Schools · Indiana

Managed IT diligence for private schools in Indiana.

Schools like yours hold student records, family financial information, and, for younger students, data with its own federal protections. Schools hold years of records on minors, parents expect discretion as a matter of trust, and online services used by children carry federal privacy obligations that flow through the school's technology choices.

What binds you

The frameworks behind the stakes

FERPAThe frameworkStudent-record privacy duties where federal funding applies.
COPPAThe frameworkFederal limits on collecting data from children under 13 through online services.

Add this to your checklist

How are student records access-controlled, and how are the online services children use vetted?

It joins the 18 questions every buyer should ask in writing. The full list and the printable version are on the Protect page.

Where you are

The Indiana layer

Indiana, like every U.S. state, has a data breach notification law that sets duties and deadlines when personal information is compromised. Whatever its exact deadline, a provider bound by a contractual 72-hour notice clock has already committed to moving faster than any state statute requires of you, which is why that clause belongs in your agreement regardless of where you operate. The National Conference of State Legislatures maintains a fifty-state table of these laws; searching "NCSL security breach notification laws" will find it if the link below has moved.

Before hiring anyone, run their legal entity through Indiana's Secretary of State business search: every state operates one, free, and it shows whether the company exists, when it was formed, and whether it is in good standing. Search "Indiana Secretary of State business search" to reach it directly. Indiana's attorney general's office is the place to check for consumer complaints and to report provider misconduct.

NCSL 50-state breach-law tablesource