Skip Navigation
Protecting the Privacy of Student Records, Section 3 full text
Section 3:
Protecting the Privacy of Individuals
during the Data Collection Process 
Commonly Asked Questions
A. Determining the Agency's Student Data Needs and Uses
B. What Information Can Be Requested about Students?
C. Classifying Data Elements or Record Sensitivity
D. Ensuring Data Integrity and Accuracy
E. Assigning and Using Unique Identification Codes
F. How Long Should Data Be Maintained?

Suggested Audiences:


When you are asked to answer questions about your child or your family, do you wonder how the person asking the questions will use the information and what would happen if you gave the wrong answers? Everyone is concerned about releasing personal information to a stranger, and everyone wonders just how many people will see the responses.

School systems must have information about their students if they are to make appropriate decisions about educational and support programs. From the time a child enters school, records begin to follow the new student. Besides the information provided by the student or parent, such as basic enrollment and immunization status, school staff create a paper trail to describe the student's educational program, extracurricular activities, and other relevant experiences. Deciding what data to gather along the paper trail requires careful consideration of what information is needed by the school system and how best to collect it. In addition, however, the school system should take into consideration the concerns of students and their families. The principles in this section should be considered no matter who collects the data or how and why the data are collected about students.


Q. How do I decide what information to collect about a student?

A. You can check state and local laws and regulations as well as school board policies for the types of information you are required to collect. Other than these requirements, agency or school staff should carefully consider the needs for the information against the costs and burden of collecting it. See Section 3, Guidelines A and B.

Q. Must I have permission from the parents to give an achievement test to a student?

A. Permission from parents is not usually needed for achievement testing unless state or local policies related to obtaining parental permission already exist. In general, you should inform parents of the purposes and uses of testing and whether it is mandatory. See Section 3, Guidelines B; also see discussion of the Protection of Pupil Rights Amendment (PPRA) in Section 2, Guidelines C.

Q. How responsible am I for the accuracy of the student data I receive?

A. In general, data collectors are more ethically than legally responsible. You can promote the accuracy and integrity of the data in several ways. See Section 3, Guidelines D.

Q. When can I destroy student records? When not?

A. Agencies or schools may establish their own policies, based on federal and state legal requirements, to determine the length of time records or portions of records are kept. See Section 3, Guidelines F. However, you may not destroy a record if there is a pending request to review it. See Section 5.

Q. Can I use social security numbers to identify or match education records?

A. Yes, you may use social security numbers if your state has no prohibition against using them. However, you may not require students to provide them. It is important for you to inform students or parents if agencies or schools intend to use these numbers. See Section 3, Guidelines E.


A. Determining the Agency's Student Data Needs and Uses

Usually, data are collected because they are:

Schools or agencies can use data for administrative purposes in five major ways: When schools, school districts, and state education agencies decide to collect and maintain personally identifiable data about students, the intended uses of the data must be identified. Some data about students are collected because they are required by law or regulation to protect civil rights or assess accountability. The law or regulation in these cases provides the justification for the collection of the information. Other types of data are collected to promote the efficiency and effectiveness of the agency and are justified under school board or state board of education policy. Still other data about individual students are collected to determine their progress, place them into appropriate learning experiences, and otherwise assist the school in meeting the needs of the students.

When data about students are aggregated, information may be used for program accountability and funding decisions. Each piece of information included in an education record should represent a clear and important need for obtaining and recording that information. Schools, school districts, and state education agencies may need student data for the following major administrative purposes:

Efficient maintenance of data about individual students allows data needed for one purpose to be used for other appropriate purposes. However, the uses must be justified under existing policies, and data providers should be informed of these uses. For example, information about a student's home language collected for required aggregate federal reporting could also be used in the evaluation of a school's language programs. In these instances, personally identifiable information that is used for the analyses cannot be publicly released without written approvalfrom the parents.

B. What Information Can Be Requested about Students?

In general, schools and education agencies are not restricted in what they may request about students; this is determined by state laws and regulations, the policies of the school, district or state education agency, and the professional ethics of staff. However, federal law (i.e., PPRA) does specify several types of questions that cannot be asked without prior consent of the parents. See Section 2, Guidelines C for a detailed discussion. A good practice is to collect and maintain in the education records only those data for which a clear and specific purpose has been identified.

