5 critical guidelines for data privacy across school districts

How school superintendents can keep student data private in an accelerating tech market.
computer with lock
(Getty Images)

When Congress passed the Family Educational Rights and Privacy Act, also known as FERPA, in 1974, school and district leaders could rely on once-a-year training and reviews to make sure they remained in compliance. But in 2018, when educators can add new apps with a few mouse clicks, managing student data privacy has become a never-ending task.

In a recent webinar hosted by, educators outlined how the Consortium for School Networking’s Protecting Privacy in Connected Learning initiative fits with superintendents’ essential roles in directing district privacy efforts.

The speakers said that when it comes to data privacy, the word “done” isn’t in their vocabulary.

Here are CoSN’s five critical guidelines for ensuring data privacy:


1. Stay current and compliant with federal and state laws. 

In addition to FERPA and its subsequent updates, there also COPPA, the Children’s Online Privacy Protection Act; PPRA, the Protection of Pupil Rights Amendment; the European Union’s GDPR, General Data Protection Regulation; and a host of state and local legislation. The results of this alphabet soup are that school leaders need lawyers and school officials well-versed in the changing regulations to ensure compliance. It’s too complex a task for the principal or superintendent to bear on his or her own.Address community and stakeholder expectations early and often. Similarly, as the regulations change, so will school procedures. Leaders need to provide their constituencies — such as teachers, students, parents and vendors — with a clear picture of the school’s policies, how the review process works, and how the data is used. Some schools even have a web page detailing their privacy policies.

2. Keep instructional impacts in the picture.

Data must be meaningful to learning. The instructional value should precede any tech advantage. Schools should have a clear procurement process, even for that one-time app the teacher wants to download, to make sure students are protected in their digital environments.

3. Responsive, responsible privacy administration and management mitigates risks.


While schools can’t guarantee absolute data safety, there are resources, like CoSN’s K-12 Privacy Toolkit for School Leaders, that offer best practices for lowering exposure.

4. Training. Training. Training.

Leaders need to decide who needs to know what information, how much they need to know, and the best way to share that information. For instance, what principals share with parents about protecting student data will be different from their conversations with vendors. The key is to have an organizational chart that highlights each person or group’s role in safeguarding privacy.

5. While on the organization chart there should be a gatekeeper who understands the school or district’s processes, the onus of privacy does not rest solely on that position.

“This is not a single-person solution. It is not the Director of Technology or somebody else who’s responsible for this,” said Dr. Charles “Chip” Dumais, executive director of Cooperative Educational Services in Trumbull, Connecticut. “It’s systemic. People need to understand the data, how the data is used, and only through a systemic solution will we find a way to protect students.”


About the presenters

Dr. Charles “Chip” Dumais is the executive director of Cooperative Educational Services in Trumbull, Connecticut. A native of Connecticut, he began his career in education nearly three decades ago as a science teacher in Higganum, Connecticut. He has proudly taught physics and calculus to more than one thousand students, chaired a science department, served as an assistant principal in Westport, Connecticut, led Newtown High School in Sandy Hook, Connecticut, as its principal from 2008 to 2014, and served as superintendent of the Amity Regional School District. He has earned bachelor’s and master’s degrees in physics from Rensselaer Polytechnic Institute, advanced degrees and certificates from Southern Connecticut State University and the University of Connecticut, and a doctorate in educational leadership from Central Connecticut State University. He is an active member the National Superintendents Roundtable, the Headmasters Association, the Connecticut Commission for Educational Technology, and the Consortium for School Networking.

Dr. Quinn Kellis started his educational career in 1991 as a high school AP Spanish and sophomore English teacher. After years of site- and district-level leadership, he is currently the superintendent of Dysart Unified School District (24,000 students) in Surprise, Arizona. Dr. Kellis is a native of Arizona and earned degrees from Brigham Young University, Chapman University and Arizona State University. He is the proud father of three married children—all products of the Dysart district. He is a thought leader for innovation and technology integration, arts development and academic environments.

Linnette Attai is project director for CoSN’s Privacy Initiative and Trusted Learning Environment Program. For more than 25 years, Linnette Attai has been building organizational cultures of compliance and guiding clients through the complex obligations governing data privacy, user safety, and ethical marketing, with a focus on the education and youth sectors. As founder of the global compliance consulting firm PlayWell, LLC, Linnette advises organizations, educators, lawmakers, and policy influencers. She serves as virtual chief privacy officer and data protection officer to select clients and speaks nationally on data privacy matters. Linnette is a member of the Rutgers Center for Innovation cybersecurity advisory board, and author of Student Data Privacy: Building a School Compliance Program.

About the host


Ann McMullan is a 34-year veteran educator who served as the executive director for educational technology in the Klein Independent School District, located just outside Houston, Texas until September 2013, when she and her family moved to Los Angeles, California. For 16 years Ann led the team in Klein ISD that provided professional development on technology and 21st century instructional strategies to over 4,000 professional educators serving more than 50,000 students. During that time Ann also co-chaired the Texas Education Technology Advisory Committee which developed the Texas Education Agency’s Long Range Plan for Technology, 2006-2020.

Today, she is based in Los Angeles, California working as a public speaker, writer, and independent education consultant focused on supporting leadership, visioning and planning to meet the needs of today’s students. She is a frequent presenter at state, national and international education conferences. Ann serves as project director for CoSN’s Empowered Superintendents Program. She serves on the board of PowerMyLearning Los Angeles and on the advisory board of Project Tomorrow. In the fall of 2016 Ann co-authored and published Life Lessons in Leadership: The Way of the Wallaby.

Join the community

Super-Connected is a free professional learning community on for school superintendents, district leadership, and aspiring district leaders.

A recording of the edWeb webinar referenced above, entitled “Student Data Privacy: A Priority and Essential Commitment” and co-hosted by CoSN, can be found here.

Latest Podcasts