In this age of data-driven decision making, data is foundational to the success of the process. Whether discussing student-achievement, program monitoring, education funding, accountability or any other education-related conversation, data is at the center of the discussion.
The Colorado Department of Education is required by state and federal law to collect and store student and educator records. Click here to view a list of CDE's major data collections.
The Department takes seriously its obligation to protect the privacy of data collected, used, shared and stored.
CDE Policy and Documents
Topics covered include: Staff training on data use, security breaches, personally identifiable student data, and requirements for data sharing agreements.
Review and Approval Procedures: Agreements Involving Personally Identifiable Information (PII)
The Department has developed a review and approval process for all agreements that involve the disclosure of PII. Click here to view approval process documents.
Topics covered include: Creation of a data index; security breaches; data sharing agreements; disclosure of student data for studies on behalf of the district and for audits, evaluation, or compliance monitoring; and parent notification about and access to student records.
- Data Collection Opt Out Requests
To support Colorado school districts on data collection issues, CDE prepared this guidance for local education agencies when responding to requests that no personally identifiable information (PII) about student(s) is transmitted by a district to CDE’s data collection system.
Topics covered include: What student information is collected by CDE, how is student information is used, where the information is stored, how the information is safeguarded, who has access to student data, when data is archived/deleted, and student privacy safeguards.
This document explains the process by which student information collected by CDE may be obtained by a parent/legal guardian.
Confidentiality Agreements and Training
CDE requires all employees that self-identify as being involved in evaluation and/or research activities to complete the “National Institute of Health, Office of Extramural Research, Protecting Human Research Participants” training, and renew it every two years. External researchers are expected to complete this training (or equivalent) prior to using and/or obtaining any staff- or student-level data from CDE.
This document outlines the manner in which CDE staff is to utilize data and protect personally identifiable information. A signed agreement form is required from all CDE staff to verify agreement to adhere to/abide by these practices. The failure to adhere to guidelines may result in personnel action, up to and including termination.
Reports and Other Documents on
Student Data Privacy and Security
- Guidance for Schools and Districts: Best Practices for Keeping Parents Informed About Student Data Collection
- Children’s Online Privacy Protection Act (COPPA)
- Family Educational Rights and Privacy Act (FERPA)
- Parents' Guide to FERPA: Rights Regarding Children's Education Records
- Privacy and Cloud Computing in Public Schools (from Fordham Center on Law and Information Policy)
- Protecting Student Privacy in Connected Learning
- Protection of Pupil Rights Amendment (PPRA)
- Resource for Schools: The Privacy of Student Information
- Uninterrupted Scholars Act Guidance
Other Organizations Involved with
Student Data Privacy and Security
- Data Quality Campaign
- Education Privacy Information Center (EPIC)
- Family Policy Compliance Office
- FERPA I SHERPA
- Fordham Center on Law and Information Policy
- Privacy Technical Assistance Center (PTAC)
- Data Dictionary: Online glossary of standard education terms, their definitions, business rules and data relationships
- K-12 Service Provider Privacy Pledge to Parents and Students
- Video: Who Uses Student Data?
- Who Uses Student Data? Infographic
Carey Markel, Data Privacy Officer: email@example.com
Dan Domagala, Chief Information Officer: firstname.lastname@example.org
Jessica Fuller, Data Privacy Assistant: email@example.com