In deciding what data can be requested from individuals, you must consider several important and practical factors. Data collection can be a burden on the data providers if too many questions are asked or the completion of the form is too time consuming. If the way in which questions are asked makes it unclear what information is requested, the accuracy of the data may be undermined. An important rule of thumb in data collection is that the data need should outweigh data burden and collection problems. Justification for data collection should state what methods will be used to guard against non-response, inaccuracy, and privacy intrusion. A good resource to use in deciding what information to collect is the Standards for Education Data Collection and Reporting, published by the U.S. Department of Education's National Center for Education Statistics in 1991.

C. Classifying Data Elements or Record Sensitivity

It is good practice for you to have a written policy describing what parts of education records are sensitive and exactly which data elements may be released as directory information and which ones may be released to different types of staff members. The California Department of Education has produced several sets of internal policies and guidelines regarding classifying data sensitivity and access. Exhibit 3-1 summarizes these policies and guidelines. You could cover some of the following areas in creating your written policy.

Each data element to be maintained about an individual student should be classified as to whether it is a part of the directory information (subject to public release), a part of the transcript information (will be released in a student's transcript if he or she transfers to another district or applies to a postsecondary education institution), or is supplemental (all the other information collected, e.g., bus route and class schedule). This can be noted for each data element in a data dictionary for an automated student information system. For paper records, there may be a notation accompanying the item on the collection form.

Within the agency, certain staff members may be allowed access to information on individual students based on a legitimate educational interest, or the staff's need-to-know. It is a good idea to classify each data element according to the type of staff member who may have access. Most persons with a need-to-know must have the information to make instructional or other support decisions. Some other persons will be involved in the collection or the maintenance of data, and will therefore have access to the information contained within the record (e.g., the school secretary). In Section 4, we discuss the federal requirement to establish guidelines for determining who has a legitimate educational interest. You can design maintenance procedures, which we also discuss in Section 4, to limit access according to this policy.

The written policy may include a description of how parents and students (over age eighteen) are to be informed about what types of data are kept in the education records. The policy may alsospecify whether data are considered a part of directory information, the education record or transcript information, or the supplemental record for use only within the school or agency. The written policy may also note that certain types of data are not considered a part of the education record and are not subject to inspection by the student or parents (e.g., personal notes maintained by a teacher or a substitute in a location separate from the official education records, or personal notes written by a school counselor that are not shared with anyone else). Exhibit 3-2 contains an example of a school district's notification policy. This brochure not only notifies parents of their rights, but also disseminates information about how the school district maintains records.

D. Ensuring Data Integrity and Accuracy

Data collectors may promote data integrity and accuracy through two efforts:

An important consideration in choosing data elements and the procedures to collect data is the quality of the data that will be received. Data integrity means that the information provided is complete and unchanging; data accuracy means that the information is correct.

Two issues are important in ensuring data integrity and accuracy. The first is the degree to which the data provider (usually the student or parent) supports the data collection. It is important for students and their parents to know if the data being requested are required by law or for the purposes of ensuring that certain services can be received by the child. They need to understand when failure to provide accurate and complete data may result in the denial of benefits (e.g., immunization records required to enroll a child in school). For most data elements or data collection forms, you should inform students or their parents about why the data are important and how they will and will not be used. Written assurances of data confidentiality often alleviate concerns and elicit more cooperation, but not in all cases. You should be prepared to respond openly and thoroughly to hard questions raised by parents and privacy advocates.

A second issue that can affect data integrity and accuracy is the design of the data collection activity and the training provided to data collectors. Training is important for all staff who might be involved in collecting student information, regardless of the purposes. Such staff may include teachers, school secretaries, school nurses, guidance counselors, principals, and evaluators. Areas that should be included in staff training are:

The training should focus on how the questions or requests for information may be stated by the staff person to ensure that the request is clear and the data can be collected consistently from all individuals. For instance, it is important for data collection procedures to ensure that parents and students have the opportunity to provide accurate answers regardless of their language, cultural, or educational backgrounds. Staff should be sensitive to and respectful of respondents' privacy and their possible reluctance to answer a question. The information belongs to the individual; you are just "borrowing" it.

