Which practices support student data privacy in district operations?

• A. Access controls, data minimization, encryption, staff training, vendor management, and compliance with FERPA and related laws.
• B. Publishing all student data on the district website.
• C. Sharing student data with third parties without agreements.
• D. Keeping no privacy policies.

Answer: (A)

Protecting student data privacy in district operations relies on a layered approach that combines technical controls, governance, and legal compliance. Access controls ensure only authorized staff can view or modify student records, using roles and the principle of least privilege. Data minimization means collecting only what is needed for a legitimate purpose and retaining it only as long as necessary, reducing the amount of information exposed. Encryption protects data both when it’s stored and when it’s transmitted, so even if data is intercepted or stolen it remains unreadable. Ongoing staff training keeps everyone aware of proper data handling, privacy expectations, and safeguards against common threats. Vendor management ensures third-party providers have appropriate privacy protections and that data-sharing arrangements are governed by contracts and audits. Finally, compliance with FERPA and related laws sets clear rules for rights, access, disclosures, and responsibility, anchoring day-to-day privacy practices in legal requirements.

Publishing all student data, sharing data with third parties without agreements, or having no privacy policies would undermine protections and increase risk. The practices described create a secure, compliant environment that respects student privacy.