Skip to main content Search

Legal

There are several laws that dictate how schools and teachers handle student data.

 

FERPA - The Family Educational Rights and Privacy Act

FERPA requires that schools have written permission from the parent or guardian in order to release any information from a student's education record. So the most important thing is that, with some very specific exceptions, you shouldn't be sharing student information with apps and websites without parent permission.

 

COPPA - The Children's Online Privacy Protection Act

COPPA puts special restrictions on software companies about the information they can collect about students under 13. So, students under 13 can't make their own accounts, teachers have to make the accounts for them. In making the accounts, teachers need to be aware of their responsibility under FERPA.

 

CIPA - The Children's Internet Protection Act

Teachers don't need to help comply with CIPA, but it's useful to know that it is in place. CIPA requires districts to put measures in place to filter Internet access and other measures to protect students.

 

PPRA - Protection of Pupil Rights Amendment

PPRA governs the administration to students of any survey, analysis, or evaluation that concerns one or more of eight designated protected areas.

 

California

 

SOPIPA :: Student Online Personal Information Protection Act (SB 1177)

Student Online Personal Information Protection Act (“SOPIPA”) (California Business & Professions Code § 22584) California Business and Professions Code section 22584, also known as the Student Online Personal Information Protection Act (“SOPIPA”), takes effect on January 1, 2016 and sets forth privacy laws for operators of websites, online services, and applications that are marketed and used for K-12 school purposes, even if those operators do not contract with educational agencies. While primary responsibility for compliance with SOPIPA lies with website operators, LEAs should proceed with reasonable due diligence when evaluating technology service providers, especially providers based outside of California, to ensure their policies and procedures comply with SOPIPA.

 

AB 1584 :: California Student Privacy Protection

Technology services agreements entered into, amended, or renewed by a California LEA on or after January 1, 2015 must follow specific requirements. These requirements apply to contracts for services that utilize electronic technology, including cloud-based services, for the digital storage, management and retrieval of pupil records, as well as educational software that authorizes a third-party provider to access, store and use pupil records.

 

Collection of Student Information from Social Media :: California Education Code § 49073.6

California Education Code section 49073.6 requires that LEAs considering “a program to gather or maintain in its records any pupil information obtained from social media” first notify pupils and their parents or guardians about the proposed program, and then provide an opportunity for public comment at a regularly scheduled public meeting before adopting the program. “Social media” means an electronic service or account, or electronic content, including, but not limited to, videos, still photographs, blogs, video blogs, podcasts, instant messages, email, text messages, online services or accounts, or Internet website profiles or locations. For purposes of this law, “social media” does not mean an electronic service or account used exclusively for educational purposes or primarily to facilitate creation of school-sponsored publications, such as a yearbook or pupil newspaper, under the direction or control of a school, teacher, or yearbook adviser.