Maintaining FERPA Compliance while working from home

Educators are used to maintaining the confidentiality of student data. Under The Family Educational Rights and Privacy Act (FERPA) it’s required that schools and districts protect the privacy of their student educational records. When it comes to working from home, this still applies. All educators should practice confidentiality and security of their documents whenever possible. Here are some tips for maintaining FERPA compliance while working from home.

There is an ancient Chinese proverb “May you live in interesting times”.  These last few weeks have been very interesting. As we get used to online teaching, let’s take time to review how to stay safe in cyberspace. 

Controlling your environment for FERPA compliance

Now that we’re all working from home it’s easier to ignore the common best practice guidelines for security. After all, we all like to think that our houses are pretty secure. However, as educators we still have to actively think about maintaining the security and safety of our student data or internal conversations.

Don’t leave documents unattended or in view

When working from home you might be working with student data, records, or other forms of identifiable information. Maybe you’re helping your campus principal, or just reviewing a students’ IEP. Whatever it is, make sure you secure it just like you would on campus. Your partner, roommate, or even your child might be trustworthy sources for you, but by leaving information out in the open you could unknowingly violate FERPA requirements by allowing them access to this data.

Keep your devices locked when unattended.

This means setting a password on your phone, computer, tablet, or whatever else you might be using for work. If your locked screen previews new messages or emails, contact your district’s IT help desk to learn how you can hide them.

By setting your devices to be locked while unattended, you prevent anyone from accessing your files, making changes, downloading or uploading any private information from your school district or campus.

Make sure confidential conversations cannot be heard.

It’s hard enough having multiple members of your family or household work from home at the same time. It can feel stressful just trying to find a space to host your meetings where the other can’t be heard. However, it’s important to remember that all confidential conversations or digital meetings should take place somewhere they can’t be heard.

This might mean shifting your work setup or asking a partner or roommate to leave the room while on this call, but it’s important part of FERPA compliance that all confidential conversations you have remain that way.

Keep your work and personal business separate.

When we’re working from home, we can easily lapse into bad safety practices. We might take a phone call with our personal phone, or attend an online meeting with our personal computer. It’s important to, whenever possible, separate your personal life from your business life. This also includes making sure not to download any sensitive or confidential work documents to your personal devices.

Review your district’s acceptable use of technology policies to make sure you’re not violating internal policies. It’s also important to use any processes your district currently has in place to secure documents or upload secure documents. This ensures that no sensitive data is left on your personal devices.

Log off all work devices and platforms at the end of your day

Make sure that nobody can access your work devices and communication platforms once you’re done for the day. This might mean closing out of your email application, a communication platform like Slack or Microsoft Teams, your Zoom account, and others.

By logging off each day, not only do you set healthy boundaries between your personal and work life, you also ensure that nobody can access your emails, messages, chats, or any other sensitive data. The easiest way to do this is by keeping all of your work information on a work computer that’s password protected. By password protecting this computer, all you have to do at the end of the day is shutdown or logoff your computer to ensure everything is secure.

Controlling your Internet Access for FERPA compliance.

As we all shift to working from home, we’ll have to move our communications to our own personal home wireless networks. It’s important that all educators still check in with their district’s IT department to determine ways to safely connect to your work networks, even while working from home. If this isn’t possible, it’s important to practice web security best practices like ensuring your home Wi-Fi network is protected, and to avoid connecting to public Wi-Fi spots.

Turn off automatic Wi-Fi Connections

An easy way to ensure that you’re always connecting to secure or trustworthy Wi-Fi connections, is to turn off automatic Wi-Fi connections on your devices. By default, many devices will have this turned on, prompting you to opt into the networks you’d like to connect to. By doing this you avoid connecting to public Wi-Fi’s or unsecured networks.

Connect through your company’s VPN while on unsecured Wi-Fi networks

To ensure FERPA compliance and make sure nobody is gaining access to your sensitive student data, connect to your district’s VPN while on unsecured networks. Ask your district for step-by-step guides to connecting. If your district has no VPN, avoid connecting on unsecured networks in general.

Practice web security best practices

Only access websites you trust, don’t click on suspicious emails, attachments, or links that are sent to you, and practice the general best practices in web security. If you do suspect a security issue, disconnect from your network immediately and contact your IT help desk for help. Make sure to forward any suspicious emails you receive to your IT contacts as well.

Just like you should do any and everywhere, make sure you keep your device and account passwords secret. Don’t share them with anyone, including partners, roommates, coworkers, or even your own children. When possible, use password generators to create unique passwords for each and every account or device you access regularly.

While we all hope for the threat of COVID19 to pass quickly, educators of all types are in urgent need of using online technology. By practicing these tips every single day, you’ll ensure that you maintain FERPA compliance and keep all of your student and district data safe and secure.