Safeguard student PII while empowering your educational institution’s growth.
The United States' Family Educational Rights and Privacy Act (“FERPA”) is a federal law designed to protect the privacy of student education records. The Act applies to educational institutions and agencies that receive funding from the U.S. Department of Education, including public schools, colleges, and universities. FERPA aims to ensure that student information is safeguarded by granting parents and eligible students essential rights to access, review, and request corrections to education records, as well as control the disclosure of a student's personally identifiable information (“PII”).
Organizations subject to FERPA store student PII on a cloud services provider (“CSP”) generally focus on the following requirements of its CSP processing such information:
The Company provides security and privacy features intended to support educational organizations with their internal FERPA compliance and assessment efforts. The information in this section describes certain capabilities, tools, and transparency resources available through the Company’s services and is provided for informational purposes only. These features do not constitute a representation or guarantee of FERPA compliance.
Customers are responsible for evaluating whether the services they deploy are configured, monitored, and governed in a manner appropriate for their compliance obligations. Customers may access additional information and supporting documentation to assist in their further evaluation of the following areas:
While DigitalOcean protects data center access and the infrastructure control panel, customers are responsible for managing team members, SSH keys, and individual user permissions within their deployed applications.
DigitalOcean provides hardware-level encryption and platform isolation. Customers are responsible for encrypting PII at the application level and managing their respective encryption keys.
DigitalOcean provides foundational tools for data storage and deletion. Customers must implement internal policies to determine when student records should be archived or destroyed.
The Higher Education Community Vendor Assessment Tool (HECVAT) provides a standardized framework for evaluating a vendor’s security and privacy posture. Please visit our Security and Certifications Center to access DigitalOcean’s HECVAT in order to determine if the appropriate safeguards are in place for your institution.
From GPU-powered inference and Kubernetes to managed databases and storage, get everything you need to build, scale, and deploy intelligent applications.
