We take student data privacy very seriously in Denver Public Schools (DPS). Safeguarding student data is an essential responsibility for all DPS employees. Our schools and staff follow ourStudent Data Privacy training and guidance process to ensure that all DPS staff are:
Protecting student data
In compliance with Colorado state and federal laws regarding student data privacy
The Colorado Department of Education (CDE) collects student data from students across Colorado to meet specific policy, practice, and service requirements of state and federal laws. We collect and submit DPS student data to CDE based on their requirements and procedures. CDE provides aData Collection Fact Sheetof what type of information is collected as well as an overview of theData Elements Collected in Data Collection Systemto meet state and federal reporting mandates. In addition, thisStudent Data Mapoutlines the types of student Personally Identifiable Information (PII) that we collect in our primary enterprise applications. These applications represent the core of DPS’ operational information systems, and the data within these systems is highly managed for security, quality and appropriate usage.
What is the ATM?
The Academic Technology Menu(ATM) is a resource for school leaders, teachers, students and parents/guardians as part of the student data privacy process. The purpose of the ATM is to allow school leaders and teachers to identify which tools they plan to use with students, and to inform parents/guardians of these tools and their privacy policies. As applications are adopted by schools, and if they are not already protected by student data privacy agreements, the ATM provides assistance for schools to take appropriate measures in protecting student data by providing guidelines for obtaining data-sharing agreements or obtaining parent consent for classroom use. The ATM is also an integral part of the district’sAcademic Technology Strategic Plan.
Parent Consent – On-Demand Service Providers
If a vendor has not signed the DPS Data Protection Addendum (discussed further below) then it is considered to be an on-demand service provider. Parent/guardian consent is required at the school level before student data can be shared with on-demand service providers. You can review the educational technology resources listed by your student’s school in theATMand the provider privacy policies. Parent consent is given each school year through the Annual Family Update. As new tools are added by your school, parents/guardians will receive notifications from their school so they have the opportunity to provide consent.
Data Protection Addendums
At a district level, we devote significant staff time and resources to negotiating contracts with vendors that include a formal data sharing agreement (Data Protection Addendum) to prohibit student data mining or targeting marketing while requiring industry standards for encryption and security, These agreements allow DPS to designate vendors as “school officials” to enable us to share student data without parent/guardian consent.
Approved DPA Vendor List
The Approved DPA Vendor List provides the names of vendors who have signed the DPS DPA. We require that vendors sign the DPA if they have a negotiated contract.
There are certain tools, such as our Learning Management Systems (Schoology and Seesaw), that are district purchased and managed. District purchased and managed digital content ensures ease of access for students with single sign-on and IP authentication, while also protecting student data privacy and copyright compliance.
There are several laws that dictate how schools and teachers handle student data.
FERPA – The Family Educational Rights and Privacy Act FERPA requires that schools have written permission from the parent or guardian in order to release any information from a student’s education record. So the most important thing is that, with some very specific exceptions, you shouldn’t be sharing student information with apps and websites without parent permission.
COPPA – The Children’s Online Privacy Protection Act COPPA puts special restrictions on software companies about the information they can collect about students under 13. So, students under 13 can’t make their own accounts, teachers have to make the accounts for them. In making the accounts, teachers need to be aware of their responsibility under FERPA.
CIPA – The Children’s Internet Protection Act Teachers don’t need to help comply with CIPA, but it’s useful to know that it is in place.CIPA requires districts to put measures in place to filter Internet access and other measures to protect students.