The Family Educational Rights and Privacy Act (FERPA) is one of the strongest privacy protection laws in the United States. Educational records fall under the protection of FERPA, which defines educational records as any and all records a school or educational agency maintains about students.
The Children’s Online Privacy Protection Act (COPPA) also governs student data privacy from the perspective of security when engaging with cloud services.
What does this mean for childcare businesses? It means you are considered an educational agency and all records kept on the children in your care are considered educational records per FERPA, and are required to be kept according to FERPA requirements. Any cloud solution you use must meet COPPA requirements.
FERPA has published a list of the types of records that fall under its purview. The list includes printed and handwritten documents, video and audio files and recordings, microfilm, and microfiche with the following information.
While your facility may not create, collect or maintain all of this information, you are required to keep anything that is considered an educational record private and secure.
For a preschool that includes immunization records and emergency contact information along with all other information about each child and its parents. Afterschool care must secure information about the classes each student has taken or is taking currently. A day camp must keep all information private about the kids who participate in the camp.
Any institution that could be termed an educational agency or school must meet the data privacy and security requirements.
FERPA prohibits the disclosure of personally identifiable information by the school, typically part of the educational records. The only way the information may be released is if the school asks parents or guardians to sign and date a written consent for that release. The only time a release is not required is if a FERPA exception applies.
COPPA covers the operators of websites and online services targeted at children age 13 and under, as well as operators of general audience websites or online services that know one or more users are under the age of 13. If a school has a contract with a cloud-based provider that, in turn, uses student data for marketing, the school may violate COPPA.
The law allows for certain exceptions to the rule of obtaining parental signatures and permission to share information. Schools may release information to specific agencies or parties. There are also a few circumstances under which the information may be released.
Any party requesting student educational records outside of these exceptions must obtain the written permission of the parent or guardian of the student in question.
The law allows information to be disclosed through a directory, including such data as the student’s name, address, phone number, date and place of birth, honors and awards, and attendance dates. The school must allow parents sufficient time to opt out of such disclosure before making the information public.
Since the facility must notify parents of their rights under FERPA annually, educational facilities often notify parents at the beginning of each school year and provide an opt-out form with other back-to-school documentation.
Between the alarms raised by parents who were unaware of student data aggregation and the multiple data breaches that have been in the news, the question of security is of paramount importance to daycare, preschool, afterschool care, and camp facilities.
The good news is that cloud-based childcare management software solutions, such as EZChildTrack, are some of the most secure networks available to keep educational records and student data private.
A cloud-based system stores no information on any device used by an educator or staff person employed by an educational facility. The solution is accessed with secure passwords and other safety protocols via a web browser. As long as the user is not logged into the system, the data cannot be lost through the theft of a device.
Also, unlike decades past, there are no boxes, files, or binders with private information available to steal from any facility. No data resides on the hard drive or memory card of an electronic device such as a laptop or smartphone. If a break-in occurs and electronics are taken from your facility, you do not need to worry about a data breach by hackers using stolen devices.
All student data securely resides at the data center used by the software vendor. Multiple physical and electronic features protect these data centers from firewalls to guards. The data is encrypted as it passes from the device to the database, making it virtually unhackable.
Unless you or your staff deliberately release a student's information, it remains private.
As a daycare, preschool, afterschool care, or camp operator, your business falls under the umbrella term of an educational agency. The records you create, collect, and maintain on every student must be protected per FERPA and COPPA.
Implementing a cloud-based childcare management software solution is the easiest, more secure method of maintaining the privacy of the educational records you can choose.