Educational institutions and the EdTech companies that work with them are entrusted with extensive amounts of personal data subject to nuanced and differing state and federal regulatory schemes, including the personal data of students, teachers, principals, and minors.  Octillo attorneys advise EdTech platforms, as well as public and private educational institutions, on data security and privacy law compliance, including under the Family Educational Rights & Privacy Act (FERPA), applicable state laws such as NY Education Law 2-d and Part 121, the Children’s Online Privacy Protection Act (COPPA), and Health Insurance Portability and Accountability Act (HIPAA).

Education institutions and EdTech companies have seen an unprecedented increase in cyberthreats.  In response, Octillo provides both the data security and privacy policies necessary to formalize appropriate physical, administrative and technical safeguards, while introducing key risk mitigation and response protocols, including vendor management programs, incident response plans, and disaster recovery procedures.  Weaving data security and privacy compliance together is more critical than ever in the education space and Octillo’s continuous focus in this space allows our firm to provide efficient and time-sensitive guidance on these fronts.

Our extensive experience in the education space affords us the practical experience to help clients adapt their security and privacy policies to relevant laws.  We work with clients on education-specific agreements, having drafted and negotiated contracts that respond to the ever-evolving data privacy landscape in the education field.  Our firm’s seasoned incident response team routinely addresses incidents in education, providing appropriate crisis management and communication plans in parallel with incident response.  Relatedly, we represent educational institutions and EdTech platforms in regulatory inquires and throughout data privacy and security litigations.