State & Federal Laws
There are many state and federal laws that safeguard student data. These laws help ensure data is protected while still fostering a culture that uses data for continuous improvement.
Children's Internet Protection Act
CIPA requires K-12 schools and libraries receiving federal discounts for internet access to implement internet safety policies that prevent students from accessing inappropriate and/or harmful material and protect against the unauthorized disclosure, use, and dissemination of a minor's personal information.
Children's Online Privacy Protection Act
COPPA regulates how commercial entities may collect and use information collected online from children under the age of 13, including the rules about parental consent.
Family Educational Rights & Privacy Act
FERPA is a federal law that safeguards student privacy by limiting who may access student records, specifying for what purpose they may access those records, and detailing what rules they have to follow when accessing the data.
- PTAC Model Notification of Rights for Elementary & Secondary Education Services
- PTAC Model Directory Information Novice (en español)
Health Insurance Portability & Accountability Act
HIPAA establishes privacy and security rules regarding access to protected health information in certain kinds of health records, including health plans, health care clearinghouses, and health care providers. When health information about a student appears in an education record, FERPA governs the protection of the data, not HIPAA.
- Know Your Rights: FERPA Protections for Student Health Records
- Family Educational Rights and Privacy Act: Guidance for School Officials on Student Health Records
Protection of Pupil Rights Amendment
PPRA defines the rules that states and districts must follow when administering tools like surveys, analyses, and evaluations funded by the U.S. Department of Education. It requires parental consent to administer many tools and ensures school districts have policies in place regarding how the data collected through these tools can be used.
Student Online Personal Information Privacy Act
Adopted in 2015, The Student Online Personal Information Act governs how online service providers can collect, access, and use student data and prohibits online service providers from using student data for commercial or secondary purposes, while still allowing for personalized learning and service innovation and improvement. SOPIPA allows educators to use online services while still safeguarding student privacy.
Student Data Vendor Security Act (effective June 1, 2024)