Skip To Main Content

Logo Image

Logo Title

FGA-AP: Student Education Records & Privacy

West Fargo Public Schools believes that while collection and use of student information is necessary to provide educational and student support services, the district must implement safeguards to ensure information is appropriately protected and used to serve the best interests of students. The purpose of this policy is to establish such safeguards.

DEFINITIONS

Directory information is defined as personally identifiable information contained in a student education record that is generally considered not harmful or an invasion of privacy if disclosed and includes:

  • Address
  • Grade level
  • Name (first and last)
  • Photograph
  • Email address
  • Student identification number if it cannot be used alone to access an educational record and is not the student’s social security number
  • Phone number
  • Parent/Guardian contact information

Education record is defined as any record that directly relates to a student and is maintained by the district or by a party acting for the district. This definition excludes law enforcement records and records in the sole possession of the maker used only as a memory aid.

An eligible student means a student who has reached the age of 18.

FERPA stands for the Family Educational Rights and Privacy Act.

Legitimate educational interest is defined as access that is needed in order for a school official to fulfill his/her professional responsibility.

Parent means a parent of a student and includes a natural parent, a guardian, or an individual acting as a parent in the absence of a parent or a guardian.

A permanent record is defined as a record containing a student’s name, address, phone number, record of grades, years enrolled, courses attended, and grades completed.

Personally Identifiable Information (PII) includes information maintained in the student’s education record that could be used alone or in combination to trace a student’s identity directly or indirectly and would allow a reasonable person, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty.

Record means any information recorded in any way including, but not limited to, handwriting, print, computer media, video or audiotape, film, microfilm, and microfiche.

School official is defined as an individual who has a legitimate educational interest in accessing student educational records and is affiliated with the district in one of the following capacities:

  • An individual employed by the district in an administrative, instructional, or support staff position
  • School board members
  • Contractors, consultants, volunteers, service providers, or other party with whom the school or district has outsourced institutional services or functions for which the school or district would otherwise use employees; records provided to these third parties must remain directly under the district’s control for purposes of maintenance and use and the third party must agree to comply with 34 C.F.R. 99.33(a). Examples include, but are not limited to, school resource officers, interns, student teachers, the district’s attorney, PowerSchool, SLDS, learning management software, hot lunch tracking software, Viewpoint, and district alert systems.

DESIGNATION & RESPONSIBILITIES OF PRIVACY OFFICERS

The superintendent or designee shall serve as chief privacy officer. In this role, the superintendent is responsible for student information sharing requests from third-party individuals/entities other than parties to which the district reports student information under law. The superintendent shall also maintain a master list of all individuals and entities having access to student information, including school district personnel listed by title. To ensure this list remains current and is manageable to maintain, it shall not contain names of individuals who have access to data.

The superintendent may designate privacy officers at the district and building level. These privacy officers are responsible for:

  1. Maintaining a list of school personnel by title who have access to student information; this list shall be provided to the superintendent each time it is updated;

  2. Submitting to the superintendent new requests to share student information with third-party individuals and entities other than parties to which the district reports student information under law;

  3. Ensuring that access to student information is granted only to the extent there is a legitimate educational interest and in accordance with this policy and any applicable agreements;

  4. Enforcing this and other applicable district confidentiality and data protection policies;

  5. Providing a list of students who have opted out of directory information to classroom teachers and other district staff who have a need to know.

CONTENT OF EDUCATION RECORDS

The education record shall include:

  1. Basic identifying information about the student and their family;
  2. Proof of identity/certified birth certificate;
  3. Attendance data;
  4. Credits earned, grades, records of achievement in the basic skills and other progress reports;

If appropriate, such information as:

  • Health information, including immunization records;
  • Test results of achievement, aptitude, intelligence, and interest;
  • Records pertaining to the identification, evaluation, placement, and progress of students in special education;
  • Other pertinent information that will enable school personnel to counsel with students and plan appropriate learning activities.

