We take student data privacy very seriously in Denver Public Schools (DPS).  Safeguarding student data is an essential responsibility for all DPS employees.  Our schools and staff follow our Student Data Privacy training and guidance process to ensure that all DPS staff are:

1. Protecting student data

2. In compliance with Colorado state and federal laws regarding student data privacy

At a district level, we devote significant staff time and resources to negotiating contracts with vendors that include a formal data sharing agreement (Data Protection Addendum or DPA) to prohibit student data mining or targeting marketing while requiring industry standards for encryption and security. These agreements enable us to safely share student data without parent/guardian consent. We require that vendors sign the DPA if they have a negotiated contract.

If a vendor has not signed the DPA, then it is considered to be an on-demand service provider. Parent/guardian consent is required at the school level before student data can be shared with on-demand service providers. You can review the educational technology resources listed by your student’s school in the Academic Technology Menu (ATM) and the provider privacy policies. Parent consent is given each school year through the registration process.  As new tools are added, parents/guardians will receive notifications from their school so they have the opportunity to provide consent.

The Academic Technology Menu (ATM) is a resource for school leaders, teachers, students and parents/guardians as part of the student data privacy process. The purpose of the ATM is to allow school leaders and teachers to identify which tools they plan to use with students, and to inform parents/guardians of these tools and their privacy policies. As applications are adopted by schools, and if they are not already protected by student data privacy agreements, the ATM provides assistance for schools to take appropriate measures in protecting student data by providing guidelines for obtaining data-sharing agreements or obtaining parent consent for classroom use. The ATM is also an integral part of the district’s Academic Technology Strategic Plan.

The ATM has 3 categories; Approved, In Review, and Not Approved.

The ”Approved” list provides the names and details of tools that are approved for use at DPS. Most of these vendors have signed a Data Protection Addendum. No parent consent is required unless specified.

The “In Review” list provides the names and details of tools in use at DPS that require parent consent because they have not been fully reviewed by DPS.

The "Not Approved” list provides the names and details of the tools that are not approved for use at DPS, even with parent consent.

The Colorado Department of Education (CDE) collects student data from students across Colorado to meet specific policy, practice, and service requirements of state and federal laws.  We collect and submit DPS student data to CDE based on their requirements and procedures.  CDE provides a Data Collection Fact Sheet of what type of information is collected as well as an overview of the Data Elements Collected in Data Collection System to meet state and federal reporting mandates.

There are several laws that dictate how schools and teachers handle student data.

• FERPA – The Family Educational Rights and Privacy Act
  FERPA requires that schools have written permission from the parent or guardian in order to release any information from a student’s education record. So the most important thing is that, with some very specific exceptions, you shouldn’t be sharing student information with apps and websites without parent permission.

• COPPA – The Children’s Online Privacy Protection Act
  COPPA puts special restrictions on software companies about the information they can collect about students under 13. So, students under 13 can’t make their own accounts, teachers have to make the accounts for them. In making the accounts, teachers need to be aware of their responsibility under FERPA.

• CIPA – The Children’s Internet Protection Act
  Teachers don’t need to help comply with CIPA, but it’s useful to know that it is in place. CIPA requires districts to put measures in place to filter Internet access and other measures to protect students.

• PPRA – Protection of Pupil Rights Amendment
  PPRA governs the administration to students of any survey, analysis, or evaluation that concerns one or more of eight designated protected areas.

• SDTSA – Colorado Student Data Transparency and Security Act (HB16-1423)
  SDTSA puts additional restrictions on how school districts can share student data with third party service providers. The three primary focus areas of the law are:

  1. Data Use Obligations and Restrictions

  2. Data Transparency

  3. Data Security & Destruction