The U.S. Department of Education is committed to both technological progress and the protection of privacy and security for students, educators, and all involved in schools.
New education technologies often raise questions about how best to protect student privacy during use. This document addresses privacy and security considerations relating to computer software, mobile applications, and web-based tools provided by a third-party to a school or district that students and/or their parents access via the Internet and use as part of a school activity. It presents some requirements and best practices to consider when evaluating the use of online educational services.
This brief offers best practice recommendations for developing and implementing effective authentication processes to help ensure that only appropriate individuals and entities have access to education records. General suggestions provided in the brief are applicable to all modes of data access, be it in person, over the phone, by mail, or electronically.
The Privacy Technical Assistance Center, working with the Department of Education’s Family Policy Compliance office, recently released a framework for edtech tools’ Terms of Service Agreements. This document is intended to assist users in understanding how a given online service or app will collect, use and/or transmit user information so that they can then decide whether or not to sign up. It is recommended that developers align their Terms of Service Agreements with these best practices.
The U.S. Department of Education runs the Privacy Technical Assistance Center (PTAC) as a “one-stop” resource for answering questions and addressing concerns related to privacy, confidentiality, and security practices. PTAC provides timely information and updated guidance on privacy, confidentiality, and security practices through a variety of resources, including training materials and opportunities to receive direct assistance with privacy, security, and confidentiality of student data systems.
Overview of Federal Regulations
Family Educational Rights and Privacy Act (FERPA)
FERPA is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds from the U.S. Department of Education. FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level.
Children’s Online Privacy Protection Act (COPPA)
The primary goal of COPPA is to place parents in control over what information is collected from their young children online. COPPA was designed to protect children under age 13 while accounting for the dynamic nature of the Internet. The Rule applies to operators of commercial websites and online services (including mobile apps) directed to children under 13 that collect, use, or disclose personal information from children, and operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13. The Rule also applies to websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children. Read more
Children’s Internet Protection Act (CIPA)
CIPA was enacted by Congress in 2000 to address concerns about children’s access to obscene or harmful content over the Internet. CIPA imposes certain requirements on schools or libraries that receive discounts for Internet access or internal connections through the E-rate program. Read more
Protection of Pupil Rights Amendment (PPRA)
PPRA is intended to protect the rights of parents and students in two ways:
- It seeks to ensure that schools and contractors make instructional materials available for inspection by parents if those materials will be used in connection with an ED-funded survey, analysis, or evaluation in which their children participate; and
- It seeks to ensure that schools and contractors obtain written parental consent before minor students are required to participate in any ED-funded survey, analysis, or evaluation that reveals certain information.
PPRA applies to programs that receive funding from the U.S. Department of Education. Read more