INFORMATION RELEASE SAFEGUARDS

Access by Parents & Eligible Students

To ensure compliance with parental and eligible student access requirements under FERPA:

  1. The district shall comply with a request by a parent or eligible student to access education records within a reasonable period of time, not to exceed 45 days after receipt of a request.
  2. The district shall develop procedures for a parent/guardian/student to review and amend educational records. These procedures shall include measures to verify the identity of a requesting parent/eligible student. The regulations shall be delineated in district-approved guidelines and disseminated annually in accordance with law.

Classroom Use of Instructional Tools Requiring Release of Student Information

Teachers are encouraged to use instructional technological tools that allow for use of an alias or that do not require submission of directory information or PII. Whenever a teacher wishes to use an instructional tool that requires release of directory information, or PII the teacher shall submit a request to the building-level privacy officer. The privacy officer shall check the district’s master list of individuals and entities approved to receive student information. If the entity is not on this list or the teacher’s request is beyond the scope of information sharing permission previously granted, the privacy officer shall either deny the teacher’s request or submit an information-sharing request to the superintendent for approval. If the teacher is authorized to use the instructional tool, the building-level privacy officer shall ensure the teacher complies with any parental consent requirements and directory information opt-out requests before using the tool.

Data Breaches

District employees are responsible for informing a privacy officer of any known or suspected breach of PII. When a privacy officer becomes aware of a breach of student PII, s/he shall contact the chief privacy officer. The chief privacy officer shall determine if the enactment of data breach response procedures contained in policy IDC and NDCC Ch. 51-30 is appropriate.

Information Storage and Destruction

Student education records shall be reviewed annually and any records unnecessary for progression to the next grade level, not needed for college entrance purposes, not needed for extracurricular participation, not needed for disciplinary purposes, and records that are not part of the permanent record will be shredded or destroyed. Exceptions apply for any content that may reasonably be related to litigation or anticipated litigation (retain for six years after a student turns eighteen), bullying reports (retain in accordance with policy ACEA), concussion documentation (retain in accordance with policy FCAF), executive session tapes (retain for at least six months), PowerSchool records, and special education records (retain in accordance with the Individuals with Disabilities Education Act).

Directory Information

The district may disclose directory information without parental/eligible student consent if it has given parents/eligible students a reasonable amount of time to opt-out of directory information release. Opt-out notices should be provided at the beginning of the school year and when a student otherwise enrolls in the district. These notices shall contain a reasonable deadline of at least 10 days for parents/eligible students to opt-out.

The superintendent approves release of directory information as follows:

  1. Publication on the district’s website and social media accounts
  2. To superintendent -approved vendors for purposes of sale of school-related items such as, but not limited to, yearbooks, school pictures, graduation items, district apparel, and book orders
  3. To military and college recruiters in accordance with applicable laws (NDCC 15.1-07-25.1 and 20 U.S.C. 7908)
  4. To official district newspaper for purposes of recognizing student accomplishments and coverage of extracurricular events
  5. To school-affiliated groups for purposes of communicating and fundraising
  6. To school-sponsored student publications including, but not limited to, newspapers and yearbooks
  7. When the superintendent receives and approves a directory information release request; directory information shall only be released and used for purposes specified in the release request and the superintendent shall add approved requestors to the district’s master list of individuals and entities having access to student information. The superintendent shall develop criteria in regulations for approving and denying these requests.

Any district employee who wishes to disseminate student directory information to a third party shall contact his/her privacy officer. The privacy officer shall determine if the superintendent has previously approved such release and, if not, deny the request or submit it to the superintendent for board approval. Upon superintendent approval, he/she shall instruct the privacy officer to ensure compliance with any opt-out requests made by parents.

Personally Identifiable Information (PII)

Any third party requesting or receiving access to student PII must receive superintendent approval unless the third party is required to receive PII under state or federal law.[1] Any school employee who wishes to share PII with a third party shall contact his/her privacy officer. The privacy officer shall determine if the superintendent has previously approved such release and, if not, deny the request or submit it to the superintendent for approval. Upon superintendent approval of any PII release request, the applicable privacy officer shall inform the requestor of any parental consent requirements (see #7) and ensure the requestor complies with such requirements.

