FERPA governs use of that data when schools and districts use Quickbase apps which includes FERPA regulated data.
Educational institutions are responsible for maintaining FERPA compliance when handling personal data of their students. These responsibilities include identifying data elements which are uploaded to QuickBase, maintaining access and sharing permissions appropriately, and being transparent with students as to data sharing arrangements with service providers
As a service provider, Quickbase enables education institutions who use Quickbase apps for FERPA data to be compliant with FERPA by:
- Maintaining security of the Quickbase platform via security plans and controls.
- Not sharing or disclosing our app data to any 3rd party.
- Not using customer app data for unrelated activities such as data mining.
- Implementing customer security breach notification procedures.
- Purging app data at end of service contract.
For more information about FERPA, visit the Privacy Technical Assistance Center at the US Department of Education.
HECVAT, aka the Higher Education Community Vendor Assessment Toolkit, is a questionnaire framework specifically designed for higher education to measure vendor risk of service providers like Quickbase. Quickbase provides an up to date completed HECVAT questionnaire to assist education institutions with their due diligence.