How Schools & Universities Can Comply with FERPA

Techbuyer ITAD

IT lifecycle management presents different challenges across each sector. If you work in the education sector and are looking for ways to dispose of school IT equipment such as computer and laptop disposal, read on for a breakdown of the challenges and how IT asset disposal can be the ideal solution.

 

School IT 

From elementary schools right through to community colleges and universities, it is common to see frequent reassignment of computer and other devices to numerous constituent groups like administrators, academics, and students. School IT equipment holds an array of diverse information. If there is no room in the budget for replacement for instance, these data bearing devices must be erased in order to be redeployed.  

There are a few challenges unique to the education sector when it comes to protecting data, for instance; 

  • This sector is characterized by the free exchange of information 
  • Certain information, however, must be kept confidential  
  • Remote access is often required as students and parents need to access systems from home computers 
  • IT systems are well distributed, often across multiple campuses for instance.  
  • Significant shift in IT users each year due to graduation and enrolment  

It is clear that school IT equipment contains a wealth of highly sensitive information. When it is time to decide how to handle outdated devices, it’s hugely important to dispose of this equipment in a secure manner.  

 

FERPA 

One of the regulations with which schools must comply is FERPA. FERPA, or the Family Educational Rights and Privacy Act, is a federal law that protects the privacy of student education records. Education records are any materials (files, documents, etc) maintained by an educational institution, that contain information directly relating to a student.  

It’s evident therefore that educational institutions of all types will have a wealth of data, and unfortunately, it is for this reason that schools and universities are often targets for data theft. 

 

Risk of a Data Breach 

The risk of a data breach is high in the educational sector. Data that is held is not just student grades, but also student and employee Social Security numbers, employee bank account details and other personally identifiable information. The total average cost of data breaches in the education sector was $3.79 million this year.  

What sets the education sector apart from others is that it rarely incurs the costs that come from loss of customers following a data breach. The exact costs of the data breach depends on the amount of time it takes to identify and contain the beach, the extent of the breach, and the expenses incurred from notifying victims and settling lawsuits.  

The frequency of attacks and the scope of losses is increasing. In 2017, Washington State University suffered a data breach when there was a break in and thieves stole items including a hard drive that contained sensitive information on 1.2 million people, including research data plus private information like SSNs and medical history. The university just settled the class-action lawsuit for this data breach and it will cost them and their insurers $5.26 million.  

Unfortunately, it is a situation in which any institution might find themselves. Storing away this type of equipment clearly poses a significant data breach risk. Many schools and universities require a solution to dispose of old computers. For this reason, it’s important to have a plan for end-of-life IT equipment.  

 

IT Asset Disposal 

The best way to mitigate against the risk of a data breach of used IT is to select a trusted ITAD service provider for timely sanitization of data bearing devices and secure data destruction. 

Schools and universities should look for an ITAD service provider that is willing to work in partnership to help manage their IT assets throughout the ITAD process. Techbuyer is experienced, environmentally conscious, and R2v3 certified for complete safeguarding of educational data. We are also members of the National Association for Information Destruction (NAID), which sets industry standards for security, education, and ethical behavior. Our reputation is your reputation and we go above and beyond for complete data security, safety, and environmental best practices. Get in touch today to learn how we can help build an ITAD plan for your educational institution. 

Techbuyer ITAD