Intrado Resources

Becoming CIPA Compliant with Google Apps and Office 365


Google Apps for Education and Microsoft Office 365 Education are becoming increasingly popular cloud platforms among schools and districts. Google Apps has over 40 million students, teachers and administrators today – a whopping 300% increase in users since 2010. Schools are thrilled that they can now foster stronger communication and collaboration in and outside the classroom, save on system support costs, and teach their students how to use technology professionally.

As useful and as popular as Google Apps and Office 365 are for learning, they may not be fully compliant with the Children’s Internet Protection Act (CIPA). Schools need to take extra measures beyond a typical Internet filtering system to ensure that they are abiding by this federal law, as there could be severe repercussions for failing to do so. This white paper will explain why Google Apps and Office 365 may not be fully CIPA compliant and present the possible solutions that may help schools gain the benefits of Google Apps or Office 365 while keeping their students protected and achieving CIPA compliance.


Overview of CIPA

The Children’s Internet Protection Act (CIPA) is a federal law that requires all K12 schools and libraries to ensure that their students are protected from pornographic, obscene and other harmful content online. Enacted in 2000 to address concerns about access to inappropriate content over the Internet on school and library computers, CIPA imposes a set of requirements, outlined by the Federal Communications Commission (FCC), that schools and libraries must abide by to be eligible for federal funding or discounts offered by the FCC’s E-Rate program. The FCC states that schools must adopt and implement an “Internet safety policy that includes technology protection measures,” and these measures “must block or filter Internet access to pictures that are (a) obscene; (b) child pornography; or (c) or harmful to minors.” Schools must also ensure “the safety and security of minors when using electronic mail, chat rooms and other forms of direct electronic communications.


Google Apps & Office 365 May Not Be Fully CIPA Compliant

Neither Google nor Microsoft take responsibility for ensuring that their services comply with CIPA. While Google Apps is said to be in compliance with the Children’s Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA), Google does not have any published policies regarding CIPA in its compliance documentation. Microsoft’s regulatory policy, on the other hand, clearly states that “customers must independently assess whether their Internet safety policy complies with CIPA obligations (including technological measures governing web access entirely unrelated to Office 365).”

Google and Microsoft are strong advocates of Internet freedom. For them, providing users across the globe with uncensored access to information takes precedence over meeting the CIPA compliance needs of a relatively narrow US K12 market. This leaves schools solely responsible for implementing appropriate technology measures to ensure student safety and CIPA compliance.

RedCircleArrow  Download