Student Privacy

Student Data Privacy

At Culpeper County Public Schools (CCPS), we make it a high priority to secure student and staff information.  We are committed to ensuring the safety and security of students while online and interacting with one another through digital devices.  Through our Instructional Technology Resource Teachers, we seize on opportunities to provide instruction related to digital citizenship, internet safety, how to prevent cyber-bullying, and skills needed to maintain personal privacy.  

As we attempt to provide our teachers with as much flexibility as possible as it relates to accessing online educational services, we are also mandated to ensure COPPA and FERPA compliance guidelines are followed.  As a result, teachers who discover an appropriate educational resource they would like to use with their students will need to validate the following items:

    1. Is there an educational benefit for all students?
    2. Does the online educational software require plug-ins or an install?
    3. Have you reviewed the privacy policy to ensure 3rd party vendors (providers) are identified?
    4. In accordance with FERPA and the software privacy policy, is parental consent or notification required?

If these minimum requirements are met, please submit a request to have it added to the division list of approved online resources on the ITRT website.

Email and Keeping Information Secure

Today, it is easy to use digital systems, such as email and cloud-based services, to share important information.  These technology tools help to effectively manage data and share input among a host of fellow educators, administrators, and parents.  However, utilizing these tools requires staff to be cautious when sending Personally Identifiable Information (PII).  The video below, provided by the U.S. Department of Education explains some of the ways we can ensure we maintain student and staff privacy.   


In addition, it is recommended that staff members who have access to student information at the school-level utilize two-factor authentication. 

What is two-factor authentication?

A password is all that protects your account right now, and passwords can be easier to obtain than you might think.
2-step authentication adds another step to the login process. After you enter your password, you’ll be asked for a passcode from your mobile device. This raises the stakes for someone who wants to get into your account because now they have to get your password and your phone.

G-Suite, our main provider, has this capability available to protect your Google logins from being compromised.

Password Protection
Protecting data starts with a good password.  Carnegie Mellon University offers some guidance as it relates to the creation and maintenance of good password security.
Here are some suggestions from the CM website:
A Strong Password should -
   Be at least 8 characters in length
   Contain both upper and lowercase alphabetic characters (e.g. A-Z, a-z)
   Have at least one numerical character (e.g. 0-9)
   Have at least one special character (e.g. [email protected]#$%^&*()_-+=)
A Strong Password should not -
   Spell a word or series of words that can be found in a standard dictionary
   Spell a word with a number added to the beginning and the end
   Be based on any personal information such as user id, family name, pet, birthday, etc.

Please visit the Carnegie Mellon University website for more information on how best to protect yourself using good password protocol.