Data Privacy

Student Records & Privacy

Overview

Data can be a powerful tool for parents, educators, students, and policy makers. To meet statutory requirements and fulfill the California Department of Education’s (CDE’s) mission of providing a world-class education to all students, the CDE collects, maintains, and protects personally identifiable information (PII) about California’s students.

Privacy & Data Collection
Privacy & Data Use
Privacy & Data Management
Privacy Resources for Families
Privacy Resources for Educators
Privacy Resources for Counties & District Administrators
Privacy Laws

Privacy & Data Collection

Summary of data collected and protected by the CDE.

What the CDE Collects & Protects

Data collected and protected by the CDE includes:

• Student’s name, identification number, address, race/ethnicity, gender, date of birth, place of birth, name and address of parent or guardian
• Attendance data
• Data regarding student progress, including grade level completed, school attended, course enrollment, academic work completed, and date of graduation
• Standardized test scores
• Disciplinary actions
• Data regarding eligibility for, or participation in, school lunch programs
• Data regarding eligibility for special education and special education services provided to the student
• Data regarding eligibility for other compensatory programs and special program services provided to the student

Privacy & Data Use

Summary of data used by the CDE to fulfill mandates and provide services.

How the CDE Uses Data

Data gathered by the CDE are used for many important purposes including:

• Calculating the California School Dashboard's Indicators of School Success
• Generating DataQuest reports about California schools and districts
• Generating the CDE’s Downloadable Data Files
• Providing fiscal, demographic, and performance data on California’s K-12 Schools for Ed Data
• Calculating state and federal categorical funding disbursements via the Consolidated Application
• Calculating Local Control Funding Formula apportionments
• Administering Nutrition Services Programs

Privacy & Data Management

Summary of initiatives, policies, and procedures established as part of the CDE’s Data Strategy Program to ensure protection of privacy.

Annual In-Person Data Privacy Training

To ensure ongoing, up-to-date understanding of privacy laws and best practices, the CDE develops, maintains, updates, and delivers in-person Data Privacy Training to all staff with access to student data annually.

Annual Online Data Privacy Training

In addition to in-person training for staff with access to student data, the CDE requires all employees, regardless of access to take an online privacy and security course each year.

Privacy Awareness & Communications

To maintain privacy awareness throughout the year, the CDE’s EDGO Program hosts periodic presentations by cyber security and privacy experts from partner agencies such as the FBI and the US Department of Education’s Privacy Technical Assistance Center. CDE staff also attend and present at education conferences and symposia to network/learn from privacy professionals and share privacy resources with schools and districts.

Privacy Resources for Families

Privacy resources and tips, curated for parents and families.

Video Resources - Privacy Resources for Families

• Student Privacy 101: Family Educational Rights and Privacy Act (FERPA) for Parents and Students (Video; 4:03)
  This 4:03 minute video provides an overview of FERPA.
• Common Sense Media Tips & Picks for Families YouTube Channel Includes movie and video game reviews for parents, device and media balance advice for families, videos explaining apps kids are using, and more.
• KQED’s Above the Noise YouTube Channel Includes videos on digital citizenship and media literacy, including several videos on privacy.
• Family Online Safety Institute Resources for online safety and digital citizenship.

Curated Web Resources for Parents

• Parent Guides from ConnectSafely Tips and advice on various topics for parents guiding kids to safely navigate the digital world.
• ConnectSafely’s Ciberseguridad UNA GUÍA RÁPIDA PARA PADRES Y ADOLESCENTES (PDF) Spanish language Downloadable PDF developed to provide best practices for connecting and using digital devices safely.
• ConnectSafely’s Parent Guide to Student Data Privacy Overview of student privacy laws and rights for parents.
• Student Privacy Compass Parent Resources Curated student privacy information for parents.
• Protect Kids Online Resource developed by the Federal Trade Commission to help parents/guardians understand and manage the risks associated with their child(ren)’s online presence.
• Common Sense Media’s Privacy and Internet Security Page Privacy FAQ’s arranged by age, privacy articles, and more!
• NPR Life Kit: Parenting: 5 Strategies for Coping with Screen-Obsessed Kids 28 minute podcast episode with tips for parenting screen-loving kids.
• Common Sense Latino Technology Tips/Privacidad y seguridad en internet Technology tips for families in Spanish/Consejos sobre medios y tecnología.
• Sniffers and Snoopers and Hackers, Oh My! Protecting Yourself from the Risks of Public Wi-Fi Student Privacy Compass’ tips for minimizing risks associated with using public Wi-Fi.
• Parents: Raise Your Hand and Ask Schools How They Protect Student Data Student Privacy Compass’ guide to help parents learn about student privacy policies and practices in their kids’ school/district.

