Data Security for FERPA Regulations

The Family Educational Rights and Privacy Act of 1974 (FERPA) is a United States federal law that regulates the use and disclosure of student education records. The law gives parents and students access to education records, allows corrections to be made in cases of inaccuracy or misleading information, and regulates the disclosure of records between entities.

According to, more than three million student records have compromised since 2010 as a result of hack attacks or lost, stolen or missing files. This unauthorized disclosure of personally identifiable information (PII) puts students at risk of identify theft and educational institutions at risk of FERPA non-compliance.

Specific data security requirements are not laid out under FERPA, however there are guidelines that require institutions to verify the existence of sound data security and data stewardship plans. One way to prove sound security and stewardship is through data encryption. Protecting PII through encryption and storing the crypto keys in a separate, secure vault renders the data unusable and indecipherable to unauthorized individuals and enables institutions to claim “safe harbor.”

Gazzang zNcrypt™ can be applied easily, quickly, and economically as a solution for data privacy and security guidelines defined within FERPA. Through AES-256 encryption, advanced key management, and process-based access controls, zNcrypt provides transparent data encryption for any database or application running on Linux, including big data environments.

Sending PII via email is risky for both the sender and receiver, especially if that transmission is not encrypted. In addition to securing zNcrypt keys, Gazzang zTrustee™ allows educational institutions to securely transfer sensitive data to authorized parties. This solution enforces a broad range of policies for object authorization, expiration, revocation and retrieval limits, with detailed logging and reporting on all activities associated with these policies.