26 Aug Prioritizing Safety and Security of Students
The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student upon reaching the age of 18 or attends a school beyond the high school level.
Lifetouch honors every institution’s interpretation of FERPA. We also go to extraordinary lengths to ensure compliance with privacy law, both in regards to FERPA and in terms of financial data. Here are steps we have taken to ensure privacy protection for our clients and customers:
To safeguard customer data and prevent identity theft, Lifetouch takes a proactive approach to address the required credit card safety standards mandated in 2005 by major credit card companies. This change involved eliminating credit card data collection on any paper forms, thus limiting credit card payment processing to a highly secure online system. As such, our processes fully comply with the new Payment Card Industry (PCI) Data Security Standards (DSS). Lifetouch Special Events is the only commencement photography company that is 100% PCI compliant.
As a “Level 2 Merchant” processing over 1 million credit card transactions per year, Lifetouch regularly validates our compliance through a third party PCI-certified Qualified Security assessor. This assessor conducts state-of-the-art penetration tests and security consulting. We believe this level of security assurance is unmatched by any other photography company.
Building & Data Security
Lifetouch uses a variety of methods to prevent unauthorized persons from entering our plants and accessing our computer systems, including pass-codes, magnetic entry cards, visitor registration, camera monitors and/or security guards.
Databases containing digital images or confidential information are protected with the same multi-layered security strategies used to protect our other sensitive and confidential business records. Image files are assigned unique identifiers. Identifiable information about the individual in the image cannot be derived from the file name. Image databases are separated from associated data files containing identifiable information, and all databases are protected by firewalls, passwords, or other authentication procedures.
We use industry standard encryption for data transmission. We regularly destroy electronic information when it is no longer necessary to provide our products or services (and are not required by law to be maintained).
Our practice at Lifetouch is to collect, use, and disclose personal information only in ways that are consistent with our respect for an individual’s privacy. Photos that are not mailed to customers are incinerated rather than placed in a landfill. Lifetouch does not sell or rent information to third parties. Lifetouch may share customer information among its affiliated companies and may also share information with consultants who provide services for Lifetouch. It is our policy to require affiliated companies who perform services for Lifetouch to keep such information confidential and to use it only for the purpose of fulfilling obligations to Lifetouch. Furthermore, we require Lifetouch employees to sign confidentiality agreements as a condition of employment.
Lifetouch respects individual privacy throughout the entire product lifecycle. Photo prints that are not mailed to customers are incinerated, as opposed to being placed in a landfill.
Our website is unique for several reasons, the most important of these being the ease and convenience with which our customers may find their photographs. Lifetouch policy allows the institution to have either open access to the events or to assign each graduate a password unique to the event. If the client chooses, we can password-protect images at the event level (everyone from the event can view all the images from the event) or at the participant level (each individual can only view their own images from the event).
Through experience, Lifetouch knows that very few customers object to an open system. Why? Two reasons:
The event took place in a public forum, where newspapers could take images of each graduate, identify them by name, and even sell those images.
Nobody needs to have a complex code to view images. Graduates, parents, separate households where parents do not share information, grandparents, friends, spouses, or children – they all can find the images of the person they care about and help decide which images to purchase.
Over the past years, we have had very few requests to not display our images on our site, or to password protect their graduate’s image. Based on tracking these instances, approximately 99.995% of our customers were satisfied with our open website.
Why not choose an open system? From the standpoint of the commencement photography company, an open system is much more difficult to maintain. In a closed system, very few people are using the website at any given time. Once the graduate has viewed the images, they log off the site. In an open-based system, the graduates take time to browse through multiple images of themselves, the ceremony, and images of their friends. Additionally, friends and relatives are more apt to view images because they are easy to find. This means that an incredible amount of internet traffic hits our servers during peak season. For most commencement photographers, having an open-based system would cause their system to crash.
Lifetouch has a dynamic and robust web-based presence. We are prepared for the rush of graduates and their loved ones looking to view commencement images.