Student Data and Privacy Protection
Children's Online Privacy and Protection Act (COPPA)
No website or software tool should be used in a Pembroke Public School classroom until a Technology Use Request form has been submitted and approved. The COPPA summary below is provided for your information.
Excerpt from Common Sense Media:
The Children's Online Privacy and Protection Act, more commonly known as COPPA, is a law dealing with how websites, apps, and other online operators collect data and personal information from kids under the age of 13.
COPPA has a number of requirements, but some key ones are that tech companies making apps, websites, and online tools for kids under 13 must:
- provide notice and get parental consent before collecting information from kids;
- have a "clear and comprehensive" privacy policy;
- and keep information they collect from kids confidential and secure.
Choose your classroom tech wisely.
- Stick to tools designed with education in mind, especially if kids are going to sign up and create accounts. Products that commercialize student learning are not recommended.
- When you bring new tech into your classroom, be mindful about how the tools ask kids to sign up, enter personal information, or share anything online -- and choose products that minimize and avoid unnecessary information collection.
- Always provide information to parents about what tools you're using in the classroom.
- Avoid apps, games, or websites that seem focused on advertising.
- Be cautious with tools that claim to be for education but are also aimed at consumers or the business world.
Not sure about a technology tool? Common Sense's privacy evaluations can help. These evaluations for many of the most popular edtech tools identify and explain the privacy risks in ways that are easy to understand.
For more information, click here.
Protection of pupil rights amendment (PPRA)
The Protection of Pupil Rights Amendment, or PPRA, is a federal law that provides certain rights for parents of students regarding, among other things, student participation in surveys; the inspection of instructional material; certain physical exams; and the collection, disclosure, and use of personal information for marketing purposes. This video provides information about these rights, the responsibilities of local education agencies (LEAs) under the law, and what to do if a parent thinks those rights have been violated.
Audience:
Education Technology Vendors
K-12 School Officials
Parents and Students
Researchers
Children's Internet Protection Act (CIPA)
Excerpt from fcc.gov:
The Children's Internet Protection Act (CIPA) was enacted by Congress in 2000 to address concerns about children's access to obscene or harmful content over the Internet. CIPA imposes certain requirements on schools or libraries that receive discounts for Internet access or internal connections through the E-rate program – a program that makes certain communications services and products more affordable for eligible schools and libraries. In early 2001, the FCC issued rules implementing CIPA and provided updates to those rules in 2011.
What CIPA requires
Schools and libraries subject to CIPA may not receive the discounts offered by the E-rate program unless they certify that they have an Internet safety policy that includes technology protection measures. The protection measures must block or filter Internet access to pictures that are: (a) obscene; (b) child pornography; or (c) harmful to minors (for computers that are accessed by minors). Before adopting this Internet safety policy, schools and libraries must provide reasonable notice and hold at least one public hearing or meeting to address the proposal.
Schools subject to CIPA have two additional certification requirements: 1) their Internet safety policies must include monitoring the online activities of minors; and 2) as required by the Protecting Children in the 21st Century Act, they must provide for educating minors about appropriate online behavior, including interacting with other individuals on social networking websites and in chat rooms, and cyberbullying awareness and response.
Schools and libraries subject to CIPA are required to adopt and implement an Internet safety policy addressing:
- Access by minors to inappropriate matter on the Internet;
- The safety and security of minors when using electronic mail, chat rooms and other forms of direct electronic communications;
- Unauthorized access, including so-called “hacking,” and other unlawful activities by minors online;
- Unauthorized disclosure, use, and dissemination of personal information regarding minors; and
- Measures restricting minors' access to materials harmful to them.
-Taken from https://www.fcc.gov/consumers/guides/childrens-internet-protection-act
FAMILY EDUCATIONAL RIGHTS PRIVACY ACT (FERPA)
The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
FERPA gives parents certain rights with respect to their children's education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are "eligible students."
-
Parents or eligible students have the right to inspect and review the student's education records maintained by the school. Schools are not required to provide copies of records unless, for reasons such as great distance, it is impossible for parents or eligible students to review the records. Schools may charge a fee for copies.
-
Parents or eligible students have the right to request that a school correct records which they believe to be inaccurate or misleading. If the school decides not to amend the record, the parent or eligible student then has the right to a formal hearing. After the hearing, if the school still decides not to amend the record, the parent or eligible student has the right to place a statement with the record setting forth his or her view about the contested information.
-
-
School officials with legitimate educational interest;
-
Other schools to which a student is transferring;
-
Specified officials for audit or evaluation purposes;
-
Appropriate parties in connection with financial aid to a student;
-
Organizations conducting certain studies for or on behalf of the school;
-
Accrediting organizations;
-
To comply with a judicial order or lawfully issued subpoena;
-
Appropriate officials in cases of health and safety emergencies; and
-
State and local authorities, within a juvenile justice system, pursuant to specific State law.
Generally, schools must have written permission from the parent or eligible student in order to release any information from a student's education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR § 99.31):
-
- Schools may disclose, without consent, "directory" information such as a student's name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. However, schools must tell parents and eligible students about directory information and allow parents and eligible students a reasonable amount of time to request that the school not disclose directory information about them. Schools must notify parents and eligible students annually of their rights under FERPA. The actual means of notification (special letter, inclusion in a PTA bulletin, student handbook, or newspaper article) is left to the discretion of each school.