By Audience: K-12 School Officials

The resources on this page are intended for staff and educators of public K-12 schools and school districts.  Resources found here typically address FERPA and how it applies to the various day-to-day operations of public schools at the administrative level.  Guidance is also provided for specific situations that occur only in the K-12 setting.

Guidance and Best Practices

Protecting Student Privacy While Using Online Educational Services: Model Terms of Service

The Privacy Technical Assistance Center, working with the Department of Education’s Family Policy Compliance office, has developed a checklist document that provides a framework for evaluating online educational tools' Terms of Service Agreements.  This document is intended to assist users in understanding how a given online service or app will collect, use and/or transmit user information so that they can then decide whether or not to sign up.

The document is divided into several sections:

Guidance and Best Practices

Issue Brief: Data Governance and Stewardship

This brief provides guidance on how to successfully manage complex data systems by establishing a comprehensive data governance approach. Data governance principles discussed in this paper apply to a large number of audiences and can be used to improve data management of systems spanning pre-school through postsecondary education and into the workforce.

Guidance and Best Practices

Guidance for Reasonable Methods and Written Agreements

This document provides guidance for schools, school districts, postsecondary institutions, and State educational authorities (such as State educational agencies) that may disclose personally identifiable information from education records. The document provides these entities with information about requirements and best practices for data disclosures under the studies exception and the audit or evaluation exception, as specified in the Family Educational Rights and Privacy Act.

Guidance and Best Practices

Responsibilities of Third-Party Service Providers under FERPA

This document was developed by PTAC to assist online educational services providers, vendors, and contractors in understanding the Family Educational Rights and Privacy Act (FERPA). Similar guidance, Protecting Student Privacy While Using Online Educational Services, is intended for school audiences; this guidance presents the same material, but in a format geared toward third-party service providers.

Guidance and Best Practices

Identity Authentication Best Practices

This brief offers best practice recommendations for developing and implementing effective authentication processes to help ensure that only appropriate individuals and entities have access to education records. General suggestions provided in the brief are applicable to all modes of data access, be it in person, over the phone, by mail, or electronically.

Guidance and Best Practices

Checklist: Mapping Data Flows

This guidance document is intended to help educational agencies and institutions create visual “maps” of how their data flows in the data systems.  Including maps in data governance plans can help organizations better understand what data are in their systems, where the data reside, what sources they come from, why those data are collected, what limitations or restrictions apply, how they are linked, and what policy questions those data are used to answer.