search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Student Data Privacy Laws One federal student privacy law that regulates privacy


and protects sensitive data when schools issue devices or use software, apps and online services is the Family Educational Rights and Privacy Act (FERPA), a federal law administered by the Family Policy Compliance Office in the U.S. Department of Education (DOE).2


FERPA applies to


educational agencies and institutions (e.g., schools) that re- ceive funding under any program administered by the U.S. DOE. Private and parochial schools at the elementary and secondary levels generally do not receive such funding and are, therefore, not subject to FERPA.3


FERPA protects


the privacy of student education records and most school health records. According to FERPA, a student record may include a variety of details about a student, including bus route, immunization history, and attendance. The Children’s Online Privacy Protection Act of 1998


(COPPA) addresses data protection regulations for chil- dren under the age of 13.4


In addition to the federal student


privacy laws, at least 40 states have also passed laws. Pro- viders need to be aware of FERPA, COPPA, and applicable state data privacy and breach laws, along with district or school policies regarding the use of software, apps, and other technologies that collect data about students.


Protection & Disclosure of Student Health Information Both FERPA and the Health Insurance Portability and


Accountability Act (HIPAA) generally protect health in- formation from disclosure. FERPA protects the privacy of most school-health records. Not all health data is covered under HIPAA, and it is unlikely that the data collected from school health check-ins is covered. The HIPAA privacy rule expressly excludes information considered ‘education records’ under FERPA from HIPAA’s requirements. In short, when FERPA applies, HIPAA does not. Also, the HIPAA rules only apply to covered entities and business associ- ates,5


and many organizations do not fall into the category


of covered entities or business associates, and therefore do not have to comply with the HIPAA Rules. Consent is usually required before disclosing personal information, but FERPA as well as HIPAA6


have exemp-


tions for public health emergencies, when disclosure is necessary to protect the health or safety of others. Under the FERPA exemption, institutions may disclose personal health information from student health records to “ap- propriate parties” (such as public health officials) whose knowledge of the information is necessary to protect the health or safety of students or other individuals. The disclosure does not require consent.7 Regarding the application of FERPA to contact tracing,


U.S. DOE guidance provides that a school may report the fact that a student, teacher or other school official has COVID-19, without specifically identifying the infected individual by name.8


Schools need to decide on a case- 24 School Transportation News • NOVEMBER 2020


by-case basis whether disclosing a student’s name is absolutely necessary to protect the health or safety of students or other individuals, or whether a general notice is sufficient. In making such decisions, schools should consider the totality of the circumstances, including the need to know to take appropriate protective action(s) and the risks to the health or safety of such students or other individuals. Because FERPA applies to students’ education records—and not records on school officials—it does not prevent schools from telling parents and students that a specific teacher or other school official has COVID-19. However, there may be state laws that apply.


Actions & Penalties for FERPA & COPPA Violations Failing to follow FERPA and COPPA could trigger claims


or regulatory actions. FERPA is a spending statute, so U.S. DOE can enforce compliance only through the threat of discontinuing federal funding. A 2002 U.S. Supreme Court decision held that students and parents may not file a fed- eral lawsuit against an educational agency or institution for a FERPA violation.9


cy laws is possible. Similarly, COPPA has no private right of action, but acts considered by the U.S Federal Trade Com- mission (FTC) to be unfair or deceptive could violate state unfair-practices laws, which might have a private right of action. In addition, the FTC and the state attorneys general enforce COPPA. The COPPA Rule allows for civil penal- ties of up to $42,530 per violation, but the FTC considers numerous factors in determining the appropriate amount, including a company’s financial condition and the impact a penalty could have on its ability to stay in business.


School Bus Technology to Combat COVID-19 Several states have provided funding for technology


and broadband for K-12 in response to the COVID-19 pandemic, and many districts and student transportation providers are using technology to plan, monitor, and manage student transportation in response to COVID-19. Technology is helping schools navigate the operational and legal strain that COVID-19 has had on the industry. A survey conducted by School Transportation News


for the virtual Bus Technology Summit in September found that there is room for expanded use of technol- ogy. Roughly one-half of respondents reported using technology to support contact tracing and temperature checking, while only 35 percent of respondents re- ported implementing technologies that support social distancing. These are just a few areas where technology can and should be deployed. The most common tech- nology that schools are using in the COVID-19 fight is the use of a thermometer for temperature checks. In the wake of COVID-19, technologies are being used to measure a person’s surface temperature with no-touch or non-contact temperature assessment devices, such as thermal imaging systems (also known as thermal imag-


However, a lawsuit based on state priva-


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60