Skip to main content

Oregon State Flag An official website of the State of Oregon »

Student Data Privacy

FERPA: Guidance for School Officials on Student Health Records

Published April 2023

Remember, it's up to you to keep student data safe!

  • FERPA protects the privacy of students by restricting access to records that contain Personally Identifiable Information (PII).
  • FERPA does not permit the disclosure of PII from education records without consent, except under certain Exceptions.
  • FERPA requires that Reasonable Methods be used to protect the integrity and security of the data being maintained at LEA's and SEA's.
  • FERPA does permit the disclosure of certain types of PII that is previously designated as Directory Information by the LEA's.
  • FERPA affords parents and eligible students the right to have access to their children's education records, and the right to seek to have the records amended.

Student Privacy Glossary link

Student privacy has a full range of terms, many acronyms and a nomenclature all its own. The glossary link to the right has been designed to aid stakeholders in breaking down and understanding the terms most commonly used in the "Student Privacy" sphere, as well as provide clear and concise definitions by providing clear and concise definitions for commonly used terms relating to student privacy.

Privacy Technical Assistance Center

The U.S. Department of Education’s Privacy Technical Assistance Center (PTAC), located within the Student Privacy Policy Office, was established in 2010 as a “one-stop” resource for education stakeholders to learn about data privacy, confidentiality, and security practices related to student-level data systems and other uses of student data.  PTAC’s primary role is the provision of the following services:

  • operating a Student Privacy Help Desk, offering assistance on complex student privacy issues to the education community via phone or email;
  • developing privacy and security training materials for States and districts;
  • issuing privacy and security best practice recommendations, including issue briefs and checklists;
  • conducting technical assistance site visits to SEAs and LEAs; and
  • hosting privacy-focused regional meetings and lessons learned forums for education stakeholders.

Data Security and Privacy Documents