Security Best Practices

The Department of Education (Department) is required to notify annually each State educational agency (SEA) and each local educational agency (LEA) of its obligations, as a recipient of Department funds, under the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA). Attached are letters from the Secretary of Education and the Department’s Student Privacy Policy Office (SPPO) reminding SEAs and LEAs of their obligations under FERPA and PPRA as recipients of federal funding through the Secretary.

The Family Educational Rights and Privacy Act or FERPA provides certain rights for parents regarding their children’s education records. This guide provides general information on a parent’s rights under FERPA.

Schools across the nation are working hard to keep students, teachers, and staff safe during the COVID-19 pandemic. However, many schools are wondering whether the Family Educational Rights and Privacy Act (FERPA) allows them to disclose information about cases of COVID-19 to the community. The Student Privacy Policy Office provided answers to these questions in our March 2020 guidance. Subsequent to issuing the guidance, we have seen reports that states, cities, school districts, and schools are continuing to face questions about disclosing COVID-19 cases.

The Department is committed to protecting student privacy. To provide more timely and effective assistance to parents and students and to address a recommendation made by the Department’s Office of the Inspector General to “implement a risk-based approach to processing and resolving FERPA complaints,”  the Department is modifying its investigatory practices to more efficiently address and resolve complaints and violations under FERPA.  

The administration of college admissions examinations by SEAs and LEAs raises potential legal issues under FERPA, IDEA, PPRA, and State privacy laws, and generally raises concerns about privacy best practices. In particular, the pre-test surveys administered in connection with these exams raised privacy concerns that SEAs and LEAs must consider when contracting with the testing companies. This document discusses the legal issues, and advises SEAs and LEAs about how to remain in compliance when administering the tests. The document also conveys best practice recommendations to encourage transparency and parental involvement.

The list of resources contained in this Excel spreadsheet includes all “guidance documents” issued by the Student Privacy Policy Office (SPPO). As a general matter, guidance documents are statements of general applicability, intended to have future effect on the behavior of regulated parties, that set forth a policy on a statutory, regulatory, or technical issue; or an interpretation of a statute or regulation.

This 2025 letter of finding sent to the Middleton Cross Plains Area School District addresses a parent’s complaint under FERPA regarding access to certain education records related to their student.

This letter is meant to inform State Education Agencies about their responsibilities regarding federal privacy laws including FERPA and PPRA.

This letter is meant to inform Local Education Agencies about their responsibilities regarding federal privacy laws including FERPA and PPRA.

Letter to Chief State School Officers regarding the applicability of FERPA to the disclosure of personally identifiable information for students’ education records used to automatically enroll eligible children in the Summer Electronic Benefits Transfer Program (Summer EBT).