The Colorado Department of Education is required by state and federal law to collect and store student and educator records.
CIPA
The Children's Internet Protection Act (CIPA) addresses concerns regarding a child's access to inappropriate or harmful content over the Internet. K-12 schools are required to filter online content as a condition of receiving federal funding. Schools subject to CIPA are also required to establish Internet safety policies that include monitoring a minor's online activity and providing minors with education on appropriate online behavior. Schools must certify they are CIPA compliant before receiving E-rate funding.
Learn more about CIPA.
COPPA
The Children's Online Privacy Protection Act (COPPA) puts requirements on websites and online services (including mobile applications) collecting, using, or disclosing data from children under 13 years of age. These requirements include clearly posting a privacy policy along with a direct notice to parents to obtain consent before collecting any personal information from the child. It also requires providing parents access to their child's personal information to allow them to prohibit or delete this information. This rule further states data collected is retained only for as long as needed to fulfill the purpose of collecting the information.
Frequently asked questions about complying with COPPA can be found here.
EU Safe Harbor
Safe Harbor is the policy agreement established between the U.S. Department of Commerce and the European Union (EU) to regulate the way U.S. companies export and handle the personal data of European citizens. Under this policy, companies collecting personal data must follow an established outline of privacy to ensure integrity and security. This includes providing legal framework to support schools and their organizations with how their data is stored.
Read more about US-EU Safe Harbor Policy. Check to see what companies adhere to the Safe Harbor Policy.
FERPA
The Family Educational Rights and Privacy Act (FERPA) is a Federal law protecting the privacy of student education records. It is meant to ensure students and parents may gain access to the student's educational records and challenge the content or release of these records to third parties. Schools are allowed to disclose content considered to be "directory" information without consent. "Directory" information includes a student's name, address, phone number, date and place of birth, honors and awards, and attendance dates. Schools are required to inform parents and students of this disclosure, allowing ample time for a request to deny release of this information.
Learn more about FERPA online or call 1-800-USA-LEARN.
HIPAA
The federal Health Insurance Portability and Accountability Act (HIPPA) is a law providing baseline privacy and security standards for medical information. Under HIPPA, any information that is created or received by any covered entity, such as schools, relating to a physical or mental health condition, treatment provided, or payment for healthcare is covered by the Privacy Rule. The Privacy Rule applies to protected health information (PHI) which includes all individually-identifiable health information that is transmitted using any format or medium. This includes paper, electronic, or oral.
Because student health information in education records is protected by FERPA, the HIPAA Privacy Rule excludes such information from its coverage.
More detailed information concerning patient rights under HIPPA can be found here. You can also learn more about how FERPA relates to health information and HIPPA.