Student Privacy Newsletter

January 2022 Student Privacy Newsletter-

The U.S. Department of Education’s Student Privacy Policy Office (SPPO) provides this newsletter to highlight some of our resources and public engagements and describe ways SPPO’s Privacy Technical Assistance Center (PTAC) can provide support to the field. You are receiving this newsletter because you signed up on our website at

Welcome to the newly redesigned SPPO monthly newsletter! As we begin 2022, we are delighted to share important updates from our office, along with key resources to help you better manage privacy risks in your state or district. This edition of our newsletter also coincides with Data Privacy Week, which occurs from January 24-28. Organized by the National Cybersecurity Alliance, Data Privacy Week recognizes the principle that all organizations share the responsibility of being good stewards of personal information. During Data Privacy Week, we want to take this opportunity to thank you for your important work to protect student data and encourage you to continue embedding a privacy culture into your organization.

-Kevin Herms, Director, Student Privacy Policy Office

Resource Spotlight

FERPA Flyers

PTAC has created 8 flyers for schools and education stakeholders to use to help share the message to protect student data. These flyers encompass a multitude of student privacy topics and best practices from handling personally identifiable information to malware and phishing reminders. Hang these up in your office or classroom to spread the word!

Checklist for Developing School District Privacy Programs 

This document was developed as a companion piece to the video Developing a Privacy Program for your School District. The document provides an overview and rationale for why districts need, and should take the time to create and implement, a program to protect personally identifiable information from student records.

Cybersecurity Corner

How schools and districts can help parents understand a data breach – It can be alarming news for parents and students to receive notification that a data breach has occurred, but there are some immediate steps that can be taken to better understand what happened and reduce the risk of any negative consequences. PTAC has created a resource for you to share with parents if a breach occurs in your district. This includes actionable steps to help parents protect their student’s data:

  1. Checking the school’s website often and be alert for letters from the school to get
    updates on the breach.
  2. Thinking about changing account passwords, ensuring that they are complex and unique.
  3. Checking credit reports for unauthorized activity or notify credit bureaus or the
    Internal Revenue Service (IRS).
  4. Reporting to state or local law enforcement if there is indication of identity theft or
    other criminal activity.
  5. Obtaining some form of credit or identity theft monitoring (this often is offered by
    the school in cases where sensitive information was involved).
  6. Monitoring financial, email, and social media accounts for unexpected activity.

For information on additional steps that parents and students can take in the event of a data breach, as well as best practices, please see our Parent’s Guide for Understanding K-12 School Data Breaches.

Where has SPPO been?

Public Engagement – In this section, we want to share information and highlights from a sampling of our recent presentations and remind you that you can request our (free!) services, which include both on-site and virtual privacy-related technical assistance. Visit our webpage to view our service offerings and submit a request.

  • NCES Forum

PTAC was invited by the National Forum on Education Statistics (Forum) to conduct a privacy and security training for its members, emphasizing transparency. During this virtual training, PTAC reviewed best practices on communicating with parents regarding school and district data collection policies and procedures, paying specific attention to what information is collected, how it’s safeguarded and used, and why.

  • Carson City School District

PTAC also conducted a webinar for Carson City School District in Nevada, dedicated to reviewing the basics of the Family Educational Rights and Privacy Act (FERPA). Participants delved into common scenarios faced by districts in order to improve their understanding of FERPA and reduce misconceptions and misunderstandings surrounding the law.

Webinar: Save the Date

Postsecondary Student Privacy & Data Security Webinar

In this era of pandemics and volatility, higher education has faced substantial change. From remote learning to school safety to the ever-present threat of cyber-attacks, institutes of higher learning are facing risks from all directions. Join us in March 2022 for a webinar supporting the higher education community, with sessions addressing student privacy, regulatory compliance, data security, data breach response, as well as informative panel sessions featuring experts from the U.S. Department of Education’s Student Privacy Policy Office (SPPO) and Federal Student Aid (FSA) Office. More details will be available in the February Student Privacy Update.

Interagency Note

GAO Report on K-12 Data Breaches – The September 2020 U.S. Government Accountability Office (GAO) report “Data Security: Recent K-12 Data Breaches Show That Students Are Vulnerable to Harm” is the outcome of a request to GAO to review the security of K-12 students’ data. Findings revealed that during the study period, July 2016 – May 2020, thousands of K-12 students were impacted by data breaches, affecting everything from academic records to Social Security numbers. Those responsible ranged from teachers to students to professional cybercriminals; breaches were both accidental and intentional, each one potentially affected thousands of students.

The report noted that federal agencies have provided programs, services, and support to assist kindergarten through 12th grade (K-12) schools in defending against cyber threats. Examples of such support include incident response assistance, network monitoring tools, and guidance for parents and students on preparing for online cyber threats. Highlighted resources included PTAC’s cybersecurity resources, namely the Data Breach Response Training Kit.

The full report is available here.


Don’t Forget the Help Desk!

If you have a student privacy question to which you can’t find an answer on our Student Privacy website, don’t forget you can contact us! The Student Privacy Help Desk, available via email or phone, is staffed by professionals with deep knowledge of the law as well as its practical applications. Please contact us with your questions at or 1-855-249-3072.