Family Educational Rights and Privacy Act (FERPA) Compliance on AWS

Overview

The Family Educational Rights and Privacy Act (FERPA) of 1974 was enacted to support and promote the protection of privacy and reasonable governance of student education records.

FERPA provides parents of students and eligible students:

  • The right to inspect and review their education records.
  • Governance over disclosure of their education records.
  • A mechanism to amend incorrect education records.

FERPA requires educational agencies and institutions to use reasonable methods to ensure the security of their information technology (IT) solutions. This may be achieved by hosting education records on cloud computing solutions. The law, in general, requires covered institutions and agencies to reasonably safeguard student education records from improper use or disclosure. FERPA defines “education records” as “records, files, documents, and other materials that are maintained by an educational agency or institution, or by a person acting for such agency or institution.” Education records also include any record that pertains to an individual’s previous attendance as a “student of an institution.”

Securing student record information, including students’ personally identifiable information (“PII”), is essential for educational institutions and vendors that provide them services which fall under the purview of FERPA and state student data privacy laws.

AWS implements physical and logical controls for internal services and provides customers with access to security, identity and compliance services to help them build solutions that comply with student data privacy requirements. AWS offers a comprehensive set of features and services to make encryption of PII easier to manage and simpler to audit, including the AWS Key Management Service (KMS). Customers with student data privacy compliance requirements have a great deal of flexibility in how they can leverage AWS to help them meet encryption requirements for PII.

Have Questions? Connect with an AWS Business Representative
Exploring compliance roles?
Apply today »
Want AWS Compliance updates?
Follow us on Twitter »