Student Data Privacy

We take student data privacy very seriously in Denver Public Schools (DPS).  Safeguarding student data is an essential responsibility for all DPS employees.  Our schools and staff follow our Student Data Privacy training and guidance process to ensure that all DPS staff are:

  1. Protecting student data

  2. In compliance with Colorado state and federal laws regarding student data privacy

Public Transparency

The Colorado Department of Education (CDE) collects student data from students across Colorado to meet specific policy, practice, and service requirements of state and federal laws.  We collect and submit DPS student data to CDE based on their requirements and procedures.  CDE provides a Data Collection Fact Sheet of what type of information is collected as well as an overview of the Data Elements Collected in Data Collection System to meet state and federal reporting mandates. In addition, this Student Data Map outlines the types of student Personally Identifiable Information (PII) that we collect in our primary enterprise applications. These applications represent the core of DPS’ operational information systems, and the data within these systems is highly managed for security, quality and appropriate usage.

What is the ATM?

The Academic Technology Menu (ATM) is a resource for school leaders, teachers, students and parents/guardians as part of the student data privacy process. The purpose of the ATM is to allow school leaders and teachers to identify which tools they plan to use with students, and to inform parents/guardians of these tools and their privacy policies. As applications are adopted by schools, and if they are not already protected by student data privacy agreements, the ATM provides assistance for schools to take appropriate measures in protecting student data by providing guidelines for obtaining data-sharing agreements or obtaining parent consent for classroom use. The ATM is also an integral part of the district’s Academic Technology Strategic Plan.

Parent Consent – On-Demand Service Providers

If a vendor has not signed the DPS Data Protection Addendum (discussed further below) then it is considered to be an on-demand service provider.  Parent/guardian consent is required at the school level before student data can be shared with on-demand service providers. You can review the educational technology resources listed by your student’s school in the ATM and the provider privacy policies. Parent consent is given each school year through the Annual Family Update.  As new tools are added by your school, parents/guardians will receive notifications from their school so they have the opportunity to provide consent.

Data Protection Addendums

At a district level, we devote significant staff time and resources to negotiating contracts with vendors that include a formal data sharing agreement (Data Protection Addendum) to prohibit student data mining or targeting marketing while requiring industry standards for encryption and security,  These agreements allow DPS to designate vendors as “school officials” to enable us to share student data without parent/guardian consent.

Approved DPA Vendor List

The Approved DPA Vendor List provides the names of vendors who have signed the DPS DPA.  We require that vendors sign the DPA if they have a negotiated contract.

District-Wide Tools

There are certain tools, such as our Learning Management Systems (Schoology and Seesaw), that are district purchased and managed. District purchased and managed digital content ensures ease of access for students with single sign-on and IP authentication, while also protecting student data privacy and copyright compliance.


There are several laws that dictate how schools and teachers handle student data.

  • FERPA – The Family Educational Rights and Privacy Act
    FERPA requires that schools have written permission from the parent or guardian in order to release any information from a student’s education record. So the most important thing is that, with some very specific exceptions, you shouldn’t be sharing student information with apps and websites without parent permission.

  • COPPA – The Children’s Online Privacy Protection Act
    COPPA puts special restrictions on software companies about the information they can collect about students under 13. So, students under 13 can’t make their own accounts, teachers have to make the accounts for them. In making the accounts, teachers need to be aware of their responsibility under FERPA.

  • CIPA – The Children’s Internet Protection Act
    Teachers don’t need to help comply with CIPA, but it’s useful to know that it is in place. CIPA requires districts to put measures in place to filter Internet access and other measures to protect students.

  • PPRA – Protection of Pupil Rights Amendment
    PPRA governs the administration to students of any survey, analysis, or evaluation that concerns one or more of eight designated protected areas.

  • SDTSA – Colorado Student Data Transparency and Security Act (HB 16-1423)
    SDTSA puts additional restrictions on how school districts can share student data with third party service providers. The three primary focus areas of the law are:

    1. Data Use Obligations and Restrictions

    2. Data Transparency

    3. Data Security & Destruction