcement in our press release.
Comments