Education Department Releases Guidance on Data Privacy


March 2014

The U.S. Department of Education’s Privacy Technical Assistance Center (PTAC) published guidance on February 25 to assist schools, districts, and third-party online educational service vendors in complying with provisions of the Family Educational Rights and Privacy Act (FERPA). The general guidance can also be applied to education researchers’ use of student data.

Much of the guidance focuses on how providers of mobile apps, software, and web-based tools that students use in the course of instruction should protect students’ personally identifiable information (PII). PTAC states that student PII should not be used beyond the specific purpose for which it is disclosed and that it should not be shared or sold. PTAC also provides best practices to schools and districts for protecting student privacy, which include:

  • Maintaining awareness of other relevant federal, state, tribal. or local laws
  • Using a written contract or agreement that includes provisions regarding security and data stewardship; data collection; data use, retention, disclosure, and destruction; data access, modification, duration, and termination; and indemnification and warranty
  • Being transparent with parents and students, for example by stating on the school or district website how and with whom student data are shared