Steve Kolowich reports:
After several years of negotiating, a dozen colleges have reached an agreement with Microsoft that could inspire more institutions to outsource their internal communications and data storage systems to the company and its far-flung servers — even when those systems hold sensitive student and research data.
Since 2010 Microsoft had been in talks with a dozen universities about drawing up a standard contract that would address colleges universities’ obligations to federal privacy laws such at the Family Education Rights and Privacy Act (FERPA), and the Health Insurance Portability and Accountability Act (HIPAA). The idea was to eliminate the tedium and expense of negotiating around these compliance issues with each and every university client.
Read more on Inside Higher Ed.
If Microsoft really adheres to FERPA and HIPAA requirements with the status of “school official,” and agrees not to data mine or use the data for other purposes, what risks, if any, do readers see in this arrangement? While the idea of outsourcing might make people uncomfortable, this might actually improve data security and protection of student records, as the firm presumably invests much more in security than some institutions might.