FERPA is a Federal law that protects the privacy rights of parents and students in education records maintained by educational agencies and institutions or by persons acting for such agencies or institutions. PPRA affords parents and students with rights concerning certain SEA and LEA marketing activities, the administration or distribution of certain surveys to students, the administration of certain physical examinations or screenings to students, and parental access to certain instructional materials. Resources on FERPA and PPRA, including SPPO’s online FERPA training modules, our technical assistance request process, and our complaint process, can be accessed on our website at https://studentprivacy.ed.gov/. We also recommend that you sign up for our periodic student privacy newsletter by visiting https://studentprivacy.ed.gov/join-student-privacy-listserv.
Resources on FERPA, COVID-19, and virtual learning:
FERPA and Virtual Learning During COVID-19; FERPA and the Coronavirus Disease 2019 (COVID-19) FAQs; and May Schools Disclose Information about Cases of COVID-19? – provide information on the applicability of FERPA to COVID-19 related disclosures.
Although not specifically required by FERPA, SPPO encourages LEAs to post on their websites their FERPA and PPRA notifications and policies to improve the transparency of information on student privacy. As SEAs and LEAs continue to leverage digital technology in classrooms, whether students are learning in-person or remotely, we encourage as much transparency as possible with the school community about the use of such technology, the information you share with online service providers, and the providers’ responsibilities regarding the information they receive about students. For more information about transparency best practices, please refer to SPPO’s LEA website privacy review, which may be accessed at https://studentprivacy.ed.gov/lea-website-privacy-review.
Data Security Best Practices
Finally, we recognize the growing number of LEAs affected by data breaches, cyber incidents, and ransomware attacks. If an LEA is affected by such incidents, we strongly encourage you to work with the relevant law enforcement and regulatory entities to respond in an appropriate and timely manner. In addition, we encourage you to take advantage of the resources and best practices available on our website:
A Parent’s Guide for Understanding K-12 School Data Breaches – provides parents of K-12 students information to help understand what a data breach means and provides tools and best practices to help navigate the sometimes confusing process of protecting children’s data in the event of a breach.