"The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA gives parents certain rights with respect to their children's education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level."
There is no federal government designation of FERPA compliance. In other words, there is no certificate or seal the federal government provides to a vendor indicating the vendor is FERPA compliant. We have confirmed this statement with the Family Policy Compliance Office or FPCO (March 8, 2018).
The US Department of Education provides guidance to schools and vendors with regard to technology best practices.
We use the most advanced technology services through Amazon called Amazon Web Services (AWS). Amazon states, "Amazon Web Services (AWS) means you have a partner in security who has a vested interest in keeping your environment safe. Cloud adoption and operation on AWS enables you to protect your data, meet compliance requirements, and cost-effectively and securely scale up or down." Hipaajournal.com states, "AWS is secure by default."
AWS has provided guidance on FERPA. TeamSafe™Sports has carefully followed this guidance in order to create a FERPA-Compliant Environment.
Our application communicates only with the parents of the athletes and the youth sports organizations in which they play. Our application does not transmit any of the user's personally-identifiable health data entered into the app with any covered entities or any third parties.
Security: We follow AWS data protection guidelines to ensure the confidentiality, security and integrity of all data entered into our application.
Permissions: Who has access to data and specifically what data is that? Parents have viewable and editable access to their child's data only. Coaches have viewable and editable access to their own personal information. Coaches have viewable access to the athletes on their team (roster). Coaches do NOT have editable access to any athlete information entered by the parent. Administrators have viewable access to all the athlete's in their organization. Administrators provide final clearance (return to play) for injuries. Otherwise, administrators do not have editable access to any athlete's information.
Choice: We collect the minimum data necessary to keep the athletes safe.
Education: We maintain a baseline level of knowledge of data privacy and security requirements and best practices through annual employee training.
Third Parties: We do not provide third parties with students’ personal data for advertising, marketing, or other purposes unrelated to the functioning of the product in the manner for which it is being used by the organization.