E. Assigning and Using Unique Identification Codes

Using unique identification codes would:

In schools that keep all the data about an individual student in an education record on paper in a file folder, a unique identification code may not be necessary. Many large schools and school districts maintain data about their students in computerized or automated records. Having unique identification codes provides the flexibility to merge data from different computer files for use in making effective program decisions about children. If a student moves frequently, the unique identification code may help to ensure that information will follow the correct student. School districts and state education agencies increasingly use unique identification codes to help locate students who have moved within the education system.

Many schools and school districts assign a unique sequential identification number or code to each student when he or she enrolls in school. Unique identification codes help to distinguish between students with similar or identical names and other characteristics.

However, the uses of the code are often determined by its source. Some state education agencies assign a set of sequential identification numbers for schools or school districts to use so that the identification number of a student is unique within the state. Other schools, school districts, and state education agencies adopt an algorithm for assigning unique identification codes. These algorithms generally include some combination of letters and numbers taken from the student's last name, first name, date of birth, and place of birth. The code may also incorporate a number for the agency or school. Such an identification code may be sufficient if students stays within the school or agency for their entire school career. If the student moves, however, the receiving school may assign a new identification code rather than track down the student's previous code.

Social security numbers are used in many cases as an identifier. The social security number has the advantage of being unique to students and does not change when they move to another city or state. While federal law restricts the use and release of social security numbers, it does not prohibit schools from asking for the number. Specifically, schools can ask for a child's social security number but cannot require it, and schools must inform parents that they do not have to provide the social security number. Schools also cannot deny any right, privilege, or benefit to students or their parents who refuse to disclose a social security number. Schools that use social security numbers should be prepared to issue an alternative code in case of such refusal.

Schools, school districts, and state education agencies cannot release the social security numbers of students because this is considered personal information. A more thorough discussion of the use of social security numbers is included in Education Data Confidentiality: Two Studies, a report of the National Forum on Education Statistics, National Center for Education Statistics of the U.S. Department of Education in 1994.

You should consider several things about using social security numbers. The social security number is unique to individuals no matter where they live. It is useful across schools, districts, and states. Using the social security number thus can make it easier for schools to locate the appropriate transcript or student information when they receive a request. On the other hand, parents may not recall the social security number for their children, or may give a wrong number, such as their own. It is difficult and time consuming to check the accuracy of a social security number.

Since social security numbers are used to maintain confidential information by other agenciesoutside the education system, it is crucial to ensure that no one gets illegal access to the numbers. Security is far more important with social security numbers than locally assigned identifiers. Even if the social security number is used to maintain education records internally, agencies may want to assign another number for the identification card of a student or for school use, and restrict the use of the social security number to very limited purposes.

F. How Long Should Data Be Maintained?

Many states have legal requirements defining how long education records must or may be kept. There may also be federal requirements for how long some data should be maintained. School districts should have more specific policies noting exactly which data to store and how long data should be maintained. For instance, transcript information for high school completers is often kept active for a fixed length of time, such as five to ten years. In the past, such deadlines were helpful because there was limited space to save paper files. With computer files, space is no longer as significant a problem, and student transcripts may be kept active even longer. Two recommended components to include in a school or district data policy are a listing of what data elements are included in the high school transcript or education record (sent with students when they move) and a time period for how long these records will be maintained.

Other types of data (e.g., afterschool care arrangements or extracurricular activities) may not be needed after a certain period of time (e.g., one year or after a student has left the school.) It is a good idea to include in a written data policy an indication of which data elements will be expunged from education records and when they will be deleted.

Finally, there are some data that a school or agency may want to expunge to protect the student. Disciplinary actions are an example; state law or local policy usually governs these cases.


Far West Laboratory. 1993. Privacy of student records. San Francisco, CA: California Student Information Services (CSIS) Project.

National Center for Education Statistics. 1991. Standards for education data collection and reporting. Washington, DC: National Center for Education Statistics.

National Forum on Education Statistics. 1994. Education data confidentiality: Two studies. Issues in education data confidentiality and access; and compilation of statutes, laws, and regulations related to the confidentiality of education data. Washington, DC: Government Printing Office.

Saint Paul Public Schools. Student records and your rights. Saint Paul, MN: Saint Paul Public Schools.

State of California, Department of Finance. 1992. Office of information technology security and risk management guidelines, Section 6. Sacramento, CA: Office of Information Technology. 

Top of PageHome page of this documentTable of ContentsPrevious sectionThe next page in this publication
For questions about the content of this product, please contact Lee M. Hoffman.