Resources

This section houses all guidance documents, training materials, policy letters and other resources dedicated to protecting student privacy.  To narrow the list of documents below, use the drop down menus to select the type of resource, the topic and/or the audience and click the ‘apply’ button.  An updated list of resources will then be displayed below.

Guidance

Protecting Student Privacy While Using Online Educational Services: Requirements and Best Practices

This document addresses privacy and security considerations relating to computer software, mobile applications (apps), and web-based tools provided by a third-party to a school or district that students and/or their parents access via the Internet and use as part of a school activity. Examples include online services that students use to access class readings, to view their learning progression, to watch video demonstrations, to comment on class activities, or to complete their homework.

Best Practices
Letters

Rescinded: August 2020 - Joint FERPA Letter with ED HHS regarding Uninterrupted Scholars Act

Rescinded: August 2020

This letter written to Chief State School Officers and State Child Welfare Directors between the U.S. Department of Health and Human Services and Department of Education describes the Uninterrupted Scholars Act and its impact on data sharing between education and health and human service agencies.

Letters

SPPO Findings Letters 2012

As part of its enforcement activities under FERPA, the Student Privacy Policy Office issues a variety of letters to include letters that explain why an investigation will not be initiated as well as that detail our findings after conducting an investigation.  While we have identified those letters of more significance and posted them under “Letters of Importance,” we also want to make available the full collection of findings letters we issued in this archive.  The attached archive, in ZIP file format, contains redacted letters from the 2012 calendar year.  

Guidance

Data De-identification: An Overview of Basic Terms

This document is intended to assist educational agencies and institutions with maintaining compliance with privacy and confidentiality requirements under the Family Educational Rights and Privacy Act (FERPA) by reviewing basic terminology used to describe data de-identification as well as related concepts and approaches.

Guidance

Frequently Asked Questions - Disclosure Avoidance

This document is intended to provide general guidance to State and local educational agencies and institutions about the best practice strategies for protecting personally identifiable information from education records in aggregate reports. The paper provides suggestions on how to ensure that necessary confidentiality requirements are met, including compliance with the Family Educational Rights and Privacy Act (FERPA). The information is presented in the form of responses to frequently asked questions (FAQs), followed by a list of additional resources at the end.

Guidance

Data Breach Response Checklist

This publication provides educational agencies and institutions with a checklist of critical breach response components and steps to assist stakeholder organizations in building a comprehensive data breach response capability. The checklist is meant to be used as a general example illustrating some current industry best practices in data breach response and mitigation applicable to education community.

Guidance

Presentation: 25th Annual MIS 2012 - Protection of Personally Identifiable Information Through Disclosure Avoidance Techniques (Feb 2012)

This presentation reviews key disclosure avoidance concepts and provides best practice suggestions for implementing the techniques to ensure proper protection of the privacy and confidentiality of student records under the Family Educational Rights and Privacy Act.