If a parent requests their child’s information emailed to them, please consult with your district on their policy. Avoid sending student PII via email, if possible. Student information systems have incorporated most of the information a parent requests through their portal. If the information is not available in the SIS, review the benefit versus the risk. Emailing student PII requires absolute accuracy in the email address and the information being sent. Below is guidance on how to proceed.
- Due to email account compromises, call the parent to confirm they sent an email requesting this information and their email address.
- Review district policy on sharing FERPA protected PII.
- Can the data be obtained through the parent portal?
- Confirm the parents’ email address.
- Use end-to-end email encryption for the email and attachment.
- Use protocols S/MIME or PGP. Consult your IT department for guidance.
- If encryption is not available:
- Password protect the files and communicate the password via phone.
- Utilize a secure file sharing platform.
- Before clicking reply/reply all, confirm the recipient(s).
- Include PII in an encrypted attachment, not in the body of the email.
- Use protocol AES 256. Consult your IT department for guidance.
- Send only the minimum data necessary.
- Confirm the attached report is for the correct student.
- Confirm the report has no other student listed. This is a common oversight, and the report will have multiple students’ information.
- Avoid PII in the subject line as this is not encrypted.
Following these guidelines will instill community trust and the district’s duty to protect student data.