The Family Educational Rights and Privacy Act (FERPA) is a set of standards in place to help protect the personal information of students and their families. It applies mainly to educational organizations that receive certain kinds of funding from the U.S. Department of Education. If your online store works with these kinds of institutions, it may be necessary for you to meet FERPA compliance standards so the organization stays in good standing with the law.

What is the purpose of FERPA?

Created in 1974, FERPA is a set of regulations enacted to keep student records secure and private while also giving students access to their own records. Educational institutions that retain education records must give ultimate control of these records to the students they concern.

Most relevant for online stores that may have access to these kinds of records is the security piece. As an online store, you’re expected to have the right security in place to protect the personally identifiable information (PII) of your customers.

Why would you need to be FERPA compliant?

FERPA compliance applies to institutions and relevant vendors, which means if you sell textbooks, food, or other goods within the purview of a school, you’ll need to meet the requirements as set out by FERPA.

Compliance with the data protection regulations should be an afterthought for most stores. The same safeguards you’d put in place for FERPA compliance should already be achieved for PCI compliance. Protecting your customer’s data is so important to the health of your business that complying with FERPA regulations should be a no-brainer.

How do you achieve FERPA compliance?

To be compliant with FERPA, you should have a strong security protocol in place. Here are a few places you can focus your efforts to make sure your store is FERPA compliant.

• Data encryption and SSL certificates should be used to protect information storage and transmission.
• Your network should have a firewall and use network access security measures meant stop hacking or attacks.
• You should have an administrator who enacts access control policies and has the power to give or restrict employee access to certain types of data based on need.
• Hardware that stores data should be protected by antivirus and other third-party software as necessary. You should also have the power to wipe data from hardware like mobile devices or laptops remotely.
• Clearly communicate to people what kinds of information you’re storing about them and give them the ability to opt out of data collection for things like content personalization.

Work with your shopping cart software provider to see what FERPA compliance measures are already built into to your online store.