On January 23, 2015, Senior Attorney Lesley Fair at the Federal Trade Commission (“FTC”) posted on the Agency’s business blog clarifying how the Children’s Online Privacy Protection Act (“COPPA”) applies to schools. COPPA seeks to protect the privacy of children by allowing parents to control what personal information about their children under the age of thirteen may be collected by “operators” of websites or online services, including apps, that are either directed to children or that knowingly collect personally identifiable information from children. Subject to certain regulatory exceptions, the entities covered by COPPA must notify parents and obtain consent before collecting, using, or disclosing any personal information from children under thirteen.
The Family Educational Rights and Privacy Act (20 U.S.C. 1232g; 34 CFR Part 99) (“FERPA”) imposes various requirements on educational institutions regarding the privacy of personally identifiable information contained in education records of students. On December 9, 2008, the U.S. Department of Education (“DOE”) published final rules amending the regulations that implement FERPA.
Originally proposed on March 28, 2008, the DOE published a notice which proposed various changes to FERPA and its implementing regulations “to implement various statutory changes made to FERPA to implement two recent US Supreme Court decisions, to respond to changes in information technology, and to address other issues identified through the Department’s experience in administering FERPA.” (73 FR 74806). According to the DOE, approximately 121 parties submitted comments in response to the March, 2008 NPRM. The Final Rules become effective January 8, 2009.
Last week, a panel of the Ninth Circuit Court of Appeals held that in the absence of an announced monitoring policy, the mere act of connecting a computer to a network does not extinguish a user’s reasonable expectation of privacy, under the Fourth Amendment, in the contents of his or her computer. The panel announced its holding in United States v. Jerome T. Heckenkamp, Nos. 05-10322 and 05-10323 (9th Cir. April 5, 2007), wherein it upheld the introduction of evidence obtained by University of Wisconsin employees through remote and direct access of a student computer attached to a university network. Although it recognized the defendant’s reasonable expectation of privacy, the panel upheld the lower court’s admission of evidence under the judicially-created “special needs” exception to the Fourth Amendment because the alleged hacking posed an immediate threat to the university network and the searches were not conducted for a law enforcement purpose.