Student Data Privacy Newsletter: FERPA and COPPA Explained
Student data privacy is one of the most frequently misunderstood topics in school technology communication. Families have real questions about what information schools collect, who can see it, and how it is used. Most schools have strong privacy protections in place but do not communicate about them clearly. A dedicated newsletter on student data privacy builds trust, answers questions before they become concerns, and demonstrates that the school takes this responsibility seriously.
Why Data Privacy Communication Matters
A 2023 survey by the Future of Privacy Forum found that 74 percent of parents were concerned about how their child's data was being used by schools and ed-tech companies, but fewer than 25 percent felt they had a clear understanding of what data was being collected. That gap between concern and understanding is where anxiety and misinformation grow. A newsletter that explains, in plain terms, what data the school collects, what laws protect it, and what families can do to exercise their rights, closes that gap and positions the school as a transparent partner rather than an opaque institution.
FERPA in Plain Language
FERPA, passed in 1974 and updated several times since, gives parents the right to access their child's education records at any time. Education records include grades, attendance, test scores, disciplinary records, health records maintained by the school, and anything else the school maintains about a specific student. Schools must obtain written consent before sharing these records with most outside parties. There are exceptions for school officials who have a legitimate educational interest, state and local education authorities, and in emergencies. When a student turns 18, FERPA rights transfer to the student. At that point, even parents do not have automatic access to the student's records without the student's consent.
COPPA and Apps Used in School
COPPA restricts websites and apps from collecting personal data from children under 13 without verifiable parental consent. When schools deploy ed-tech platforms for elementary and middle school students, the school often acts as an intermediary, providing consent on behalf of parents through the district's acceptable use policy and vendor data privacy agreements. If a family wants to know which platforms are approved and what data agreements those vendors have signed, the school technology coordinator or principal should be able to provide that list. Transparency here builds significant trust with privacy-conscious families.
What Data the School Collects on Technology Platforms
School-managed devices log browsing history, app usage, and network activity. Learning management systems like Google Classroom, Canvas, or Schoology store assignment submissions, grades, teacher comments, and login times. Reading apps like Lexia or IXL track which exercises a student completed, how long they spent, and what errors they made. This data is used by teachers to personalize instruction and by administrators to track academic progress. It is not shared with advertisers. Explaining what each category of data is used for helps families understand the purpose rather than imagining concerning scenarios.
Sample Template Excerpt
Here is a section you can adapt for your own newsletter:
Your Questions About Student Data Privacy, Answered
We know many families have questions about what information the school collects and how it is used. Here are the most common questions we hear and our honest answers.
Can anyone see my child's school records? Under FERPA, only school officials with a legitimate educational need can access your child's records. Sharing records with outside parties requires written consent from you, with a small number of legally defined exceptions.
Do apps sell my child's data? Any platform we approve for classroom use has a signed data privacy agreement with our district. These agreements prohibit selling student data or using it for advertising purposes. We do not approve apps that do not meet this standard.
How do I access my child's school records? Contact the school office in writing or via email to request access. We are required by law to provide access within a reasonable time, usually within 45 days of the request.
State Privacy Laws That May Apply
Many states have enacted Student Data Privacy legislation that goes beyond FERPA's minimum requirements. California's SOPIPA, New York's Education Law 2-d, and Colorado's Student Data Transparency and Security Act all set stricter limits on what vendors can do with student data and what schools must disclose to families. Your district's technology department should know which state laws apply and can tell families what additional protections are in place beyond federal minimums. Mentioning these state protections in your newsletter shows families that the school is paying attention to the evolving legal landscape.
How Families Can Exercise Their Rights
Every family has the right to request access to their child's education records, request correction of inaccurate information, and receive a copy of the school's data privacy policies. Walk families through the specific process your school uses. Who do they contact? What form do they complete? How long does the school have to respond? Making the process concrete and easy to follow signals that the school genuinely welcomes family engagement with data privacy rather than treating these rights as administrative formalities families are unlikely to pursue.
Talking to Your Child About Their Own Digital Privacy
Students have privacy interests too. Older students in particular benefit from understanding what data their school collects and why. Teaching students that their digital activity at school is monitored, that their academic records are protected by federal law, and that they have rights around their own information as they enter adulthood prepares them for a world where data literacy is a practical life skill. Encouraging families to have this conversation at home extends the impact of a privacy newsletter well beyond what a one-time communication can achieve on its own.
Get one newsletter idea every week.
Free. For teachers. No spam.
Frequently asked questions
What is FERPA and what does it mean for families?
FERPA, the Family Educational Rights and Privacy Act, is a federal law that protects the privacy of student education records. It gives parents and eligible students the right to inspect and review education records, request corrections to inaccurate records, and control the disclosure of information from those records. Schools must have written consent from parents before sharing a student's education records with third parties, with some exceptions for school officials and specific authorized parties. FERPA rights transfer to the student at age 18.
What is COPPA and how does it affect school technology use?
COPPA, the Children's Online Privacy Protection Act, restricts the collection of personal data from children under 13 without verifiable parental consent. When schools deploy apps or online platforms for students under 13, those platforms must comply with COPPA. Schools often obtain consent on behalf of parents through the acceptable use policy or device agreement. Families should know which platforms their child's school uses and confirm those platforms have appropriate COPPA compliance documentation.
What student data do schools collect and why?
Schools collect student names, addresses, grades, attendance records, test scores, health information, disciplinary records, and in technology programs, device usage logs and learning platform activity. This data is used for educational purposes: tracking academic progress, communicating with families, meeting state reporting requirements, and improving instruction. Schools are legally required to protect this data and restrict access to authorized personnel. The newsletter should explain what is collected and why without being vague or evasive.
Can third-party apps sell student data?
Under FERPA and most state student privacy laws, ed-tech vendors that receive student data from schools are prohibited from selling or using that data for commercial purposes unrelated to the educational service. Many states have additional Student Data Privacy legislation that goes beyond FERPA. However, not all free consumer apps intended for personal use comply with these restrictions. Schools should only deploy apps that have a signed data privacy agreement with the district, and families should know the difference between school-approved platforms and apps students may access on personal devices.
How does Daystage handle student data and family communications?
Daystage is designed for school communication and stores family contact data securely in compliance with applicable privacy laws. When schools use Daystage to send newsletters, the recipient data is used solely for delivering the communication and is not sold or shared with third parties for commercial purposes. Daystage provides school administrators with control over their organization's data and supports the privacy expectations families should have from any school technology platform.
Adi Ackerman
Author
Adi Ackerman is a former classroom teacher and curriculum writer with 8 years in K-8 schools. She writes about school communication, parent engagement, and what actually works in real classrooms.
More for Technology
Ready to send your first newsletter?
3 newsletters free. No credit card. First one ready in under 5 minutes.
Get started free