Per the Student Data Transparency and Security Act (PDF), CDE is required to provide Local Education Providers (LEPs) with sample privacy and security policies. CDE has drafted a suite of privacy and security policies. The policies include information regarding data breach processes and definitions, data retention and destruction, privacy compliance standards, and other security and privacy best practices. Go here to view and download our sample LEP privacy and security policies.
As CDE works to analyze, interpret, and comply with the new Colorado Data Privacy Law (C.R.S. 22-16-101 et. al. formerly HB16-1423 (PDF)), we will be providing resources to assist the other parties who have obligations under the law in fulfilling those requirements. Content will be added as it becomes available.
- CDE Presentation for Districts on New Data Privacy Law (PDF) (Updated 9/29/2017)
- Superintendent Presentation on New Law (PDF)
- Fact Sheet on New Law (PDF)
- PTAC Video: Email and Student Privacy
Contracts and Agreements
- New Executed Contracts
- LEP Contract Template (Annotated) (DOC)
- LEP Contract Template (Clean) (DOC)
- LEP Contract Template Presentation (PDF)
Data Collection Guidance
- Best Practices for Informing Parents about Data Collection (PDF)
- Excel In Ed: Student Data Privacy Communications Toolkit (PDF)
- CDE's On-Demand Providers Transparency page
Third Party Guidance
- Letter to third parties who receive Personally Identifiable Information from CDE (PDF)
- PTAC: Protecting Student Privacy While Using Online Educational Services
- CoSN: Security Questions to Ask of An Online Service Provider (PDF)
- Fact Sheet - School Services and Contract and On-Demand Providers (DOC)
CDE Compliance Activities
- Per C.R.S.22-16-105 (2)(a), CDE is required to create a research review process and gain approval from the State Board of Education. The State Board approved the process on September 14, 2016. View the process presentation.
If you have questions, contact the Data Privacy Office at email@example.com.