Skip To Main Content

Logo Image

Logo Title

Student Privacy Laws

FERPA

The Family Educational Rights and Privacy Act (FERPA) is a Federal law protecting the privacy of student education records. It is meant to ensure that students and parents may gain access to the student’s educational records and challenge the content or release of these records to third parties. Schools are allowed to disclose content considered to be “directory” information without consent. Directory information includes a student’s name, address, phone number, date and place of birth, honors and awards, and attendance dates. Schools are required to inform parents and students of this disclosure, allowing ample time for a request to deny release of this information.

CIPA

The Children’s Internet Protection Act (CIPA) was enacted to address concerns regarding a child’s access to inappropriate or harmful content over the Internet. Schools that are K-12 are required to filter online content as a condition of receiving federal funding. Schools subject to CIPA are also required to include Internet safety policies that include monitoring a minor’s online activity and providing minors education on appropriate online behavior. Schools must certify they are CIPA compliant before receiving E-rate funding.

COPPA

The Children’s Online Privacy Protection Act (COPPA) puts requirements on websites and online services (including mobile applications) collecting, using, or disclosing data from children under 13 years of age. These requirements include clearly posting a privacy policy along with a direct notice to parents to obtain consent before collecting any personal information from the child. It also requires providing parents access to their child’s personal information to allow them to prohibit or delete this information. This rule further states data collected is retained only for as long as needed to fulfill the purpose of collecting the information.

For more information about COPPA

HIPPA

The federal Health Insurance Portability and Accountability Act (HIPPA) is a law providing baseline privacy and security standards for medical information. Under HIPPA, any information that is created or received by any covered entity, such as schools, relating to physical or mental health condition, treatment provided, or payment for healthcare is covered by the Privacy Rule. The Privacy Rule applies to protected health information (PHI) which includes all individually identifiable health information that is transmitted in any format or medium. This includes paper, electronic, or oral.

Because student health information in education records is protected by FERPA, the HIPAA Privacy Rule excludes such information from its coverage.
For more information about HIPAA