
Protecting student data isn’t just best practice — it’s the law. And California public schools are expected to communicate clearly with families about what data is collected, how it’s used, and what rights students and parents have.
This guide explains the basics of student data privacy laws in plain language, and provides resources your school can use to improve transparency and build trust.
📘 Key Laws That Shape Student Data Privacy
FERPA (Family Educational Rights and Privacy Act)
- Gives parents (and eligible students) the right to:
- Inspect and review education records
- Request corrections of inaccurate or misleading data
- Consent (or deny consent) before certain information is disclosed
AB 1584 (California Law)
- Requires districts to ensure vendors handling student data meet privacy standards
- Mandates written contracts with specific data-use language for any edtech provider storing student info
- Gives schools responsibility for ensuring third-party compliance
CIPA (Children’s Internet Protection Act)
- Applies to schools receiving E-rate funding
- Requires schools to have internet safety policies that block/filter harmful content and educate students about digital citizenship
🧑⚖️ What You Must Share with Parents
Schools are expected to:
- Notify families annually of their FERPA rights
- Explain what counts as “directory information” (e.g. name, grade, email) and how to opt out
- Provide clear instructions for how to access or amend student records
- Disclose what tools, apps, or platforms are used — and what data they collect
📝 Sample Notification Language (Adaptable)
“Under FERPA and California law, parents and guardians have the right to review their child’s education records, request corrections to inaccurate data, and opt out of directory information sharing. To make a request or learn more about how we protect student data, contact [District Contact Name/Department] at [Phone/Email].”
⚠️ This language is provided as a sample only. Districts should consult with legal counsel before adopting or distributing notices to ensure compliance with local policy and law.
🔍 Transparency Builds Trust
Families deserve to know what’s being collected and why. When schools proactively share clear, jargon-free privacy notices, it improves:
- Community trust
- Staff awareness of compliance requirements
- Parent engagement with tech tools and platforms
💡 Final Word
Student data privacy isn’t optional — and communicating about it doesn’t have to be complicated.
Use this page to review your current privacy notices, vendor practices, and parent communications. Then build from there.
Cybersecure California is here to help K–12 leaders create a culture of privacy, transparency, and trust.