Privacy Resources for Educators

Privacy resources and tips, curated for educators.

Video Resources - Privacy Resources for Educators

• Student Privacy Compass’ Student Privacy Training for Educators Videos for educators on a variety of student privacy topics.
  
• Common Sense Education YouTube Channel Includes videos on teaching and learning in digital spaces, including several videos on privacy.
• KQED’s Above the Noise YouTube Channel Includes videos on digital citizenship and media literacy, including several videos on privacy.
• Utah State Board of Education (USBE) Student Data Privacy YouTube Channel Videos on FERPA, Children's Online Privacy Protection Act (COPPA), and student privacy best practices.
• Student Privacy Resource Center YouTube Channel Videos on various topics related to student data privacy.

Infographics, Tip Sheets & Lesson Plan Ideas

• ConnectSafely’s Parent's & Educators Guide to Media Literacy & False Information Tips and resources for helping kids and families navigate safely online.
• Common Sense Education Protect Your Students’ Data and Privacy Curated multi-media resources for promoting privacy in the classroom and beyond.
• Stop. Think. Connect. Tip sheets and infographics on various privacy topics from the National Cyber Security Alliance.
• Utah State Board of Education’s Data Privacy Resources Curated multi-media resources for teachers.
• On Guard Online This Web site, managed by the Federal Trade Commission (FTC) in partnership with other federal agencies, provides tips to help citizens be safe, secure, and responsible online. A variety of tools for parents/guardians, educators, and the general public are provided.
• 3 Easy Ways for Educators to Keep Online Accounts Secure Student Privacy Compass’ tips for protecting digital accounts.
• Want to Use Social Media in Your Classroom? Follow These 7 Rules Education Week Teacher article with tips for protecting student privacy when using social media in the classroom.
• 5 Privacy Considerations Before Trying New EdTech in the Classroom EdScoop article with tips for protecting student privacy when selecting/using apps in the classroom.

Privacy Resources for Counties & District Administrators

Tools and tips for leading to create a culture of privacy

Video Resources - Privacy Resources for Counties & District Administrators

• Common Sense Education YouTube Channel Common Sense Media's digital citizenship video resources for teachers.
• Student Privacy Tips YouTube Playlist Future of Privacy Forum videos providing tips and best practices for successfully prioritizing student data privacy.
• International Society for Technology in Education (ISTE) YouTube Channel Best practice videos on using tech in the classroom.

Best Practice Resources

• Future of Privacy Forum: Student Privacy Communications Toolkit: For Schools and Districts (English) Step by step guide for identifying student data sources, developing plans to manage student data responsibly, and communicate with key audiences in the school/district community.
• Future of Privacy Forum: Student Privacy Communications Toolkit: For Schools and Districts (Spanish)/Kit de Herramientas de Comunicacion Sobre Privacidad Estudientil: Para Escuelas y Distritos Spanish language step by step guide for identifying student data sources, developing plans to manage student data responsibly, and communicate with key audiences in the school community.
• Forum Guide to Education Data Privacy (PDF) Downloadable PDF developed by the National Center for Education Statistics (NCES) Data Privacy Forum as a resource for state and local educational agencies (LEAs) developing privacy programs and supporting educators/staff in protecting student privacy.
• Policymaker’s Guide to Student Privacy Future of Privacy Forum guide with tips for policymakers drafting data privacy legislation, guidance, and policies.
• 11 Steps to Privacy: The Right to Inspect and Review under FERPA Student Privacy Compass’ best practice tips for thinking through and developing student data access policies and practices.
• 9 Steps to Privacy: The Right to Seek and Amend under FERPA Student Privacy Compass’ tips for ensuring compliance when amending student records under FERPA.
• School Safety & Privacy: An Animated Introduction Tips and resources for balancing student privacy/safety concerns with equity and dignity in educational environments.
• Guide to Disclosing Information During School Emergencies Future of Privacy Forum’s tips for ensuring student safety during emergencies while complying with privacy laws and best practices.
• Common Sense Media's Privacy Evaluations of Tech Tools Free evaluations of common tech tools used in K-12 classrooms.

