THE INFORMATION IN THIS ARTICLE APPLIES TO:
- EFT version 6.x and later (including MIX/Hosted)
Is the Mix environment FERPA compliant (Family Educational Rights and Privacy Act of 1974)?
Our Managed Information Exchange solutions are all built upon the Globalscape EFT framework, which facilitates the highest levels of compliance with government
and corporate security policies and privacy regulations, including PCI DSS, FIPS-140-2, HIPAA, and SOX.
While FERPA is not one of the acts that EFT is specifically tested against, an examination of the FERPA requirements outlines that EFT more than meets the compliance requirements for FERPA in how it is built and operates; however, the specific way the data is handled by authorized users is a more applicable question.
Users that are defined on the system need to be educated on the policies and procedures required for them to follow, and it needs to be ensured that all users have only access to the area of files they require access to. The system will maintain compliance with FERPA as long as the correct user permissions are applied to the files and folders, and the users treat the content they have access to with the appropriate care. A full auditing and reporting capability is built into MIX such that you can tell at any time if improper handling of information has occurred.
The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
FERPA gives parents certain rights with respect to their children's education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are "eligible students."
For details of FERPA, refer to http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html.