Embedded Files
Introduction: The Federal Government requires every school to comply with student data privacy and online safety regulations from the Federal government (FERPA) and the state laws where the district is located. Whether the laws exist or not. you would still need to protect your student's data because as a district, you are morally responsible for protecting their health and well-being. Your responsibility to protect student data includes:
How you collect, use, and manage students Personally Identifiable Information (PII)
How you govern the use of students' PII
How you protect all the information that could be used to identify a student (demographics data, login credentials, etc.)
How you protect their academic records
How you protect their academic, health, and disciplinary records
How you manage information that when merged, could identify a student
Georgia Student Data Privacy Laws
US Department of Education: Office of Educational Technology: privacy
COPPA
Introduction: What is COPPA?
The Children’s Online Privacy Protection Act (COPPA) gives parents control over what information websites can collect from their kids.
Congress enacted COPPA in 1998 to limit the collection of personally identifiable information (PII) from youngsters without their parents’ consent.
COPPA applies to websites or online services that are “directed towards children.” Examples of directing information towards children could include:
the subject matter;
visual content;
the use of animated characters or child-oriented activities and incentives;
music or other audio content;
age of models;
presence of child celebrities or celebrities who appeal to children;
language or other characteristics of the website or online service;
whether advertising promoting or appearing on the website or online service is directed to children;
competent and reliable empirical evidence regarding audience composition; and
evidence regarding the intended audience of the site or service.
Schools Responsibility COPPA:
Teachers of students under 13 should not allow their students under 13 to create any accounts for web-based resources unless they get parental permission and the terms and conditions of the site are acceptable to the district.
I Keep Safe has a process for web-based companies and provides a badge for companies that are certified COPPA and FERPA compliant. Any companies with an I Keep Safe badge have been vetted and are COPPA Compliant.
Website Owners Responsibility COPPA:
COPPA requires website operators to:
Post a privacy policy on the homepage of a website. They must inform the visitor about the types of personal information they collect from children; how the site will use the information; and whether such personal information is shared with advertisers or other third parties.
Provide notice directly to parents. In certain circumstances, websites must send direct notice to a parent of the site’s information practices and give parents the opportunity to opt-out on behalf of their child. An example of this is an educational tool that asks if a student is 13 and over. If answered no, the parent’s email must be entered so the educational company can email the parents to get permission for their students to set up the site.
Get parental consent to use or disclose personal information about a child. This includes student email, chat rooms, and web-based resources.
Allow parents to review personal information collected from their children.
Allow parents to revoke their consent, and delete information collected from their children at the parents’ request.
Establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of children’s personal information.
Adapted from: https://www.ftc.gov/system/files/2012-31341.pdf
What comprises personal information? (PII)
Personal information in the world of COPPA includes a child’s name, address, phone number, or email address; their physical whereabouts; photos, videos and audio recordings of the child, and persistent identifiers, like IP addresses, that can be used to track a child’s activities over time and across different websites and online services.
There are two kinds of PII:
Linked Information: Information that is more direct
Full name
Home address
Email address
Social security number
Passport number
Driver’s license number
Credit card numbers
Date of birth
Telephone number
Owned properties e.g. vehicle identification number (VIN)
Login details
Processor or device serial number*
Media access control address (MAC)*
Internet Protocol (IP) address*
Device IDs*
Cookies*
Linkable Information: Information is indirect and on its own may not be able to identify a person, but when combined with another piece of information could identify, trace or locate a person.
First or last name (if common)
Country, state, city, zip code
Gender
Race
Non-specific age (e.g. 30-40 instead of 30)
Job position and workplace
Non-PII: Data that cannot be used on its own to trace the identity of a person.
What does parental permission have to do with COPPA?
The primary goal of COPPA is to place parents in control over what information is collected from their young children online. The rule was designed to protect children under age 13. Parents must give permission for any students under 13 to create accounts online that collect student personal information.
In some instances, schools can act “In loco parentis”- in place of the parents- when providing digital resources to students and thus comply with COPPA. This is usually in cases where the school system is providing digital resources for students that have been vetted for terms and conditions and usually reviewed by legal departments to be sure these companies are not collecting data that is not appropriate, secure, or necessary. This information can often be “disguised'' through the use of third-party software such as Clever or by logging into a resource using Google or Office 365 login information.
What does the FTC have to do with COPPA?
The Federal Trade Commission is the governing body that manages COPPA.
How can I tell if a site is COPPA Compliant?
The iKeepSafe COPPA Safe Harbor Certification program ensures that practices surrounding collection, use, maintenance, and disclosure of personal information from children under the age of 13 are consistent with principles and requirements of the Children’s Online Privacy Protection Act (COPPA). Companies that comply with the guidelines are awarded a badge, making it easy for parents and schools to identify products that are compliant with COPPA.
FERPA
What is FERPA?
The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. FERPA gives parents certain rights with respect to their children's education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level.
Ferpa laws include:
Parents or eligible students have the right to inspect and review the student's education records maintained by the school.
Parents or eligible students have the right to request that a school correct records which they believe to be inaccurate or misleading.
Generally, schools must have written permission from the parent or eligible student in order to release any information from a student's education record. However, FERPA allows schools to disclose those records, without consent, in some instances (for instance, schools to which the student is transferring, accrediting organizations, the juvenile justice system, etc.)
Schools may disclose, without consent, "directory" information such as a student's name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. However, schools must tell parents and eligible students about directory information and allow parents and eligible students a reasonable amount of time to request that the school not disclose directory information about them.
Student Education records protected under FERPA (Cannot be released without permission:)
A student’s personal educational record includes a range of information about a student that is maintained in schools in any recorded way, such as handwriting, print, computer media, video or audiotape, film, microfilm, and microfiche. Examples are:
Date and place of birth, parent(s) and/or guardian addresses, and where parents can be contacted in emergencies;
Grades, test scores, courses taken, academic specializations and activities, and official letters regarding a student's status in school;
Special education records;
Disciplinary records;
Medical and health records that the school creates or collects and maintains;
Documentation of attendance, schools attended, courses taken, awards conferred, and degrees earned;
Personal information such as a student's identification code, social security number, picture, or other information that would make it easy to identify or locate a student.
Personal notes made by teachers and other school officials that are not shared with others are not considered education records. Additionally, law enforcement records created and maintained by a school or district's law enforcement unit are not education records.
Student Directory information that may be released under FERPA (unless parents request otherwise:)
Includes personal information about a student that can be made public according to a school system's student records policy. Directory information may include a student's name, address, and telephone number, and other information typically found in school yearbooks or athletic programs. Other examples are names and pictures of participants in various extracurricular activities or recipients of awards, pictures of students, and the height and weight of athletes.
Read all of the information in this module. Click on the link above and answer the questions relating to data privacy.
Page updated
Google Sites
Report abuse