{"title":"This Is Going on Your Permanent Record: A Legal Analysis of Educational Data in the Cloud","authors":"Ben Cohen, Ashley Hu, Deisy Patino, Joel Coffman","doi":"10.1145/3675230","DOIUrl":null,"url":null,"abstract":"Moving operations to the cloud has become a way of life for many educational institutions. Much of the information these institutions store in the cloud is protected by Family Educational Rights and Privacy Act (FERPA), which was last amended in 2002, well before cloud computing became ubiquitous. The application of a 1974 law to 21st-century technology presents a plethora of legal and technical questions. In this article, we present an interdisciplinary analysis of these issues. We examine both existing statutes and case law and contemporary research into cloud security, focusing on the impact of the latter on the former. We find that FERPA excludes information that students and faculty often believe is protected and that lower-court decisions have created further ambiguity. We additionally find that given current technology, the statute is no longer sufficient to protect student data, and we present recommendations for revisions.","PeriodicalId":486991,"journal":{"name":"ACM Journal on Responsible Computing","volume":" 4","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Journal on Responsible Computing","FirstCategoryId":"0","ListUrlMain":"https://doi.org/10.1145/3675230","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Moving operations to the cloud has become a way of life for many educational institutions. Much of the information these institutions store in the cloud is protected by Family Educational Rights and Privacy Act (FERPA), which was last amended in 2002, well before cloud computing became ubiquitous. The application of a 1974 law to 21st-century technology presents a plethora of legal and technical questions. In this article, we present an interdisciplinary analysis of these issues. We examine both existing statutes and case law and contemporary research into cloud security, focusing on the impact of the latter on the former. We find that FERPA excludes information that students and faculty often believe is protected and that lower-court decisions have created further ambiguity. We additionally find that given current technology, the statute is no longer sufficient to protect student data, and we present recommendations for revisions.