Data Privacy

Privacy of Student Records Collected and Maintained by the California Department of Education

Statutory Authority

To meet its statutory responsibilities, the California Department of Education (CDE) collects and maintains personally identifiable information (PII) from the education records of California students. Such information may include the following:

• Student’s name, identification number, address, race/ethnicity, gender, date of birth, place of birth, name and address of parent or guardian
• Attendance data
• Data regarding student progress, including grade level completed, school attended, course enrollment, academic work completed, and date of graduation
• Standardized test scores
• Disciplinary actions
• Data regarding eligibility for, or participation in, school lunch programs
• Data regarding eligibility for special education and special education services provided to the student
• Data regarding eligibility for other compensatory programs and special program services provided to the student

The CDE adheres to the privacy requirements in the Family Educational Rights and Privacy Act (FERPA) of 1974, as amended (20 United States Code [U.S.C.] § 1232g; 34 Code of Federal Regulations [CFR] Part 99), The Richard B. Russell National School Lunch Act, as amended (42 U.S.C. § 2, 1751), the California Information Practices Act (California Civil Code Section 1798 et seq.), California Business & Professions Code § 22584, California Education Code (EC) §§ 49062, 49073.1, 49073.6 et seq., section 49073.1, Article 1, Section 1 of the California Constitution, and all other applicable federal and state laws and regulations that safeguard education records, privacy, and confidentiality.

Data Use

Data gathered by the CDE are used for many important purposes including:

• Calculating the California School Dashboard's Indicators of School Success (PDF)
• Generating DataQuest reports about California schools and districts
• Generating the CDE’s Downloadable Data Files
• Providing fiscal, demographic, and performance data on California’s K-12 Schools for Ed Data
• Calculating state and federal categorical funding disbursements via the Consolidated Application
• Calculating Local Control Funding Formula apportionments
• Administering Nutrition Services Programs

Related CDE Resources

• Data Requests
  Information on policies and procedures for requesting CDE data
  
• Data Resource Guide
  Catalog of the CDE’s data assets
• FERPA Summary Page
  Summary information and links to information regarding the FERPA
• California Longitudinal Pupil Achievement Data System (CALPADS)
  Information regarding the CDE’s longitudinal data system

Outside Privacy Resources

The following is a list of data privacy resources developed and maintained outside of the CDE. While not vetted or endorsed by the CDE, these resources may provide assistance in understanding and navigating data privacy laws and issues.

• Houston Independent School District
  This Web site offers both English and Spanish language content on various cyber safety topics (e.g., social media, cyber bullying, sexting, online gaming) for students, parents, and educators.
• Common Sense Media Privacy and Internet Safety
  This Web site provides age-based tips for protecting kids online
• Common Sense Education EdTech Product Privacy Evaluations
  This Web site provides privacy evaluations of over 100 commonly-used educational technology tools
• The Privacy Paradox
  This Web site features tools, tips, resources, podcast segments, and a 5 day program to help digital content consumers understand privacy and manage digital identity.
• Forum Guide to Education Data Privacy (PDF)
  This downloadable PDF was developed by the National Center for Education Statistics (NCES) Data Privacy Forum as a resource for state and local educational agencies (SEAs and LEAs) to use in assisting school staff in protecting the confidentiality of student data in instructional and administrative practices. SEAs and LEAs may also find the guide useful in developing privacy programs and related professional development programs.
• Data Privacy Guidebook (PDF)
  This downloadable PDF developed by a collaboration of the California County Superintendents Educational Services Association (CCSESA), California Educational Technology Professionals Association (CETPA), and others provides tips and guidance for complying with student data privacy laws and best practices.
• Family Policy Compliance Office (FPCO)
  The U.S. Department of Education’s (ED’s) FPCO provides students and parents with information related to the FERPA and the Protection of Pupil Rights Amendment (PPRA).
• Privacy Technical Assistance Center (PTAC)
  The ED established the PTAC as a resource for education stakeholders to learn about data privacy, confidentiality, and security practices related to student data.
• Student Privacy 101: FERPA for Parents and Students (Video; 4:03)
  This 4:03 minute video provides an overview of FERPA.
• FERPA Sherpa Student Privacy Resource Center
  This resource developed and maintained by the nonprofit Future of Privacy Forum focuses on student data privacy and provides information from a variety of sources.
• Protect Kids Online
  This is a resource developed by the Federal Trade Commission (FTC) to help parents/guardians understand and manage the risks associated with their child(ren)’s online presence.
• Data Quality Campaign (DQC)
  The DQC is an advocacy group that focuses on data privacy issues.
• Fair Information Practice Principles (FIPPs) (PDF)
  Exhibit A to the National Strategy for Trusted Entities in Cyberspace published by the National Institute of Standards and Technology (NIST). This document provides information on principles that many information technology (IT) professionals consider when evaluating systems, processes, and programs that will contain PII.
• On Guard Online
  This Web site, managed by the FTC in partnership with other federal agencies, provides tips to help citizens be safe, secure, and responsible online. A variety of tools for parents/guardians, educators, and the general public are provided.
• Special Publication 800-53, Revision 4 – Security and Privacy Controls for Federal Information Systems and Organizations (PDF)
  This publication provides guidelines for selecting and specifying security controls for organizations and information systems supporting the executive agencies of the federal government to meet the privacy and security requirements of Federal Information Privacy Standards (FIPS) Publication 200.
• Protecting Privacy in Connected Learning
  This toolkit was developed by the Consortium of School Networking (CoSN) to help LEAs (in conjunction with their local legal counsel) navigate four major federal laws: FERPA, Children’s Online Privacy Protection Act (COPPA), Health Insurance Portability and Accountability Act (HIPAA) and the PPRA.
• Model Notification of Rights for Elementary and Secondary Schools
  This document is a sample form of the annual FERPA parental notification.
• The Center for Digital Education’s “What Every K–12 Institution Should Look for in a Reference Architecture for Successful Private Cloud Deployment" 
  This document provides the nonprofit Center for Digital Education’s suggested considerations for those LEAs who are contemplating cloud-based services.
• Protecting Student Privacy While Using Online Educational Resources
  This PTAC Web page provides guidance and resources for complying with privacy mandates and best practices while using educational technology in the classroom.

Data Privacy Laws

• Student Online Personal Information Protection Act
• AB 1584 (Third Party Contracts)
• AB 1442 (Social Media)
• SB 178 (Electronic Devices)
• EC Section 49073
• Family Educational Rights and Privacy Act (FERPA) – 20 U.S.C. Section 1232g
• FERPA Regulations – 34 CFR Part 99
• Protection of Pupil Rights Amendment (PPRA) – 20 U.S.C. § 1232h
• Children’s Online Privacy Protection Act (COPPA) – 15 U.S.C. §§ 6501-6506
• COPPA Regulations – 16 CFR Part 312
• California Public Records Act (PRA) – California Government Code §§ 6250 – 6270
• California Information Practices Act (IPA) – California Civil Code §§ 1798-1798.1
• California Code of Regulations (CCR), Title 5, §§ 430-438
• EC Section 60607
• The Richard B. Russell National School Lunch Act, as amended (42 U.S.C. § 2, 1751) (PDF)