As discussed in the May / June 2021 issue , students and their parents have a legitimate ( as well as legal ) expectation that their personal information will be properly collected and maintained , used only for appropriate purposes , and not shared or disclosed improperly . School districts have a responsibility to ensure that student data is not only maintained and managed properly but also protected through adequate security .
Although school districts regularly collect and maintain student data , the collection and maintenance of student data implicates not only school districts but also their third-party contractors , enlisted to provide educational services , that receive or access such information as part of those services . In May of 2020 , school districts were still knee-deep in remote learning . However , pre- and post- COVID , school districts regularly contract with third parties to collect and use student data on their behalf . As both the breadth and use of third-party technology advances , the responsibility will continue to expand .
As a refresher , it is important to note where the responsibility for safeguarding student information arises and the way such information must be addressed . In terms of schools and student data privacy , generally , on the federal level , such duties are covered in large part by the Family Educational Rights and Privacy Act ( FERPA ), Protection of Pupil Rights Amendment ( PPRA ), and the Children ’ s
Online Privacy Protection Act ( COPPA ). Here is a brief review :
FERPA ( 20 U . S . C .§ 1232g ; 34 C . F . R . §§ 99.1 et seq .) is the federal law that protects the privacy of personally identifiable information in student education records . FERPA applies to all educational agencies and institutions that receive funds under any program administered by the U . S . Department of Education . FERPA protects personally identifiable information from students ’ education records from unauthorized disclosure .
Although school districts regularly collect and maintain student data , the collection and maintenance of student data implicates not only school districts but also their third-party contractors , enlisted to provide educational services , that receive or access such information as part of those services .
As with FERPA , the PPRA ( 20 U . S . C .§ 1232h ; 34 C . F . R . Part 98 ) applies to schools and contractors that receive funding from the U . S . Department of Education . While FERPA protects personally identifiable information from education records maintained by a school district , PPRA is implicated when personal information is collected from the student , such as surveys , analysis or evaluations .