Dive Summary:
- Microsoft has reached an agreement several years after beginning negotiations with a dozen universities over a standard contract for its cloud services that would address the universities' obligations to federal privacy laws like FERPA and HIPAA.
- The tech giant announced Friday that the Universities of Iowa and Washington, as well as Duke, Emory and Thomas Jefferson Universities, were on board for its new, cloud-based e-mail and work software, Microsoft 365--a deal that will save infrastructure costs for those universities by migrating a number of internal communication and data system's to Microsoft's servers.
- Duke's Chief Information Officer, Tracy Futhey, says Microsoft's standard contract (in which it is designated a "School Official" with "legitimate educational interests" in the data) for FERPA and HIPAA compliance may make more institutions comfortable with the idea of outsourcing their data to them.
From the article:
After several years of negotiating, a dozen colleges have reached an agreement with Microsoft that could inspire more institutions to outsource their internal communications and data storage systems to the company and its far-flung servers - even when those systems hold sensitive student and research data. Since 2010 Microsoft had been in talks with a dozen universities about drawing up a standard contract that would address colleges universities' obligations to federal privacy laws such at the Family Education Rights and Privacy Act (FERPA), and the Health Insurance Portability and Accountability Act (HIPAA). ...