Complete transparency around our security practices.

FERPA & Privacy Policy

Student educational records are protected under FERPA (The Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g; 34 CFR Part 99). This federal law applies to any school with certain programs funded by the U.S. Department of Education. EchoED is used in compliance with FERPA, our commitment to which is included in our agreements. EchoED acknowledges that (a) Customer Data may include personally identifiable information from education records that are subject to FERPA ("FERPA Records"); and (b) to the extent that Customer Data includes FERPA Records, EchoED will be considered a "School Official" (as that term is used in FERPA and its implementing regulations) and will comply with FERPA.

Increasingly schools and families rely on EchoED to deliver impeccable services that ensure students’ personally identifiable information (PII) is protected and kept private. EchoED values the trust that our partnering schools and families place in us by letting us act as custodians of their data. We take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices. EchoED utilizes best-in class data collection applications and information security measures for personnel.  We NEVER EVER share your data with third parties. EchoED password protects accounts links and forms, guaranteeing data privacy and eliminating risk.

Personnel

EchoED conducts background screening and reference checks at the time of hire (to the extent permitted or facilitated by applicable laws). In addition, EchoED communicates its information security policies to all personnel (who must acknowledge this) and requires new employees to sign non-disclosure agreements and confidentiality agreements to ensure information security and privacy of student education records as well as personal health information. EchoED will not disclose the confidential Information, except to employees, or agents who need to know it and who have a legal obligation to keep it confidential. The recipient will use the Confidential Information only to exercise rights and fulfill its obligations, while using reasonable care to protect it. The recipient will ensure that its delegates (employees, affliliates, and agents) are also subject to the same non-disclosure and use obligations. EchoED provides ongoing privacy and security training to all team members. On day one team members complete FERPA and Mandatory Reporting of Child Abuse and Neglect training. To keep up with trends in education, the team participates in quarterly professional development.

Data Encryption & Information Security

The platform used to collect data is a trusted brand, with best-in-class security measures that helps them maintain their reputation with consumers and businesses. We enforces secure collection of data on all of our forms. On-Demand Interpreter services and any other form or data collection tools created  and used by EchoED is served across a protected, 256-bit SSL connection that encrypts the data at rest before it is sent to the servers, so no bad actors can read the data being submitted. Our forms and data are accessed over HTTPS 100% of the time. Our trusted, reliable system means that students’ personally identifiable information (PII) is encrypted in transit using secure TLS cryptographic protocols. We also utilize encrypted data storage with stricter requirements which apply to specific data-sensitive fields.

An outside routing layer provides us with basic filtering to handle any potential denial of service attacks. All network traffic also has to pass through heavily locked-down redundant firewalls. Periodical scans, including quarterly PCI scans by McAfee, are performed to look for any potential vulnerabilities in our network.