The Privacy Technical Assistance Center was established by the U.S. Department of Education as a resource for educators to learn about data privacy, confidentiality, and security practices. While not all federal and state education laws apply to private and independent schools, the resources the Center provides can be helpful, especially considering that California interprets rules regarding pupil records and privacy similarly to federal interpretations under FERPA.
Online Educational Services include web-based tools that students or their parents access via the Internet and use as part of a school activity. The tips in the recent document from the Department of Education do not cover online services such as social media, or online services used only by educators.
The student information used on online educational tools often use FERPA-protected information. For example, log in information may use student data. Online educational tools also access metadata, such as information about how long a student spent on a particular lesson, or how many attempts the student made before the correct answer was entered. Metadata that has been stripped of all identifying information will not be considered protected by FERPA.
Schools using online tools that require the disclosure of FERPA-protected data should, as a best practice, get parental permission before releasing any data to the third-party provider. Some other best practices include: maintaining awareness of other relevant state or local laws regarding the privacy and protection of student information; being aware of which online educational services are currently being used in the school; having policies and procedures to evaluate and approve proposed online educational services; using written contracts or agreements with online providers when possible; and being honest and transparent with students and families about what tools are being used and what information is being given to third-party providers.
More information from PTAC can be found at