We take student data privacy very seriously in Denver Public Schools (DPS). Safeguarding student data is an essential responsibility for all DPS employees. Our schools and staff follow our student data privacy training and guidance process to ensure that all DPS staff are:
- Protecting student data
- In compliance with Colorado state and federal laws regarding student data privacy
CoSN (the Consortium for School Networking) has awarded Denver Public Schools the national Trusted Learning Environment (TLE) Seal. This mark of distinction reflects Denver Public Schools’ strong commitment to protecting student data privacy, and the hard work DPS has engaged around to build and continuously improve a robust student data privacy program.
Denver Public Schools Board of Education adopted a Student Information Privacy and Protection Policy (Administration Policy JRCB, Privacy and Protection of Confidential Student Information), on November 16, 2017. The Policy informs stakeholders of important privacy aspects, including, but not limited to: privacy compliance standards, privacy and security audits, security breach procedures, data retention and destruction procedures, and compliance with FERPA and the Colorado Student Data Transparency and Security Act.
The Colorado Department of Education (CDE) collects student data from students across Colorado to meet specific policy, practice, and service requirements of state and federal laws. We collect and submit DPS student data to CDE based on their requirements and procedures. CDE provides a Data Collection Fact Sheet of what type of information is collected as well as an overview of the Data Elements Collected in Data Collection System to meet state and federal reporting mandates.
The Academic Technology Menu (ATM) is now using Digital Insight to track all of the applications used by schools. The purpose of the ATM is to allow school leaders and teachers to identify which tools they plan to use with students, and to inform parents/guardians of these tools and their privacy policies.
If a vendor has not signed the DPS Data Protection Addendum (discussed further below) then it is considered to be an on-demand service provider. Parent/guardian consent is required at the school level before student data can be shared with on-demand service providers. You can review the educational technology resources listed by your student’s school in the ATM and the provider privacy policies. Parent consent is given each school year through the Annual Family Update, and then parent/consent is obtained throughout the school year. Schools will notify parents/guardians by the start of the second semester each school year of new tools added since the beginning of the school year.
At a district level, we devote significant staff time and resources to negotiating contracts with vendors that include a formal data sharing agreement (Data Protection Addendum) to prohibit student data mining or targeted marketing while requiring industry standards for encryption and security, These agreements allow DPS to designate vendors as “school officials” to enable us to share student data without parent/guardian consent.
District purchased and managed digital content, such as our student Learning Management Systems (Schoology and Seesaw), ensures ease of access for students with single sign-on and IP authentication, while also protecting student data privacy and copyright compliance.
There are several laws that dictate how schools and teachers handle student data.
- FERPA – The Family Educational Rights and Privacy Act
FERPA requires that schools have written permission from the parent or guardian in order to release any information from a student’s education record. So the most important thing is that, with some very specific exceptions, you shouldn’t be sharing student information with apps and websites without parent permission.
- COPPA – The Children’s Online Privacy Protection Act
COPPA puts special restrictions on software companies about the information they can collect about students under 13. So, students under 13 can’t make their own accounts, teachers have to make the accounts for them. In making the accounts, teachers need to be aware of their responsibility under FERPA.
- CIPA – The Children’s Internet Protection Act
Teachers don’t need to help comply with CIPA, but it’s useful to know that it is in place. CIPA requires districts to put measures in place to filter Internet access and other measures to protect students.
- PPRA – Protection of Pupil Rights Amendment
PPRA governs the administration to students of any survey, analysis, or evaluation that concerns one or more of eight designated protected areas.
- SDTSA – Colorado Student Data Transparency and Security Act (HB 16-1423)
SDTSA puts additional restrictions on how school districts can share student data with third party service providers. The three primary focus areas of the law are:
- Data Use Obligations and Restrictions
- Data Transparency
- Data Security & Destruction