Student Data Privacy & Security

The use of data helps guide parents, students, teachers, school officials, state and federal agencies as we work together to improve student achievement so all children graduate ready for college and career. While using data effectively to guide improvement in instruction and student achievement, District 51 takes seriously its moral and legal responsibility to protect student privacy and ensure data confidentiality. Please see board policy regulation JRAJRC-R for further information on the types of data the District collects and Colorado Department of Education's web site for the types of data CDE Collects.

As schools adopt cloud-computer services to fulfill their educational objectives, it is important to address privacy when student information is transferred. School District 51 relies on negotiated contracts with vendors to ensure protection of student data. Starting August 2016, new and renewed district-wide service providers will be required to sign the D51 Data Protection Addendum.


The Family Educational Rights and Privacy Act (FERPA) is a Federal law protecting the privacy of student education records. It is meant to ensure that students and parents may gain access to the student's educational records and challenge the content or release of these records to third parties. Schools are allowed to disclose content considered to be "directory" information without consent. Directory information includes a student's name, address, phone number, date and place of birth, honors and awards, and attendance dates. Schools are required to inform parents and students of this disclosure, allowing ample time for a request to deny release of this information.

The Children's Online Privacy Protection Act (COPPA) puts requirements on websites and online services (including mobile applications) collecting, using, or disclosing data from children under 13 years of age. These requirements include clearly posting a privacy policy along with a direct notice to parents to obtain consent before collecting any personal information from the child. It also requires providing parents access to their child's personal information to allow them to prohibit or delete this information. This rule further states data collected is retained only for as long as needed to fulfill the purpose of collecting the information.

The Children's Internet Protection Act (CIPA) was enacted to address concerns regarding a child's access to inappropriate or harmful content over the Internet. Schools that are K-12 are required to filter online content as a condition of receiving federal funding. Schools subject to CIPA are also required to include Internet safety policies that include monitoring a minor's online activity and providing minors education on appropriate online behavior. Schools must certify they are CIPA compliant before receiving E-rate funding.

The federal Health Insurance Portability and Accountability Act (HIPPA) is a law providing baseline privacy and security standards for medical information. Under HIPPA, any information that is created or received by any covered entity, such as schools, relating to physical or mental health condition, treatment provided, or payment for healthcare is covered by the Privacy Rule. The Privacy Rule applies to protected health information (PHI) which includes all individually identifiable health information that is transmitted in any format or medium. This includes paper, electronic, or oral.

Because student health information in education records is protected by FERPA, the HIPAA Privacy Rule excludes such information from its coverage.

Learn more about how FERPA relates to health information and HIPPA.

District Policies

JRA/JRC 9/15/2009 Student Records
JRA/JRC-E(2) 09/15/2009 Opt Out of Directory Information Disclosures
JRA/JRC-R 01/04/2016 Student Records
JRCA 08/06/2002 Sharing of Student Records/Information Between School District and State Agencies

U.S. Department of Education Student Privacy 101: FERPA for Parents and Students