Data Security and Privacy Policies and Procedures

Data privacy and security play a crucial role in the area of education data, specifically when it comes to safeguarding student information. By implementing robust security measures and adhering to strict privacy protocols, the Nebraska Department of Education (NDE) ensures the confidentiality, integrity, and availability of student data, enabling a safe and conducive learning environment that adheres to Federal and state requirements. Such measures not only safeguard the personal information of students but also foster a culture of responsible data handling, empowering students, parents, and educators to embrace the benefits of technology while upholding privacy as a fundamental pillar of education.

The NDE regularly reviews and monitors relevant Federal and State legislation including:

  • Family Educational Rights and Privacy Act (FERPA) (external link) – Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level.
  • Nebraska State Statue 79-2,104(4) (external link) – “The Legislature finds and declares that the sharing of student data, records, and information among school districts, educational service units, learning communities, and the State Department of Education, to the fullest extent practicable and permitted by law, is vital to advancing education in this state. Whenever applicable law permits the sharing of such student data, records, and information, each school district, educational service unit, and learning community shall comply unless otherwise prohibited by law. The State Board of Education shall adopt and promulgate rules and regulations providing for and requiring the uniform sharing of student data, records, and information among school districts, educational service units, learning communities, and the department.”
  • The Nebraska Information Technology Commission (NITC) – a nine-member commission established by the Legislature to provide advice, strategic direction, and accountability on information technology investments in the state. The NDE adheres to the NITC’s Technical Standards and Guidelines (external link).


Policies and procedures have been created at the NDE to address the requirements cited in Federal and state statute, as well as to address privacy and security needs arising from the current technological landscape. These include:


The agency also has a series of Administrative Memorandums (AM) related to Data Management.

Administrative Memorandum Purpose
AM 706 Data Quality To set out the purpose and procedures for ensuring quality educational data is collected, stored, reported and appropriately used in the Department.
AM 707 Data Security NDE has a legal and ethical responsibility to protect the privacy and security of education data, including personally identifiable information.   The purpose is to mitigate the risks from inadvertent disclosure of inappropriate, sensitive or protected data or computer security breaches by providing a plan of action for any incidences of this nature that occur.
AM 708 Computer Equipment, Internet Access, Electronic Mail and Portal Electronic Communication Devices Acceptable Use This memorandum provides employees with standards for acceptable use of NDE computer equipment, Internet access, electronic mail and portable electronic communication devices.
AM 709 Data Collections Approval Process This process is established to ensure that the Nebraska Department of Education (Department) collects the highest quality data possible while at the same time minimizing the data collection burden on local school districts, private schools, and other respondents.
AM 710 Records Retention This Administrative Memorandum specifies the policies and procedures for retaining, storing, and disposing of Department records.
AM 711 Student and Staff Data Privacy and Confidentiality This memorandum provides the Department’s rules and procedures, in accordance with state and federal requirements, to be used when staff members are in possession of any type of education record of a student, students, or staff of any educational agency/institution that has federal funds made available to it from the U.S. Department of Education.  This would include all public PK-12 and postsecondary schools and many non-public schools.


Updated May 30, 2024 10:07am