Data PrivacyLaws, policies, and best practices related to both general and student data privacy at the California Department of Education. It provides data privacy information for parents, teachers, local education agencies, and the general public.
Privacy of Student Records Collected and Maintained by the California Department of Education
To meet its statutory responsibilities, the California Department of Education (CDE) collects and maintains personally identifiable information (PII) from the education records of California students. Such information may include the following:
- Student’s name, identification number, address, race/ethnicity, gender, date of birth, place of birth, name and address of parent or guardian
- Attendance data
- Data regarding student progress, including grade level completed, school attended, course enrollment, academic work completed, and date of graduation
- Standardized test scores
- Disciplinary actions
- Data regarding eligibility for, or participation in, school lunch programs
- Data regarding eligibility for special education and special education services provided to the student
- Data regarding eligibility for other compensatory programs and special program services provided to the student
Data gathered by the CDE are used for many important purposes including:
- Calculating and reporting the Academic Performance Index (API)
- Adequate Yearly Progress reporting
- Alternative Schools Accountability Model (ASAM) reporting
- California English Language Development Test (CELDT) reporting
- Summarizing California High School Exit Examination results
- Calculating and reporting Graduation Rates
- Summarizing Physical Fitness Test results
- Generating School Accountability Report Cards
- Assessing California students' performance and progress
Related CDE Resources
- DataQuest – Reports about California schools and school districts
- FERPA Summary Page – Summary information and links to information regarding the FERPA
- California Longitudinal Pupil Achievement Data System (CALPADS) – Information regarding the CDE’s longitudinal data system
Outside Privacy Resources
The following is a list of data privacy resources developed and maintained outside of the CDE. While not vetted or endorsed by the CDE, these resources may provide assistance in understanding and navigating data privacy laws and issues.
- Forum Guide to Education Data Privacy – (PDF) This downloadable PDF was developed by the National Center for Education Statistics (NCES) Data Privacy Forum as a resource for state and local educational agencies (SEAs and LEAs) to use in assisting school staff in protecting the confidentiality of student data in instructional and administrative practices. SEAs and LEAs may also find the guide useful in developing privacy programs and related professional development programs.
- Data Privacy Guidebook – (PDF) This downloadable PDF developed by a collaboration of the California County Superintendents Educational Services Association (CCSESA), California Educational Technology Professionals Association (CETPA), and others provides tips and guidance for complying with student data privacy laws and best practices.
- Family Policy Compliance Office (FPCO) – The U.S. Department of Education’s (ED’s) FPCO provides students and parents with information related to the FERPA and the Protection of Pupil Rights Amendment (PPRA).
- Privacy Technical Assistance Center (PTAC) – The ED established the PTAC as a resource for education stakeholders to learn about data privacy, confidentiality, and security practices related to student data.
- Student Privacy 101: FERPA for Parents and Students (WMV) – This 4:03 minute video provides an overview of FERPA.
- FERPA Sherpa Student Privacy Resource Center – This resource developed and maintained by the nonprofit Future of Privacy Forum focuses on student data privacy and provides information from a variety of sources.
- Protect Kids Online – This is a resource developed by the Federal Trade Commission (FTC) to help parents/guardians understand and manage the risks associated with their child(ren)’s online presence.
- Data Quality Campaign (DQC) – The DQC is an advocacy group that focuses on data privacy issues.
- Fair Information Practice Principles (FIPPs) (PDF) – Exhibit A to the National Strategy for Trusted Entities in Cyberspace published by the National Institute of Standards and Technology (NIST). This document provides information on principles that many information technology (IT) professionals consider when evaluating systems, processes, and programs that will contain PII.
- On Guard Online – This Web site, managed by the FTC in partnership with other federal agencies, provides tips to help citizens be safe, secure, and responsible online. A variety of tools for parents/guardians, educators, and the general public are provided.
- Privacy Grade: Grading the Privacy of Smartphone Apps – Researchers from Carnegie Mellon University have developed this site to analyze and assign ratings to smartphone and tablet apps.
- Special Publication 800-53, Revision 4 – Security and Privacy Controls for Federal Information Systems and Organizations (PDF) – This publication provides guidelines for selecting and specifying security controls for organizations and information systems supporting the executive agencies of the federal government to meet the privacy and security requirements of Federal Information Privacy Standards (FIPS) Publication 200.
- Protecting Privacy in Connected Learning – This toolkit was developed by the Consortium of School Networking (CoSN) to help local educational agencies LEAs (in conjunction with their local legal counsel) navigate four major federal laws: FERPA, Children’s Online Privacy Protection Act (COPPA), Health Insurance Portability and Accountability Act (HIPAA) and the PPRA.
- Model Notification of Rights for Elementary and Secondary Schools – This document is a sample form of the annual FERPA parental notification.
- The Center for Digital Education’s “What Every K–12 Institution Should Look for in a Reference Architecture for Successful Private Cloud Deployment" – This document provides the nonprofit Center for Digital Education’s suggested considerations for those LEAs who are contemplating cloud-based services.
Data Privacy Laws
- Student Online Personal Information Protection Act
- AB 1584 (Third Party Contracts)
- AB 1442 (Social Media)
- SB 178 (Electronic Devices)
- EC Section 49073
- Family Educational Rights and Privacy Act (FERPA) – 20 U.S.C. Section 1232g
- FERPA Regulations – 34 CFR Part 99
- Protection of Pupil Rights Amendment (PPRA) – 20 U.S.C. § 1232h
- Children’s Online Privacy Protection Act (COPPA) – 15 U.S.C. §§ 6501-6506
- COPPA Regulations – 16 CFR Part 312
- California Public Records Act (PRA) – California Government Code §§ 6250 – 6270
- California Information Practices Act (IPA) – California Civil Code §§ 1798-1798.1
- California Code of Regulations (CCR), Title 5, §§ 430-438
- EC Section 60607
- The Richard B. Russell National School Lunch Act, as amended (42 U.S.C. § 2, 1751) (PDF)