By Audience: Education Technology Vendors

The resources on this page are intended for vendors and other third party providers who are developing, or selling educational technology apps or services that utilizes or collect or uses Students’ Personally Identifiable Information.  Resources found here are intended to provide technical assistance and best practices for those vendors to ensure they are properly handling FERPA-protected information.

Guidance and Best Practices

Protecting Student Privacy While Using Online Educational Services: Requirements and Best Practices

This document addresses privacy and security considerations relating to computer software, mobile applications (apps), and web-based tools provided by a third-party to a school or district that students and/or their parents access via the Internet and use as part of a school activity. Examples include online services that students use to access class readings, to view their learning progression, to watch video demonstrations, to comment on class activities, or to complete their homework.

Guidance and Best Practices

Data Breach Response Checklist

This publication provides educational agencies and institutions with a checklist of critical breach response components and steps to assist stakeholder organizations in building a comprehensive data breach response capability. The checklist is meant to be used as a general example illustrating some current industry best practices in data breach response and mitigation applicable to education community.