Data privacy: What school leaders should know

We must get smarter

New research by Joel Reidenberg from the Center on Law and Information Policy at the Fordham University School of Law shows that school districts need to get smarter about how they contract for cloud solutions. Standard industry contracts often don’t protect school districts or ensure even the basic requirements of the Family Education Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA).

FERPA requires that parents and eligible students have the right to access and seek to amend their children’s education records; protects personally identifiable information (PII) from education records against unauthorized disclosure; and requires written consent before sharing PII—unless an exception applies.

Given the heightened scrutiny around privacy and the overall desire by educators to do the right thing with data, we need a new national conversation about what is required, what isn’t, and what are best practices.

Records in the cloud

Schools or local education agencies (LEAs) can use the “school official” exception to disclose education records to a third party provider (TPP). FERPA allows the use of cloud services, but the arrangement must meet the “school official” requirements.

The TPP, however, must perform a service or function for the school or district for which the educational organization would otherwise use for its own employees; be under the direct control of the organization regarding the maintenance of the education records; use education data in a manner consistent with the definition of the “school official with a legitimate educational interest,” specified in the school’s or LEA’s annual notification of rights under FERPA; and not re-disclose or use education data for unauthorized purposes.

As this issue grows, more resources are being offered to help district technology leaders navigate the complex data privacy landscape. Every school system should consider leveraging these resources and proactively think about data privacy now. This issue cannot be ignored, and we all have to get it right.

Keith R. Krueger is CEO of the Consortium for School Networking (CoSN).

Sign up for our K-12 newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

Want to share a great resource? Let us know at

eSchool News uses cookies to improve your experience. Visit our Privacy Policy for more information.