Complying with education sites standards - HEOA, FERPA & accessibility

Regulatory compliance is very important. Find out how the education industry uses Stillio's automated screenshots daily to meet these laws.

Complying with education sites standards - HEOA, FERPA & accessibility

The education industry is not exempt from regulations. Whether it regards making information accessible to everyone or what to disclose to students and parents, compliance with education websites must be addressed thoroughly.

This article will examine the most important education website regulations, including HEOA, FERPA, and ADA.


As its name suggests, the Higher Education Opportunity Act of 2008 (HEOA) applies to postsecondary education institutions like universities and colleges. Under his Act, entities have to both disclose and report certain aspects of their operations, which are different requirements that can sometimes overlap:

  • A disclosure requirement refers to information that a postsecondary education institution must make available to other parties, like students.
  • A reporting requirement refers to information submitted to the U.S. Department of Education or other agencies. 

HEOA applies to the U.S. For U.K. education institutions, visit the government's guidance for maintained schoolsacademies, free schools, and colleges

How to comply with HEOA - What do I need to disclose on my website?

There are over 40 HEOA disclosure requirements—these range from providing guidance on obtaining financial aid to information about the diversity of the student body. You may not have to comply with each one of them, as they depend on the category your institution falls under. The National Postsecondary Education Cooperative put together a report where you can find out about each HEOA requirement and to whom it applies.

An important aspect to remember when looking into HEOA compliance is how the information should be presented: some of the required information must be "made available to students," while others must be "provided to students."

When the information is only required to be made available to students, posting it on the institution's website is enough to meet the requirement. Now, if the rule requires that the information be delivered directly to specific individuals or provided directly upon request, sharing it on a website won't do. You can make it available through the website, but it must be provided directly to the specified individuals. 

The information disclosed must also be accurate; otherwise, the Department of Education may take action.

Best practices for HEOA compliance

Besides disclosing the information just because HEOA requires it, there are some best practices you can follow to improve the whole experience for your students.

The requirement's name to refer to the information may not be the most understandable for students. For example, take "Student-right-to-know" versus something more straightforward like "Graduation rates." Make sure you use titles students can understand, allowing them to identify the information they'll find under each one.

Publishing the information but making it impossible to find is of no use. Don't hide the information; make it accessible and identifiable for students.

On that same note, many universities have their HEOA page, which centralizes all these disclosures and makes them visible to students. That is helpful for them, so they can find what they're looking for quickly and keep track of the information on your site.

Last but not least, if you ever need to prove you had a specific disclosure on your institution's website at a certain point, you'll need a website archive. Periodically saving versions of your site can help if you're faced with a complaint or a fine for a requirement you're complying with.

Stillio can automate the archiving process! You can schedule the screenshots to be captured daily, weekly, monthly, etc., and get full-length captures of your website directly to your drive. These screenshots are timestamped and watermarked so that you can prove compliance at the moment requested.

HEOA fines

In a case of non-compliance, the Secretary of Education will be authorized to take administrative action, including the imposition of fines. In addition, complying with HEOA is a condition for entities receiving student financial aid from the government; so non-compliance can put student assistance at risk.


The Family Educational Rights and Privacy Act (FERPA) is a federal law that gives parents the right to access their children's education records. It applies to schools of all levels that receive funds under a U.S. Department of Education program.

FERPA also allows parents to request that an education record be amended if they believe it is inaccurate. If the school denies the request, parents have the right to a formal hearing. 

In addition, FERPA grants parents some control over the disclosure of personally identifiable information from the education records.

These rights apply not only to parents but also to legal guardians. When a student turns 18 or enters a postsecondary institution, FERPA defines them as "eligible students," and their parents' rights are transferred to them. Therefore, a school violates FERPA if they share school records with parents of students over 18.

FERPA also regulates the share of an eligible student's records without the express written permission of that student's parent or legal guardian. There are exceptions to this disclosure rule, such as teachers, officials from another school the student intends to attend, and parties in connection with the student's financial aid.

Best practices for FERPA compliance

The main recommendation regarding how to comply with FERPA is to collaborate with parents, guardians, or students that make a request. Don't make the process more complex than it needs to be, and reply accordingly to requests of amendment or disclosure when applicable.

Have a straightforward internal procedure in place, with established information retention periods. In addition, internal training should be available for staff on the FERPA process and its exceptions.

In addition, you should ensure that every party involved in the process understands their FERPA rights. Sharing the information about FERPA rights on the website is a good starting point, clarifying the exemptions to have no issues.

If you're ever in doubt about whether written consent is needed to share certain information, it's best to ask for it.

Security breaches should be addressed with internal solid policies and procedures. Then, when it comes to third-party vendors, revise them to check if they're FERPA compliant.

As we covered in the HEOA best practices, having a periodic archive of FERPA compliance efforts can support your institution in case of a complaint. You can keep a record of visible published rights and exemptions on your website with automated screenshots.

FERPA fines

Similar to HEOA, the biggest consequence of FERPA non-compliance is the loss of federal funding. However, according to the Student Press Law Center, to date, there hasn't been a financial penalty enforced because of a FERPA violation.

Accessibility standards - ADA and section 508

Accessibility is a crucial aspect of education. Two main accessibility regulations affect this industry in the U.S.: the Americans with Disabilities Act and Section 508 of the Rehabilitation Act of 1973. Besides its contribution to compliance, an accessible education website can enhance the experience students have with your institution.

We're focusing on U.S. regulations since HEOA and FERPA are American rules. However, if you're from anywhere else, you might want to check out our master list on accessibility standards worldwide.

The federal Americans with Disabilities Act (ADA) is a civil rights law that prohibits discrimination against people with disabilities in all aspects of life. Under Title II of ADA, public educational entities are required to make accommodations to ensure that people with disabilities can access all their resources. That includes not only physical ones like buildings and activities but online content as well.

Section 508, a federal law, also requires agencies to provide equal access to electronic information and data. Colleges and universities that receive federal funding are subject to these requirements.

As for compliance, ADA itself doesn't provide clear guidelines, so many companies turn to WCAG. Section 508, however, requires following WCAG 2.0 in its A and A.A. levels. Conforming to those standards should be enough to make your website accessible to everyone and therefore keep you out of ADA trouble too. Ensure you follow the four principles of accessibility and keep an eye on key aspects like alt-texts, font contrast, size, audio descriptions, and subtitles.

Not complying with accessibility standards could lead to lawsuits and financial liabilities and damage your entity's reputation. A single ADA violation can cost up to $75,000, and $150,000 for additional violations. As for Section 508, non-compliance can result in USD 55,000 for the first violation, USD 110,000 for each additional violation, and loss of federal funding.

With Stillio, you can capture periodic evidence of your accessibility efforts, such as transcripts for audio and video resources and organized layout and type form.


Following education requirements help you not only to stay compliant but also to provide a better experience to students and staff. If you're experiencing trouble with these regulations, or have doubts about how they apply to your institution, seek legal help. Feel free to book a demo with Stillio to find out how we can lighten the compliance burden for your institution.

Starting at $29/m

Start capturing website screenshots automatically and save a lot of grunt work. You'll be set up in minutes. No credit card required. Check our pricing plans.