Family Educational Rights and Privacy Act Compliance

Family Educational Rights and Privacy Act Compliance

At IDrive, we understand the critical importance of adhering to the Family Educational Rights and Privacy Act (FERPA), a federal law that protects the privacy of student education records. FERPA grants parents and eligible students the right to access, amend, and control the disclosure of personal information contained in these records. As students transition into adulthood or enter postsecondary institutions, these rights shift from the parents to the students themselves. To support educational agencies and institutions in complying with FERPA, IDrive provides robust physical and logical controls within our services. Our services are designed to aid our customers in building systems that meet FERPA's stringent requirements.

Our approach at IDrive is centered around flexibility and security, especially when handling sensitive student data. Educational agencies and institutions or customers with student data who utilize IDrive services are empowered with the tools to construct a secure environment. This approach aligns with FERPA's regulatory standards, ensuring the protection of Personal Identifiable Information. A critical component of our service offering includes robust encryption and access control mechanisms, providing an additional layer of security. Moreover, IDrive's commitment to data security extends to backup and disaster recovery, ensuring that educational records are safely stored and easily retrievable in any situation, thereby maintaining continuous compliance with FERPA regulations.

IDrive's adherence to SOC 2 Type II standards significantly bolsters our ability to meet the requirements of FERPA Compliance. SOC 2 Type II certification is a testament to our commitment to the highest standards of security, availability, processing integrity, confidentiality, and privacy. This certification involves a rigorous, detailed audit that evaluates and confirms the effectiveness of our data management practices over time.

IDrive helps customers adhere to FERPA regulations and assists in safeguarding student data in the following manner:
  • Encrypted storage
    The data is encrypted using industry-standard 256-bit AES encryption and transmitted securely to a vault that resides at a world-class data center that provides SOC-approved data protection service.
  • Physical security
    The data centers are equipped with various physical security measures, custom-designed raised floors, HVAC temperature control systems with separate cooling zones, and seismically braced racks.
  • Access control
    Access to the vaults and the data center is strictly controlled through administrative procedures, physical safeguards, and technical security measures to prevent unauthorized use or disclosure of customer records.
  • Regular monitoring
    The network infrastructure is periodically checked for vulnerabilities with third-party audits.
  • Identification and authentication
    IDrive services use strong authentication systems and logins can be additionally verified with a one-time code sent to a registered email address, along with the use of an account password.
  • Audit logs
    IDrive maintains audit logs for all access to customer records. This would help to ensure that only authorized users are accessing these records and that any unauthorized access is detected.
  • Data durability and protection
    IDrive Online Backup provides true archiving, which means your data is never deleted from your account until you delete it.


  • IDrive cloud backup offers the choice of employing private encryption which is known only to the user and not stored on IDrive servers, in addition to default encryption. Explore the distinction between private and default encryption here.
  • Google Workspace Backup and Microsoft Office 365 Backup employ industry-standard default encryption protocols to ensure secure data storage.