By Audience: K-12 School Officials

The resources on this page are intended for staff and educators of public K-12 schools and school districts.  Resources found here typically address FERPA and how it applies to the various day-to-day operations of public schools at the administrative level.  Guidance is also provided for specific situations that occur only in the K-12 setting.

Guidance and Best Practices

Data Breach Response Training Kit

Any organization with electronic records is vulnerable to security breaches, and education agencies are no exception. The PTAC Data Breach Scenario is one of a series of exercises intended to assist schools, districts, and other educational organizations with internal data security training.

The Password Data Breach interactive exercise is aimed at district management and provides a simulated response to a district-level data breach. Over the course of 1-2 hours, this customizable exercise leads participants through a scenario involving a breach of student information and other personally identifiable information. The exercise focuses on the processes, procedures, and skills needed to respond. The package includes three parts: Facilitator’s Guide, PowerPoint Slides, and Exercise Handouts. 

Guidance and Best Practices

PTAC Teacher Training Focus Groups Report

The Privacy Technical Assistance Center (PTAC) conducted a series of focus groups to gain insight into teachers’ needs for training on student privacy and the Family Educational Rights and Privacy Act (FERPA). This report documents the findings of these focus groups, as well as recommendations on how to develop new student privacy and FERPA training for teachers.

Recorded Webinars

Integrated Data Systems and Student Privacy

This webinar accompanies the guidance document on Integrated Data Systems. This presentation provides background information on what an Integrated Data System (IDS) is and why educational authorities may choose to participate in one, and clarifies how such authorities can participate in an IDS while ensuring student privacy in compliance with FERPA.

Guidance and Best Practices

Model Notice for Directory Information (En Espanol)

This document is a template notice for notifying parents and eligible students (students over 18 years of age or attending a school beyond the high school level) about the type of information from student’s education records, designated by a School District as “directory information,” that schools may disclose without consent, unless advised to the contrary.  This version is the Spanish translation.

Guidance and Best Practices

W 2 Phishing Scam

Important Internal Revenue Service (IRS) guidance highlighting ongoing phishing attacks against K-12 schools and school districts. These attacks are targeting HR and critical business functions within organizations to access the Personally Identifiable Information (PII) from the W-2 forms of employees and, in some cases, extracting fraudulent payments from their victims. This document contains a summary of the attacks, tactics of the attackers, potential ramifications and links to the official IRS guidance.