District Schedule:Normal
Data Regulations and Definitions

Data Regulations and Definitions

The Colorado Department of Education is required by state and federal law to collect and store student and educator records. Various laws regulate how schools collect and manage student data, including FERPA, COPPA, and HIPAA.


The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. Schools may disclose, without consent, "directory" information such as a student's name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. However, schools must tell parents and eligible students about directory information and allow parents and eligible students a reasonable amount of time to request that the school not disclose directory information about them. 

For more information reguarding FERPA, click here.


Congress enacted the Children’s Online Privacy Protection Act (COPPA) in 1998. COPPA was designed to protect children under age 13 while accounting for the dynamic nature of the Internet.  The Rule applies to operators of commercial websites and online services (including mobile apps) directed to children under 13 that collect, use, or disclose personal information from children.  It also requires providing parents access to their child's personal information to allow them to prohibit or delete this information. This rule further states data collected is retained only for as long as needed to fulfill the purpose of collecting the information.

For more information requarding COPPA, click here.


Academy District 20 takes data privacy and security seriously. Listed below are procedures taken to support data security operations.

  • Encryption of stored data and securing data access.
  • Authentication for user's to gain access to devices and the network.
  • Storing all sensitive data centrally, safeguarding the data by keeping it off end-user devices.
  • Communicating expectations and protocols to system end users.
  • Policies and guidelines created concerning the use of the Internet, Intranet, and Extranet systems.
  • Providing a layered defense to protect the network and its perimeter.
  • Audit and compliance monitoring.



The Children's Internet Protection Act (CIPA) requires that K-12 schools in the US use Internet filters and implement other measures to protect children from harmful online content.



The federal Health Insurance Protabillity and Accountability Act (HIPPA) creates national standards to protect individuals’ medical records and other personal health information.  Under HIPPA, any information relating to a physical or mental health condition is covered by the Privacy Rule.  This rule applies to protected health information (PHI) transmitted in any format including paper, electronic or oral.


Because student health information in education records is protected by FERPA, the HIPPA Privacy Rule excludes this information from coverage.


More detailed infromation concerning HIPPA, click here.