Data Privacy Training Resources

• Future of Privacy Forum Webinars Video playlist on various student privacy topics including facial recognition, privacy laws, data de-identification, and more.
• Future of Privacy Forum Student Privacy Bootcamp for EdTech Video playlist of sessions on data privacy laws, security/privacy best practices for EdTech, and more.
• Future of Privacy Forum’s Student Privacy Bootcamp for Districts and Educators Video playlist of sessions on laws, school safety and privacy, dealing with apps, and creating culture of privacy.
• Common Sense Media's Professional Development on Student Data Privacy Free professionally-developed privacy training resources for educators.

Data Privacy Advocacy & Communities of Practice

• Common Sense Kids Action Common Sense Media team focused on collaborating with tech companies and policy makers to promote digital equity, transparency/democracy, digital privacy, and kids’ well-being in a digital age.
• Data Quality Campaign (DQC) Advocacy group that focuses on effective student data practices, including student data privacy issues.
• Consortium for School Networking (CoSN) Member-based association and advocacy group promoting partnerships and awareness of emerging technologies in K-12 education.
• Stop Ransomware Resources to prevent and respond to a ransomware incident.
• National Cybersecurity Alliance Resources for safely navigating a connected world.

Student Data Privacy Laws

Summary of state and federal laws that have implications for privacy in schools, public agencies, and beyond.

Privacy Law Resources

• Data Privacy Guidebook (PDF) Includes legal summaries and tips and guidance for complying with state and federal student data privacy laws.
• Student Privacy Compass’ Guide to State Student Privacy Laws Summary of pending and enacted student privacy legislation by state.
• The Verge Explains the European Union’s (EU) General Data Protection Regulation (GDPR) This 2:49 minute video provides an overview of the GDPR and how its implementation in May of 2017 has impacted privacy laws around the world.
• Comparing Laws: GDPR vs. CCPA (PDF) Future of Privacy Forum compares and contrasts the California Consumer Privacy Act (CCPA), which becomes effective in January of 2020 and the General Data Protection Regulation (GDPR) which became effective in the EU in May of 2018 and influenced the CCPA.

California State Laws

• California Consumer Privacy Act of 2018 California law increasing data privacy protections for California citizens with special provisions for children under 16.
• California Privacy Rights Act of 2020 Future of Privacy Forum’s synopsis of California privacy regulations that take effect between 2020 and 2023 following the passage of Proposition 24 in November 2020.
• California Privacy Rights Act of 2020 International Association of Privacy Professional’s (IAPP’s) overview of the 2020 ballot initiative that amends and expands privacy protections under the California Consumer Privacy Act of 2018.
• AB 272 (Student Smart Phone Use)— California Education Code (EC) § 48901.7 California law authorizing school boards to regulate possession and use of smart phones on school campuses.
• Student Online Personal Information Protection Act — California Business & Professions Code § 22584 California law including provisions preventing marketing to students and their parents, requirements that student data only be used for specified educational purposes.
• AB 1584 (Third Party Contracts) — EC § 49073.1 California law outlining provisions required for contracts involving student data.
• AB 1442 (Social Media) — EC § 49073.6 California law requiring schools and districts to hold a public hearing prior to monitoring the social media accounts of students.

Federal Laws

• Family Educational Rights and Privacy Act (FERPA) – 20 United States Code (U.S.C.) § 1232g Federal law outlining rights and requirements related to accessing, sharing, and amending student records.
• Protection of Pupil Rights Amendment (PPRA) – 20 U.S.C. § 1232h Federal law outlining student and parental rights regarding participation in surveys, collection of information for marketing purposes, certain physical exams, and more.
• Children’s Internet Protection Act (CIPA) Federal law requiring schools and districts receiving federal E-rate internet connectivity funds to have an internet safety policy and specified technology protection measures in place.
• Children’s Online Privacy Protection Act (COPPA) – 15 U.S.C. §§ 6501-6506 Federal law outlining requirements for operators of websites or online services directed at or knowingly collecting personal information from children under 13.

Laws with Implications for Privacy in Public Agencies & Schools

• California Public Records Act (PRA) – California Government Code §§ 7920.00 – 7931.00 California law outlining conditions for requesting and receiving records held by public agencies.
• California Information Practices Act (IPA) – California Civil Code §§ 1798-1798.1 California law outlining requirements for collecting and accessing information about public employees.
• Electronic Communication Privacy Act — Title 12, Part 2 Penal Code § 1546 California law requiring law enforcement officials to obtain a warrant or written consent prior to accessing electronic devices.