
Privacy
Resources you'll find here are focused on the branch of data management that deals with handling personal and other sensitive data in compliance with data protection laws, regulations, and general privacy best practices.
Resources
Heading
1EdTech Trustedapps
The TrustEd Apps Program begins with our pledge to put open standards and data privacy at the forefront of education technology integrations. It's the 1EdTech community call to action to ensure there's always a level playing field for schools, universities, and state organizations when it comes time to purchase and implement digital tools.
Heading
A4L Student Data Privacy Consortium
A4L’s Student Data Privacy Consortium (SDPC) is an unique collaborative of schools, districts, divisions, regional, territories and state agencies, policy makers, trade organizations and marketplace providers addressing real-world, adaptable, and implementable solutions to growing data privacy concerns. The Consortium also leverages work done by numerous partner organizations but focuses on issues being faced by “on-the-ground” practitioners.
Heading
What is the Protection of Pupil Rights Amendment?
The Protection of Pupil Rights Amendment, or PPRA, is a federal law that provides certain rights for parents of students regarding, among other things, student participation in surveys; the inspection of instructional material; certain physical exams; and the collection, disclosure, and use of personal information for marketing purposes. This video provides information about these rights, the responsibilities of local education agencies (LEAs) under the law, and what to do if a parent thinks those rights have been violated.
Heading
Student Privacy Training Modules
These interactive training modules introduce learners to the basics of the Family Educational Rights and Privacy Act (FERPA) as it applies to K-12 schools and districts, as well as postsecondary colleges and universities, and delves into the intricacies of sharing data in compliance with the law. Each of these modules requires approximately one hour to complete, at which time users will be provided with a certification of completion.
Heading
Ransomware Targeting Educational Institutions
Ransomware can have a crippling effect on an institution’s ability to operate until the infection is remediated. Recently, FSA has identified multiple ransomware attacks that denied access to information technology data and systems unless the institution paid a ransom. This fact sheet includes cybersecurity best practices and what to do if your institution falls victim to an attack.
Heading
Data Security: K-12 and Higher Education
Breaches of educational data are common and can lead to a violation of FERPA, as well as to a host of negative consequences for students such as identity theft, fraud, and extortion. This page is a portal to guidance and best practice resources for the educational community to use to enhance the security of their information systems. While these resources are principally geared to K-12 agencies and institutions, the security principles are the same regardless of grade level.
Heading
Data Breach Scenario Trainings
The Data Breach Scenario Trainings are a series of packaged trainings designed to help educational organizations at all levels conduct internal staff development on data breaches. Each scenario has been developed into a training package, providing ready-to-use resources for the scenario leader(s) and participants, including a Facilitator’s Guide, Scenario Presentation, and Participant Handout, allowing for a more personalized, customizable experience.
Heading
Cyber Security Evaluation Tool
The Cyber Security Evaluation Tool (CSET®) is a stand-alone desktop application that guides asset owners and operators through a systematic process of evaluating Operational Technology and Information Technology. CSET was recently updated to include a new module: Ransomware Readiness Assessment (RRA). The RRA is a self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend against and recover from a ransomware incident.

