Student Data Privacy – Definitions, Laws, and Policies

Definitions

• Directory Information – information contained in a student’s education record that would not generally be considered harmful or an invasion of privacy if disclosed. FERPA requires each institution to define its directory items. (see JRA/JRC)
• Education Record – those records that contain information directly related to a student and which are maintained by an educational agency or institution or by a party acting for the agency or institution. (see JRA/JRC)
• Personally Identifiable Information (PII) – information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.

Laws

• Colorado Student Data Transparency and Security Act (HB 16-1423)
• Family Educational Rights & Privacy Act (FERPA)
  • Formal Opinion of Colorado Attorney General
• Children’s Online Privacy Protection Act (COPPA)
  • FAQ
  • COPPA Simplified

Board Policies

• Safeguarding Personal Identifying Information (EHC)
• Student Information Privacy and Protection (JRCB*)
• Student Information Privacy and Protection (Public Hearing and Complaint Procedures) (JRCB*-R)
• Student Responsible Use of the Internet (JS*-R)
• Staff Responsible Use of the Internet (GBEE*)
  Student Responsible Use of Technology (JS*-E)
• Student Records/Release of Information on Students (JRA/JRC)
• Supplementary Materials Selection and Adoption (IJK)

COPPA Simplified

While FERPA refers to “personally identifiable information,” COPPA refers to “personal information.” COPPA refers to the operator. Note the items in bold, which indicate when information would and would not be considered personal information under COPPA. For example, geolocation, in and of itself, is not considered personal information unless it is fine enough to identify