Student Privacy Training Program

2023-2024 Cohort Information


Audience: School attorneys, state and local education agency staff

Cost: There is no cost for the course.

Since 2013, over 130 new student privacy laws have passed in 42 states, with more bills and regulations being rolled out each year and in 2020, the shift to hybrid and distance learning created new privacy concerns. This isn’t only a legal problem: as technology changes and the amount of information schools collect and maintain increases, conveying best practices to schools that adequately protect student privacy is extremely challenging. 

The Future of Privacy Forum, a nonprofit focused on privacy, created the free Train-the-Trainer program to help school attorneys, state and local education agencies, and faculty at colleges of teacher education become student privacy experts who can help their stakeholders and train their peers on this changing legal and edtech privacy landscape.

Whether you are new to the student privacy world or an experienced practitioner, the FPF Student Privacy Train-the-Trainer Program will provide the knowledge and skills to make you a student privacy expert while connecting you with a peer network and student privacy experts from across the country.

Participants should have a strong interest in student privacy and the willingness to conduct student privacy training at their institutions or relevant conferences. They should also be able to dedicate on average six hours per month for the program’s live virtual webinars (90 or 180 minutes) and asynchronous activities (4-5 hours).

Hear what participants of the 2020 Train-the-Trainer program had to say about the value of the program, and its impact on their day-to-day work.

To apply please click the “apply to the program” link below or visit,  or you can nominate someone to be part of the program. Applications are accepted and reviewed on a rolling basis but must be submitted no later than September 28th.

"*" indicates required fields

(1-2 sentences)
This field is for validation purposes and should be left unchanged.

February 25th, 12PM-3:30PM EST  – Opening Workshop Day One (Webinar)

February 26th, 12PM-3:30PM EST  – Opening Workshop Day Two (Webinar)

March 19th, 1PM-2:30 EST – Protecting Student Privacy (90 minute Webinar)

This module will provide an overview of federal student privacy laws, including the Family Educational Rights and Privacy Act (FERPA), Protection of Pupil Rights Amendment (PPRA), Children’s Online Privacy Protection Act (COPPA). We will compare and contrast the purpose, target audience, and enforcement mechanisms of each law and explore how the laws impact the day-to-day work of educational institutions.

April 16th, 1PM-2:30 EST  – Defining Data (90 minute Webinar)

This module will cover important categories of data and sharing of data. We will compare and contrast direct and indirect identifiers, sensitive and non-sensitive data, identifiable and de-identified data, and individual-level and aggregate data. Participants will develop communications for their stakeholders to explain the types of data, their uses, and the necessary protections.

May 21st, 1PM-2:30 EST  – Using Data in Education (90 minute Webinar)

This module will explore who uses education data and why. We will also discuss educational research, how schools can manage requests for education data, what resources are available for managing requests for data, and what exceptions are applicable. Participants will add data sharing and research resources that they feel would be beneficial for their situation to their portfolio. Finally, participants will evaluate the uses of data in their environment. 

June 18th, 1PM-2:30 EST – Sharing Data (90 minute Webinar)

This module will focus on the school official exception and data sharing agreements. We will also evaluate best practices in drafting data sharing agreements, determine what data sharing elements are required, and what data sharing elements are recommended. Participants will develop template data sharing agreements and add them to their portfolio.

July 16th, 1PM-2:30 EST – Managing Third Parties (90 minute Webinar)

This module will cover the use of edtech tools. We will discuss how to evaluate edtech tools for compliance with federal laws and best practices. We will also explore existing resources to assist with evaluation of tools and methods for helping educators in their selection of edtech tools. Participants will develop guidance for teachers when adopting and using edtech tools to add to their portfolio.

August 20th, 1PM-2:30 EST  – Safeguarding Data Security (90 minute Webinar)

This module will cover both physical and logical data security at a high level. We will provide an overview of actual and potential risks of data security compromises and review best practices as well as possible policies and procedures to protect student data. Participants will build elements into their action plan and portfolio that address data security.

September 17th, 1PM-2:30 EST , – Establishing Data Governance

This module will draw the connection between privacy and data governance. We will review data governance elements and explore model policies and practices. Participants will build out their action plan leveraging these exemplars.

October 15th, 1PM-2:30 EST  – Practicing Transparency & Building Trust (90 minute Webinar)

Transparency is critical to building trust. This module will discuss what transparency looks like, explore the benefits of transparency, and review model strategies for building transparency and trust with stakeholders. Participants will evaluate the level of need for transparency in their environment and will build out specific steps to address transparency in their action plan.

November (DATE and Location TBD) – Closing Workshop 

Attendance: Participants are required to be present during the two opening and closing workshops in February and November. Participants are also required to attend six of the eight webinars. Participants unable to attend the in-person workshops or webinars must complete the makeup activities; however, participants cannot complete makeup activities if they miss more than 75% of the trainings. Please talk to us if you have a special situation that requires accommodations.

Activities: Participants will be asked to complete both individual activities and group activities each month. We estimate the activities will take no more than four hours per month. Participants are required to complete approximately 80% of the activities (can miss four activities).

Action Plan: As a final project, participants will complete a detailed action plan to provide student privacy support and trainings in their sphere of influence. The action plan will include a portfolio of resources, both created as part of the program and by the participant, that they will be able to leverage for trainings. 

Trainings/Presentations: Participants will put into action what they have learned through the program to become an active voice in communicating about the importance of protecting student privacy. Recognizing the diverse audiences participants have access to, they may choose to present at conferences, train staff, train SEAs/LEAs, and/or engage in other means of formal communication to share their student privacy expertise. 

Kim Nesmith currently serves as the Data Governance, Privacy, and EdTech Director for the Louisiana Department of Education where she works cross-functionally throughout the Department to implement long-term strategies focused on coordinating and aligning data collection, storage, and use as well as ensuring the privacy of student and teacher data. While serving at the Louisiana Department of Education, Kim has established a data governance system that includes data access and management policies, privacy trainings, and data release processes. After establishing these policies and processes, Kim trained and provided resources for Louisiana’s school systems to do the same. Kim also oversees all data-sharing agreements, monitors releases of data, and provides guidance regarding compliance to the strictest student data privacy law in the nation. Working with multiple cross-agency teams, Kim represents the Department on the Statewide Data Governance Influence Group, the Governor’s subcabinet data sharing working group, and the legislative Technology Strategy Taskforce.

With a past service at the local school level, Kim brings eleven years of experience as a classroom teacher to her role in the Louisiana Department of Education. She taught technology courses such as multimedia, web mastering, and computer programming in a project-based learning environment, infusing the courses with as much core content as possible.