Parental/eligible student consent is not required to release PII under the following circumstances:

  1. The district receives information under 42 U.S.C. 14071 and applicable federal guidelines about a student who is a registered sex offender under section 170101 of the Violent Crime Control and Law Enforcement Act of 1994 (42 U.S.C. 14071), and the district has a need to disclose the student’s status as a sex offender for safety purposes
  2. In connection with a health or safety emergency under the conditions described in 34 C.F.R. 99.36
  3. If records have been de-identified by the district; third party individuals and entities that receive de-identified information shall be included on the district’s master list of individuals and entities having access to student information
  4. To a school official who has a legitimate educational interest in the education records if the following conditions are satisfied:
  5. Access shall be limited to only information the school official has a legitimate need to know
  6. School officials shall use the information only for the purposes for which the disclosure was made and shall not redisclose the information to any other party without proper consent or legal authority
  7. Titles of individuals and entities considered school officials shall be included on the district’s master list of individuals and entities having access to student information
  8. To a court without a court order or subpoena when the district initiates legal action against a parent/student or a parent/student initiates legal action against the district
  9. To accrediting bodies for purposes of accreditation
  10. To an organization conducting a study for the district to develop, validate, or administer a predictive test; administer student aid programs; or improve instruction so long as the organization has entered into a written agreement with the superintendent in accordance with law; if the organization is conducting a survey of students, the district shall ensure parents are notified in compliance with policy GCC and shall obtain parental consent, if applicable (see #7)
  11. To another school in which the student seeks, intends to, or is already enrolled

The district will take measures necessary to ensure that individuals and entities to which PII is released shall only have access to information necessary to fulfill their responsibilities under law and to the district. Measures may include, but not be limited to, controlling access to computer data through password restrictions, controlled access to paper records, and ensuring that any information access agreements required by law are properly executed by the Board.

When Parental Consent is Required

The district must obtain parental/eligible student consent to release student information under the following circumstances:

  1. The superintendent has approved release of PII to an individual or entity not meeting the definition of school official under law and/or not meeting an exception to the parental consent requirement under FERPA
  2. The superintendent has approved release of directory information, other than or in addition to name, or PII to an online service provider for commercial purposes and the impacted students are under 13[1]
  3. When administering a survey funded in whole or in part by the U.S. Department of Education and concerning any of the following areas:
    • Political affiliations or beliefs of the student or the student’s parent
    • Mental or psychological problems of the student or the student’s families
    • Sex behavior or attitudes
    • Illegal, anti-social, self-incriminating, or demeaning behavior
    • Critical appraisals of other individuals with whom respondents have close family relationships
    • Legally recognized privileged or analogous relationships, such as those of lawyers, physicians, and ministers
    • Religious practices, affiliations, or beliefs of the student or student’s parent
    • Income (other than that required by law to determine eligibility for participation in a program or for receiving financial assistance under such program)

If the district is unable to obtain this consent, it shall not release the impacted student’s information.

504 Plans and Individual Educational Programs (IEPs)

Sharing of student information necessary for developing, amending, or implementing an IEP or 504 Plan and sharing student information needed to determine eligibility for special education or disability services are not subject to board approval requirements in NDCC Ch. 15.1-07-25.3 because the district provides these services in fulfillment of requirements under state and federal law.

POLICY VIOLATIONS

Failure by a district employee or volunteer to comply with this policy, other district confidentiality requirements, or any improper disclosure of student information by a school employee or volunteer shall result in disciplinary action up to and including dismissal in accordance with applicable law. Failure by a third party to comply with this policy, any information-sharing agreements between the district and third party, or any improper disclosure of student information by the third party may result in termination of the third-party’s access to student information and termination of the district’s agreement with the third party if permitted under the terms of such agreement.

TRAINING

School officials employed or volunteering for the district shall receive information and/or training on confidentiality requirements pertaining to student education records and consequences for breaching confidentiality. The district shall also provide training to applicable school personnel on the procedures for requesting to release student information contained in this policy.

Adopted: 03/22/76

Reviewed:

Revised: 11/24/80

11/12/85

05/24/99

01/09/12

02/16/16

 

Related Materials