LIVE@CoSN2024: Exclusive Coverage


10 privacy steps for every district

School leaders can ensure top-notch privacy practices with targeted efforts

data-privacyIt would be hard to name an issue that has taken the education technology world by storm as has student data privacy over the past year. To address this issue, CoSN published our Protecting Student Privacy in Connected Learning toolkit in March to help districts navigate FERPA (Family Education Rights & Privacy Act) and COPPA (Children’s Online Privacy Protection Act).

During the 2014-2015 school year, the Toolkit will be expanded to include additional information on the Protection of Pupil Rights Amendment (PPRA) and the Health Insurance Portability & Accountability Act (HIPAA) Privacy Rule–rounding out the four federal privacy laws relevant to schools.

With all of the confusion and uncertainty regarding privacy, it can be difficult for school technology leaders to know what they can or should be doing. It would be easy to lose sight of some concrete steps they can be taking today to better ensure privacy of student data.

In a report released a few weeks ago titled Making Sense of Student Data Privacy, Bob Moore, a longtime district CTO and founder of RJM Strategies LLC, detailed several common sense steps every school district should take. You can download the full report at

(Next page: 10 privacy steps for every district)

As schools prepare to go back in the fall, the following 10 steps lay out a great plan to get ahead of rising privacy concerns.

10 privacy steps every school district should take:

  1. Designate a Privacy Official – A senior district administrator must be designated as the person responsible for ensuring accountability for privacy laws and policies. This is a “divide and conquer” issue, but someone needs to be in charge.
  2. Seek legal counsel – Make sure that the legal counsel your district accesses understands education privacy laws and how they are applied to technology services. Do not wait until there is a pressing issue that must be addressed.
  3. Know the laws – Many organizations have and will be publishing privacy guidance for schools, such as the CoSN resource mentioned above. The U.S. Department of Education’s Privacy Technical Assistance Center is a must-know resource at:
  4. Adopt school community norms and policies – Beyond the privacy laws, what does your school community really expect when it comes to privacy? Seek consensus regarding collecting, using and sharing student data.
  5. Implement workable processes – These are necessary processes for selecting instruction apps and online services. No one wants to slow innovation, but ensuring privacy requires some planning and adherence to processes. Once enacted, the processes should be reviewed regularly to ensure that they are workable and that they reflect current interpretations of privacy laws and policies.
  6. Leverage procurement – Every bid or contract has standard language around a wide range of legal issues. By adopting standard language related to privacy and security, you will make your task much easier. Unfortunately, many online services are offered via “click-wrap” agreements that are “take it or leave it.” You may have to look for alternative solutions if the privacy provisions of those services do not align with your expectations.
  7. Provide training – Staff need training so they will know what to do or why it is important. Annual training should be required of any school employee that is handling student data, adopting online education apps and contracting with service providers. Privacy laws represent legal requirements that must be taken seriously.
  8. Inform parents – Parents should be involved in the development of privacy norms and policies. Just as schools provide information about online safety and appropriate use, they must put significant effort into ensuring that parents understand the measures taken to protect student privacy.
  9. Make security a priority – Privacy starts with security. Secure the device, the network and the data center. Toughen password policies. Have regular security audits conducted by a third party expert.
  10. Review and adjust – Interpretations of privacy laws are changing and new laws may be added. School policies and practices will need updating and adjusted so that they reflect legal requirements. Processes can become burdensome, and when that happens, some people may want to skirt the process.

While there are no practical steps that can be taken to guarantee privacy of student data, by tackling the steps outlined above, schools will be well on their way to taking control of this issue and better ensuring student privacy.

As educational leaders, it is time to identify aspirational practices around privacy, not merely provide minimal legal compliance. Be a privacy leader.

Keith Krueger is CEO of the Consortium for School Networking (CoSN).

Sign up for our K-12 newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

Want to share a great resource? Let us know at

New AI Resource Center
Get the latest updates and insights on AI in education to keep you and your students current.
Get Free Access Today!

"*" indicates required fields

Email Newsletters:

By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

eSchool News uses cookies to improve your experience. Visit our Privacy Policy for more information.