Skip To Main Content

Popular Links

Useful Links

Privacy and Protection of Confidential Student Information: JRCB

  • Students: J
Privacy and Protection of Confidential Student Information: JRCB

The Board is committed to protecting the confidentiality of student information obtained, created and/or maintained by the district. Student privacy and the district's use of confidential student information are protected by federal and state law, including the Family Educational Rights and Privacy Act (FERPA) and the Student Data Transparency and Security Act (the Act). The Board directs district staff to manage its student data privacy, protection and security obligations in accordance with this policy and applicable law.

Definitions

"Student education records" are those records that relate directly to a student. Student education records may contain, but not necessarily be limited to, the following information:  identifying data; academic work completed; level of achievement (grades, standardized achievement test scores); attendance data; scores on standardized intelligence, aptitude and psychological tests; interest inventory results; health and medical information; family background information; teacher or counselor ratings and observations; reports of serious or recurrent behavior patterns and any Individualized Education Program (IEP).

"Student personally identifiable information" or "student PII" means information that, alone or in combination, personally identifies an individual student or the student's parent or family, and that is collected, maintained, generated, or inferred by the district, either directly or through a school service, or by a school service contract provider or school service on-demand provider. "Security breach" means the unauthorized disclosure of student education records or student PII by a third party.

The following terms used in this policy shall be as defined by the Act: "school service," "school service contract provider" and "school service on-demand provider."

Access, collection and sharing within the district

The district shall follow applicable law and Board policy in the district's access to, collection and sharing of student education records.

District employees shall ensure that confidential information in student education records is disclosed within the district only to officials who have a legitimate educational interest, in accordance with applicable law and Board policy.

Outsourcing and disclosure to third parties

District employees shall ensure that student education records are disclosed to persons and organizations outside the district only as authorized by applicable law and Board policy. The term "organizations outside the district" includes school service on-demand providers and school service contract providers.

Any contract between the district and a school service contract provider shall include the provisions required by the Act, including provisions that require the school service contract provider to safeguard the privacy and security of student PII and impose penalties on the school service contract provider for noncompliance with the contract.

In accordance with the Act, the district shall post the following on its website:

  • a list of the school service contract providers that it contracts with and a copy of each contract; and
  • to the extent practicable, a list of the school service on-demand providers that the district uses.

Privacy and security standards

The security of student education records maintained by the district is a high priority. The district shall maintain an authentication and authorization process to track and periodically audit the security and safeguarding of student education records.

Security breach or other unauthorized disclosure

Employees who disclose student education records in a manner inconsistent with applicable law and Board policy may be subject to disciplinary action, up to and including termination from employment. Any discipline imposed shall be in accordance with applicable law and Board policy.

Employee concerns about a possible security breach shall be reported immediately to the Office of the Superintendent. If the Superintendent is the person alleged to be responsible for the security breach, the staff member shall report the concern to the Deputy Superintendent.

When the district determines that a school service contract provider has committed a material breach of its contract with the district, and that such material breach involves the misuse or unauthorized release of student PII, the district shall follow this policy's accompanying regulation in addressing the material breach.

Nothing in this policy or its accompanying regulation shall prohibit or restrict the district from terminating its contract with the school service contract provider, as deemed appropriate by the district and in accordance with the contract and the Act.

Data retention and destruction

The district shall retain and destroy student education records in accordance with applicable law and Board policy

Staff training

The district shall provide periodic in-service trainings to appropriate district employees to inform them of their obligations under applicable law and Board policy concerning the confidentiality of student education records.

Parent/guardian complaints

In accordance with this policy's accompanying regulation, a parent/guardian of a district student may file a written complaint with the district if the parent/guardian believes the district has failed to comply with the Act.

Parent/guardian requests to amend student education records

Parent/guardian requests to amend his or her child's education records shall be in accordance with the district's procedures governing access to and amendment of student education records under FERPA, applicable state law and Board policy.

Oversight, audits and review

The Superintendent shall be responsible for ensuring compliance with this policy and its required privacy and security standards.

The district's practices with respect to student data privacy and the implementation of this policy shall be periodically audited by the Superintendent or designee.

A privacy and security audit shall be performed by the district on an annual basis. Such audit shall include a review of existing user access to and the security of student education records and student PII.

The Superintendent or designee shall annually review this policy and accompanying regulation to ensure it remains current and adequate to protect the confidentiality of student education records in light of advances in data technology and dissemination. The Superintendent shall recommend revisions to this policy and/or accompanying regulation as deemed appropriate or necessary.

Compliance with governing law and Board policy

The district shall comply with FERPA and its regulations, the Act, and other state and federal laws governing the confidentiality of student education records. The district shall be entitled to take all actions and exercise all options authorized under the law.

In the event this policy or accompanying regulation does not address a provision in applicable state or federal law, or is inconsistent with or in conflict with applicable state or federal law, the provisions of applicable state or federal law shall control.

 

Adopted November 16, 2023

 

LEGAL REFS.: 15 U.S.C. 6501 et seq. (Children's Online Privacy Protection Act)

20 U.S.C. 1232g (Family Educational Rights and Privacy Act)

20 U.S.C. 1232h (Protection of Pupil Rights Amendment) 

20 U.S.C. 1415 (IDEIA procedural safeguards, including parent right to access student records)

20 U.S.C. 8025 (access to student information by military recruiters)

34 C.F.R. 99.1 et seq. (FERPA regulations)

34 C.F.R. 300.610 et seq. (IDEIA regulations concerning confidentiality of student education records)

C.R.S. 19-1-303 and 304 (records and information sharing under Colorado Children's Code)

C.R.S. 22-1-123 (district shall comply with FERPA and federal law on protection of pupil rights)

C.R.S. 22-16-101 et seq. (Student Data Transparency and Security Act)

C.R.S. 22-16-107 (2)(a) (policy required regarding public hearing to discuss a material breach of contract by school service contract provider)

C.R.S. 22-16-107 (4) (policy required regarding student information privacy and protection)

C.R.S. 22-16-112 (2)(a) (policy required concerning parent complaints and opportunity for hearing)

C.R.S. 24-72-204 (3)(a)(VI) (schools cannot disclose student address and phone number without consent)

C.R.S. 24-72-204 (3)(d) (information to military recruiters)

C.R.S. 24-72-204 (3)(e)(I) (certain FERPA provisions enacted into Colorado Law)

C.R.S. 24-72-204 (3)(e)(II) (disclosure by staff of information gained through personal knowledge or observation)

C.R.S. 24-80-101 et seq. (State Archives and Public Records Act)

C.R.S. 25.5-1-116 (confidentiality of HCPF records)

CROSS REFS.: BEDH, Public Participation at School Board Meetings

EHB, Records Retention

GBEB, Staff Conduct (And Responsibilities)

GBEE*, Staff Use of the Internet and Electronic Communications

JLDAC, Screening/Testing of Students (And Treatment of Mental Disorders)

JRA/JRC, Student Records/Release of Information on Students

JRCA*, Sharing of Student Records/Information between School District and State Agencies

JS*, Student Use of the Internet and Electronic Communications

KLMA, Relations with Military Recruiters, Postsecondary Institutions and Prospective Employers