Skip to content

References: Privacy, Compliance, and Organizational Context

<<<<<<< HEAD 1. Family Educational Rights and Privacy Act (FERPA) - Wikipedia - Comprehensive overview of the US student-privacy law that constrains K-12 and higher-ed xAPI deployments, including the school-official exception.

  1. Children's Online Privacy Protection Act (COPPA) - Wikipedia - The under-13 privacy regulation in the US, with the parental-consent and verifiable-consent requirements that shape K-12 actor identification.

  2. General Data Protection Regulation (GDPR) - Wikipedia - Detailed coverage of the EU's data-protection regulation, including data-subject rights, lawful-basis requirements, and cross-border transfer constraints.

  3. The Privacy Engineer's Manifesto - Michelle Finneran Dennedy, Jonathan Fox & Thomas R. Finneran - Apress - Foundational text on building privacy into systems by design; chapters on PII inventory, retention, and re-identification risk apply directly to xAPI statement design.

  4. Data Privacy: A Runbook for Engineers - Nishant Bhajaria - Manning - Practical engineering guidance on PII discovery, pseudonymization, and audit-log design; the case studies match the patterns this chapter recommends for xAPI.

  5. U.S. Department of Education — Student Privacy Policy Office - U.S. Department of Education - Authoritative US government resource on FERPA, with case studies, FAQs, and model contracts relevant to school-district xAPI deployments.

  6. European Data Protection Board - EDPB - Official EU guidance on GDPR application, including the binding decisions and guidelines that affect cross-border xAPI data flows.

  7. FTC COPPA Compliance Guide - U.S. Federal Trade Commission - The FTC's own FAQ on COPPA, including the verifiable-parental-consent methods most relevant to under-13 textbook deployments.

  8. NIST Privacy Framework - U.S. National Institute of Standards and Technology - Voluntary framework for managing privacy risk, with mappings to security controls that an LRS operator can adopt.

10. Future of Privacy Forum — Education Resources - Future of Privacy Forum - Industry-and-academia think tank with K-12 and higher-ed privacy guidance specifically focused on edtech deployments.

  1. Family Educational Rights and Privacy Act - Wikipedia - The U.S. federal law governing student records that shapes what an xAPI deployment in K-12 or higher ed can store, who can access it, and how long it can be retained.

  2. Children's Online Privacy Protection Act - Wikipedia - The U.S. law governing data collection from learners under 13, with parental-consent and data-minimization rules that directly constrain xAPI Actor design and result extensions.

  3. General Data Protection Regulation - Wikipedia - The EU regulation that governs any xAPI deployment touching European learners; explains lawful basis, the right to erasure, and the data-protection-by-design principle this chapter operationalizes.

  4. Student Data Privacy: Building a School Compliance Program - Linnette Attai - Rowman & Littlefield - Practitioner guide to the K-12 privacy compliance program that an xAPI deployment must fit inside, including vendor-management and consent workflows.

  5. The Algorithmic Foundations of Differential Privacy - Cynthia Dwork and Aaron Roth - Now Publishers - The technical foundation for privacy-preserving analytics; relevant when an xAPI deployment publishes aggregate statistics from a small cohort and needs mathematical guarantees against re-identification.

  6. U.S. Department of Education FERPA Resources - U.S. Department of Education - The Privacy Technical Assistance Center hub for FERPA guidance, model agreements, and the K-12 vendor-management resources this chapter's compliance checklist draws from.

  7. FTC COPPA Guidance for Operators - U.S. Federal Trade Commission - Authoritative FTC guidance on COPPA compliance for online services; covers verifiable parental consent, the safe-harbor program, and the Actor-identifier patterns that meet the rule.

  8. ICO Guide to the GDPR - UK Information Commissioner's Office - The most accessible regulator-published GDPR guide; the children's-data and education sections shape what an xAPI deployment can lawfully capture in the UK and EU.

  9. Privacy Patterns Catalog - Privacy by Design Foundation - Catalog of design patterns (pseudonymization, data-minimization, purpose-limitation) that operationalize "privacy by design" in xAPI Actor and extension design.

  10. Future of Privacy Forum — Student Privacy - Future of Privacy Forum - Research and policy-tracking hub for U.S. student-data privacy, including district-level case studies of LRS deployments and the contractual safeguards this chapter recommends.

    d2ecc9b (iframe updates)