Student educational records are protected under the Family Educational Rights and Privacy Act (FERPA). FERPA is the primary federal student privacy law protecting student education records and the student PII they contain from unauthorized disclosure (20 U.S.C. § 1232g; 34 C.F.R. § 99). FERPA applies to educational institutions receiving federal funding. Due to the US Department of Education’s (DoE’s) distribution of federal funds to the vast majority of educational institutions, FERPA applies to a wide range of education services providers.
tawk.to is committed to protecting the privacy and security of clients’ data. It includes our privacy practices and technical security measures to help our educational institution clients ensure that they are compliant with FERPA. While FERPA does not require or recognize audits or other certifications, any academic institution that is subject to FERPA must assess for itself whether and how its use of a cloud service affects its ability to comply with FERPA requirements. FERPA classifies protected information into three related, but distinct categories: Education records, PII (FERPA PII), and Directory information, which is a subset of FERPA PII. FERPA’s requirements and protections vary for each information category. However, FERPA generally requires covered educational institutions to:
tawk.to has in place the following protocols that assist the educational institution clients with FERPA compliance:
Exceptions to FERPA’s Prior Written Consent Rule
FERPA contains several statutory exceptions to the rule requiring written consent before disclosing a student’s education records or FERPA PII. The most relevant exceptions to education service providers include:
health or safety emergencies (20 U.S.C. §1232g(b)(1)(I); 34 C.F.R. §§ 99.31(a)(10), 99.36); or treatment purposes, assuming the disclosures satisfy the HIPAA Privacy Rule if disclosed to a HIPAA covered entity (20 U.S.C. § 1232g(a)(4)(B)(iv); 34 CFR § 99.3).