Audience Landing Page

This section houses all guidance documents, training materials, policy letters and other resources dedicated to protecting student privacy.  To narrow the list of documents below, use the drop down menus to select the type of resource, the topic and/or the audience and click the ‘apply’ button.  An updated list of resources will then be displayed below.

Letters

Letter to Liberty University

This letter was sent to Liberty University in regards to a request for clarrification on the extent FERPA would require Liberty University to provide individuals allegedly involved in fraud rings with the opportunity to inspect and review investigation reports prepared by the University related to suspected financial aid fraud.  

Letters

Cyber Advisory - New Type of Cyber Extortion / Threat Attack

Schools have long been targets for cyber thieves and criminals.  We are writing to let you know of a new threat, where the criminals are seeking to extort money from school districts and other educational institutions on the threat of releasing sensitive data from student records.  In some cases, this has included threats of violence, shaming, or bullying the children unless payment is received.

Letters

FTC and the Department of Education to Host Workshop on Student Privacy and Ed Tech; Seeking Public Comments

The U.S. Department of Education and the Federal Trade Commission (FTC) will host a joint workshop on December 1, 2017 to explore the intersection of Children's Online Privacy Protection Rule (COPPA) and the Family Educational Rights and Privacy Act of 1974 (FERPA).

This workshop will solicit input from a variety of education technology vendors, schools, parents, advocates, and privacy professionals to discuss their experiences navigating FERPA and COPPA while implementing education technology in a classroom setting.  The Department and the FTC are interested in learning about experiences, both positive and negative, in navigating the intersection of these statutes.   

You can find a full list of questions, and information about how to submit comments, in the attached document.   The workshop, which is free and open to the public, will be at the FTC’s Constitution Center, 400 7th St., SW, Washington, DC.  It will be webcast live on the FTC’s website. 

Guidance and Best Practices

Data Breach Response Training Kit

Any organization with electronic records is vulnerable to security breaches, and education agencies are no exception. The PTAC Data Breach Scenario is one of a series of exercises intended to assist schools, districts, and other educational organizations with internal data security training.

The Password Data Breach interactive exercise is aimed at district management and provides a simulated response to a district-level data breach. Over the course of 1-2 hours, this customizable exercise leads participants through a scenario involving a breach of student information and other personally identifiable information. The exercise focuses on the processes, procedures, and skills needed to respond. The package includes three parts: Facilitator’s Guide, PowerPoint Slides, and Exercise Handouts.