The method of parsing, duplicating, and storing data in Google Apps meets all the requirements of the federal FERPA law. You can read more about Google's Security and Compliance here. They have specific statements about Google Apps for Education here.
The human factor is what we need to watch. Share only the most pertinent information with only those who need it. Your staff should not send messages with student information in them at all.
Here are the sharing options in Google Drive:
Share only with specific people :: type in email addresses to only share with a few people, you can also share with groups created by the domain administrator or by you
Anyone in Forest Grove SD with the link :: Open this for everyone to see if they are logged in with their district Google account.
On - Public :: Open to anyone, anywhere.
On - Anyone with the link :: Open to anyone that you've sent the link to and anyone else that's received it.
On - Forest Grove School District :: Open and searchable to anyone in Forest Grove SD when they are logged in with their district Googleaccount.
On - Anyone in Forest Grove with the link :: Open to anyone in Forest Grove SD when they are logged in with their district Google account and they have the link.
For each of these options, you can also give collaborators rights to:
edit - they can do anything to the document include share it with others
comment - they can suggest changes to the document
view - they can only consume or make a copy of the document
Read more about sharing options in Google's support documentation.
