The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. New regulatory changes for FERPA became effective on January 3, 2012. Within the National Center for Education Statistics, the Department established a Privacy Technical Assistance Center (PTAC), which serves as a “one-stop resource” for the P-20 education community on privacy, confidentiality, and data security. Since its launch, the center has developed a PTAC Toolkit that provides resources on data sharing, security best practices, and other relevant topics. Among other things, the 2012 changes to FERPA expanded the requirements for written agreements and enforcement mechanisms to help ensure program effectiveness, promote effectiveness research, and increase accountability. In February 2014, additional guidance summarized the major requirements of the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA) that relate to educational services, and urges schools and districts to go beyond compliance to follow best practices for outsourcing school functions using online educational services, including computer software, mobile applications and web-based tools.

Congress enacted COPPA in 1998. Most recently, it was amended in December 2012 to take effect on July 1, 2013. The goal of COPPA is to put parents in charge of what information may be collected online about their children under the age of 13. The rule applies to operators of commercial websites and online services (including mobile apps). COPPA allows schools to act as “intermediaries” between website operators and parents in providing consent for the collection of personal information in the school context. For example, when a district contracts with a vendor for homework help, individualized education modules, online research and organizational tools, or web-based testing services, the vendor doesn’t have to obtain consent directly from the parent; the school is authorized to speak on behalf of the student. However, the Bureau of Consumer Protection Business Center also advises schools to inform parents of its practices in their acceptable use policy. When student use of a web service extends beyond school activities, the center adds, the school “should carefully consider whether it has effectively notified parents of its intent to allow children to participate in such online activities.

Schools with E-Rate funding must enforce a policy of internet safety and certify that they are enforcing a policy of internet safety that includes measures to block or filter internet access for both minors and adults to certain visual depictions. CIPA requirements include maintaining an internet Safety Policy, a Technology Protection Measure and a public notice or hearing. A technology protection measure is a specific technology that blocks or filters internet access. The school or library must enforce the operation of the technology protection measure during the use of its computers with internet access, although an administrator, supervisor, or other person authorized by the authority with responsibility for administration of the school or library may disable the technology protection measure during use by an adult to enable access for bona fide research or other lawful purpose.

Acceptable Use Policies

• Greene Central High School in North Carolina sample acceptable use policy, signature page, and laptop consent form
• Fairfax County Virginia acceptable use policy.
• iPad Procedures: Lamoille UHS, Hyde Park, Vermont. Fall 2013.
• Student-Centered Universal BYOT Policy Template For Schools.