The Family Educational Rights and Privacy Act (FERPA), which sets out the law on students’ rights to privacy, and a vendor security assessment toolkit called HECVAT, are the subject of renewed focus in US universities. Higher education institutions are anxious to preserve student rights while also managing the growing mountain of data from the Covid-19-driven switch to virtual learning.
The cloud has become a popular storage point for many campus data managers, but with it comes scrutiny on the security of systems from potential third party vendors. The increase in data flow requires more stringent risk assessment, a role filled by HECVAT, a security evaluation toolkit used by universities when choosing new vendor partners. With efforts both to uphold student privacy and ensure security of their personal information, this article provides FERPA guidance and key facts on the role of HECVAT.