I’ve written in the past how archiving can minimize litigation costs for school districts through eDiscovery and with the ability to handle Freedom of Information requests in a timely and efficient manner. Another way email archiving can benefit schools and districts and save you money is by understanding three specific compliance rules.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA provides data privacy and security provisions for safeguarding medical information. It requires that health information is not only kept private but when you share it in any capacity, there's a record that you shared it.
However, there's nothing specifically in the law that talks about email archiving. When using a cloud-based archiving product that’s compatible with popular school email providers like G Suite for Education or Office 365, you gain the ability to log and produce those records, and if you did share personal health information, there’s a log to help you prove that it was a legal request.
As a society, we’ve been moving towards paperless for a long time. Sensitive medical records once kept in filing cabinets in the basement of a school district are moving to third-party, cloud-based archiving solutions. Make sure to protect the integrity of your school district, and ensure that sensitive information is tamper-proof.
Family Educational Rights and Privacy Act (FERPA)
FERPA gives parents certain protections about students’ education records, such as report cards, transcripts, disciplinary records, contact and family information and class schedules.
Often referred to as Personally identifiable information (PII), FERPA allows parents the ability to request their child’s records. While an email archive isn’t a requirement of FERPA, as more of this information is communicated and stored electronically, some of that PII will be sent through email. You’re likely already using a database backup solution for records protected under FERPA, but archiving can provide that added assurance if litigation ever arises regarding education records.
Children's Online Privacy Protection Act (COPPA)
COPPA imposes specific requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that know that they’re collecting personal information online from a child under 13 years of age.
Whenever you announce changes to policies that impact COPPA, those notices will often be sent electronically. School districts have moved away from sending out letters or asking for permission slips. You can avoid the “I never signed that” comment from a parent with a searchable email archive that produces the email communication for whoever is requesting or requiring it.