Student Data Privacy

  •  

     SDP photo

  • Denver Public Schools "is committed to protecting the confidentiality of student information obtained, created and/or maintained by the district. Student privacy and the district's use of confidential student information are protected by federal and state law, including the Family Educational Rights and Privacy Act (FERPA) and the Student Data Transparency and Security Act (the Act). The Board directs district staff to manage its student data privacy, protection and security obligations in accordance with this policy and applicable law." DPS Administration Policy JRCB.


  • Required Training

    Safeguarding student data is an essential responsibility for all people who work in education. Denver Public Schools has created a training course for all staff to ensure that they are protecting student data, and that all members of Team DPS are in compliance with the state and federal laws regarding student data privacy.


    All DPS staff, regardless of their role in the District, are required to complete this training annually. If you have not already done so, please complete the Privacy and Protection of Confidential Student Information course in Learning Space to satisfy the current year requirement.

  • Rules for Storing and Sharing Student Data

    For in-depth guidance on the DPS rules for storing and sharing student data, review the Acceptable Use Policy (AUP) in the Employment Practice Manual

  • School Resources

    Use the Academic Technology Menu

    Review the DPS Academic Technology Menu (Lightspeed Digital Insight Platform) to see which tools have a Data Protection Addendum (a formal data sharing agreement) that allows DPS to designate school service contract providers as “school officials” to share student data without parent/guardian consent. These tools are clear for you to use; however, a school may need to pay for their own contract. 

    Please contact the Purchasing Department at purchasing@dpsk12.org if you would like to purchase a tool.
     

    Instructions to Use Online Tools 


    Download and read these instructions before you use any software or educational tool that includes student information.  It also includes a link to a Google Form Parent Consent Letter and a video link demonstrating how to set up the letter for your school's needs.

  • Google Third Party Apps OAuth

    Signing in with Google

    Recently DoTS, in collaboration with DPS’ Legal team and Educational Technology, has begun restricting the use of the “Sign in with Google” button for DPS Google accounts. The District has signed Data Protection Addendums (commonly referred to as a “DPA”) with various companies that help protect DPS users’ data. These companies are indicated with a “DPA” tag in addition to a specified Date Approved on the ATM (Academic Technology Menu). Below is some information on why “Sign in with Google” can be problematic.

    Data Privacy Concerns

    When you use the “Sign in with Google” button (OAuth) for a third-party app, you grant it access to specific information from your Google account. This can include your name, email address, profile picture, and, in some cases, edit and own files in our Google Drive domain. While this information may be necessary for the app's functionality, it also means that our data is in the hands of the app developer. If the developer lacks robust security measures or has malicious intent, our sensitive data could be at risk of unauthorized access or misuse. FERPA places the responsibility for protecting student Personally Identifiable Information (PII) data on the schools and district, even when it’s supplied to a third-party.

    Limited Control Over Data Sharing

    When you utilize Google Sign-In, you typically consent to share your data with the third-party application, often without granular control over what information is being shared. This lack of control can lead to overexposure of district information, potentially exposing us to privacy breaches or unwanted marketing activities.

    Security Vulnerabilities

    The security of third-party applications can vary widely. While Google itself maintains high-security standards, third-party developers may not implement the same level of protection. Weak security practices can make these apps susceptible to data breaches, putting your DPS Google account and student/district data at risk.

    Data Harvesting and Monetization

    Some third-party applications may have a business model that relies on collecting user data to sell it to advertisers or other third parties. When you use Google Sign-In, you might unknowingly contribute to this data harvesting, which can result in our information being used for targeted advertising or other commercial purposes without your explicit consent.

    Below is an example of some of the services that a simple app such as Zoom requires access to in your Google account:

    Google OAuth Access Examples

    If your Principal has added an app to the ATM that we do not have a DPA with, teachers and students are approved to use the app however, the use of the “Sign in with Google” button will not be available. If you create an account with the third-party service, please be sure to not share DPS data with the service and anonymize student accounts as much as possible.

  • Additional Information

    For more information about how to keep student information secure, please see the following resources: 

CONTACT


  • Student Data Privacy Questions? Contact:
    jennifer_collins@dpsk12.org


    Department of Technology Services (DoTS)
    Emily Griffith Campus
    1860 Lincoln St., 7th Floor
    Denver, CO 80203


    Self-Service
    Submit your own incident 24/7
    Click on the DoTS Help button below:

    DoTS Help


    Call Us
    Monday through Friday
    720-423-3888 (English and Spanish)