Protecting Student Information & Privacy

This document provides guidance for all district staff—including teachers, administrators, educational specialists, school counselors, nurses, CST members, related service providers, and administrative assistants—on best practices for managing student records and communications. The goal is to ensure compliance with FERPA, New Jersey Administrative Code, and Board Policy 5125– Student Records while protecting student privacy and promoting consistency across all schools.

Accessing Student Records: Know Your Role and Limits

All student records are confidential and protected under FERPA and N.J.A.C. 6A:32-7.1 to 7.8.

Only staff with a legitimate educational interest—meaning you are directly responsible for the student’s instruction, support services, or recordkeeping—may access student information.
If you're unsure whether access is appropriate, consult your immediate supervisor.

Reminder: If a student is not on your caseload or class roster, and you are not a part of a formal team supporting them, you should not access their records.

Examples of Third-Parties Who Require Written Parent Consent: Attorneys or education advocates, medical professionals or outside therapists, independent evaluators or consultants, etc.

Protecting Student Privacy in Internal Communications

When communicating with other staff members about students through email:

Use student initials or ID numbers in both the subject line and body whenever possible.
Never include full student names in the subject line.
Avoid discussing sensitive or personal information (e.g., discipline, family status, behavior). Instead, arrange a phone call or in-person meeting.
If sensitive details must be emailed, limit recipients to those with a legitimate educational interest and use encrypted platforms if available (see below).
Emails about students that are shared with other staff may become part of the student's educational record.

Quick Tip: Always ask yourself: “Is this something that should be documented in writing, or discussed privately instead?”

Communicating with Families Using Approved Platforms Only

Do not use personal cell phones or personal email to communicate with parents/guardians.
Always use your district email or district-approved platforms, such as Google Classroom.
If texting is necessary, use platforms that log and archive messages.

Why This Matters: Personal communication tools are not protected, monitored, or backed up by the district. Their use may compromise confidentiality, limit oversight, and expose both you and the district to legal and privacy risks.

Email Security Tools: Protecting Sensitive Student Information

Using Built-in Gmail Privacy Features

Gmail also includes privacy features that can reduce risk when sending sensitive emails outside the district:

Confidential Mode: Prevents forwarding, downloading, or copying. You can require passcodes and set expiration dates.
Email Expiration Settings: Controls how long a message remains viewable.
Restricted Google Drive Access: When sharing links or files, restrict access to named recipients only.

Reminder: These tools help safeguard external communications, but they do not replace the need for good judgment and minimal disclosure. When in doubt, choose a phone call over email.

NJ Legislature

Writing with Accountability: Email and Public Record Law

Under the New Jersey Open Public Records Act (OPRA), email messages sent or received on your district account may be subject to public disclosure—even if marked confidential.

Always assume your emails could be reviewed by someone outside the district.
Be professional, factual, and neutral in tone.
Do not include personal opinions, speculative comments, or emotional language about students or families.

Quick Tip: Avoid putting sensitive student details in writing unless required. Use phone or in-person conversations for complex or confidential matters. Write every email with the assumption that it may one day be reviewed by administrators, attorneys, parents, or the public

Protecting Student Privacy in Digital File Management

Never store student information on personal devices or outside of district-approved platforms.
Avoid shared spreadsheets or Google Docs with full student names unless access is restricted and the use is clearly necessary.
All student-related files must be saved on secure, district-managed systems (e.g., Genesis, Realtime, Frontline, or Paramus Google Drive).
Use student initials or ID numbers to label internal files that do not require full identification.

Reminder: District platforms are protected, backed up, and monitored—personal devices and apps are not.

Protecting Student Privacy on Social Media

Do not post student names, photos, videos, or identifying info on personal social media accounts.
Only share content through school-sponsored platforms and only when appropriate parent/guardian permission is on file.

Why This Matters: Even well-intentioned posts can violate FERPA. Personal accounts are not monitored by the district and may compromise student confidentiality.

Responding to Records Requests, Subpoenas, or Legal Notices

If you receive a formal written request for student records—such as a subpoena, letter from an attorney, or a non-routine parent request (e.g., for complete historical files)—forward it immediately to the school's Main Office, the Office of School Counseling or Office of Special Services, as applicable

Designated Staff will follow official procedures outlined by the Director of Student Personnel Services to ensure all requests are processed in compliance with federal, state and legal requirements.

Reminder: Do not respond to any subpoena or court order directly. All such requests must be reviewed by the SPS Office and the district’s legal counsel as needed.

Questions? Staff should direct questions regarding student records, communications, or privacy concerns to the school principal or immediate supervisor. Principals and supervisors should direct questions to the Director of Student Personnel Services.

Page updated

Report abuse