Yes; the primary statute is FERPA; please see the resources found at: http://www.cde.state.co.us/cdereval/dataprivacyandsecurity. There is also a corresponding state law that references FERPA, in section 22-1-123, C.R.S.
This past state legislative session had data security legislation passed. Here is a link to HB 2014-1294:
The Definition of a student’s education record is defined here: http://nces.ed.gov/pubs97/web/97859.asp
There are three important laws related to the privacy of children: FERPA (Family Education Rights and Privacy Act of 1974), COPPA (Children’s Online Privacy Protection Act- this applies to children under 13 and online data collection) and PPRA (Protection of Pupil Rights Amendment). FERPA protections were weakened through rule change by the U.S. Education Joel Reidenberg’s testimony at a recent congressional hearing on student data privacy; these three privacy laws are often circumvented AND NEW LEGISLATION IS NEEDED TO PROTECT STUDENT PRIVACY.
If parents surrender health records, they are maintained by the local education agency (LEA). Tests done by the school psychologist for an IEP (including Pearson tests) become education records. Student Information Systems, like Pearson’s Power School or Edupoint’s Synergy, store education records for districts. As such, these businesses are authorized representatives to maintain the data, without parent/student approval.
Posted in: Privacy