By Audience: Education Technology Vendors

The resources on this page are intended for vendors and other third party providers who are developing, or selling educational technology apps or services that utilizes or collect or uses Students’ Personally Identifiable Information. Resources found here are intended to provide technical assistance and best practices for those vendors to ensure they are properly handling FERPA-protected information.

Guidance

Best Practices for Data Destruction

The Data Destruction Document is a best practices guide on properly destroying sensitive student data after it is no longer needed. It details the life cycle of data and discusses various legal requirements relating to the destruction of data under FERPA, and examines a variety of methods for properly destroying data. The guide also discusses best practices for data destruction and provides some real-world examples of how to implement it within your organization.

Letters

FTC and the Department of Education to Host Workshop on Student Privacy and Ed Tech; Seeking Public Comments

The U.S. Department of Education and the Federal Trade Commission (FTC) will host a joint workshop on December 1, 2017 to explore the intersection of Children's Online Privacy Protection Rule (COPPA) and the Family Educational Rights and Privacy Act of 1974 (FERPA).

This workshop will solicit input from a variety of education technology vendors, schools, parents, advocates, and privacy professionals to discuss their experiences navigating FERPA and COPPA while implementing education technology in a classroom setting. The Department and the FTC are interested in learning about experiences, both positive and negative, in navigating the intersection of these statutes.

You can find a full list of questions, and information about how to submit comments, in the attached document. The workshop, which is free and open to the public, will be at the FTC’s Constitution Center, 400 7th St., SW, Washington, DC. It will be webcast live on the FTC’s website.

Guidance

Integrated Data Systems and Student Privacy

This webinar accompanies the guidance document on Integrated Data Systems. This presentation provides background information on what an Integrated Data System (IDS) is and why educational authorities may choose to participate in one, and clarifies how such authorities can participate in an IDS while ensuring student privacy in compliance with FERPA.

Guidance

Use of Financial Aid Information for Program Evaluation and Research

This webinar provides additional information on the use of Financial Aid Information for program evaluation and how that data sharing operates under FERPA.

Guidance

Videos

The A-B-C's of Student Directory Information

FERPA allows schools and districts to designate certain basic student information as directory information, and share that information without consent if certain additional requirements are met. This video describes why a school would want to use designated student directory information and the types of information that fall into this category. It also explains the process that schools and districts must adhere to when designating directory information.

Guidance

Protecting Student Privacy While Using Online Educational Services: Model Terms of Service

The Privacy Technical Assistance Center, working with the Department of Education’s Family Policy Compliance office, has developed a checklist document that provides a framework for evaluating online educational tools' Terms of Service Agreements. This document is intended to assist users in understanding how a given online service or app will collect, use and/or transmit user information so that they can then decide whether or not to sign up.

The document is divided into several sections:

Guidance

Responsibilities of Third-Party Service Providers under FERPA

This document was developed by PTAC to assist online educational services providers, vendors, and contractors in understanding the Family Educational Rights and Privacy Act (FERPA). Similar guidance, Protecting Student Privacy While Using Online Educational Services, is intended for school audiences; this guidance presents the same material, but in a format geared toward third-party service providers.

Guidance

Cloud Computing FAQ

This document is designed to assist educational agencies and institutions that are considering using cloud computing solutions for education data. It contains responses to frequently asked questions about meeting necessary data privacy and data security requirements, including compliance with the Family Educational Rights and Privacy Act, to ensure proper protection of education records.

Guidance

Contractor Responsibilities Under FERPA: Tri-fold

This document is intended for state educational agencies (SEAs) and/or their contracted companies to use to inform the contractors’ staff about their responsibilities to protect students’ personally identifiable information acquired under FERPA’s audit or evaluation exception.

This version is a tri-fold brochure for Microsoft Word that leaves space to amend applicable state or local privacy laws.

Guidance

Contractor Responsibilities Under FERPA: Single Page

This version is a single-page .pdf intended for use as a standard FERPA-only acknowledgement.

Search form

Search form