Skip to content

References: Privacy, Compliance, and Organizational Context

  1. Family Educational Rights and Privacy Act - Wikipedia - The U.S. federal law governing student records that shapes what an xAPI deployment in K-12 or higher ed can store, who can access it, and how long it can be retained.

  2. Children's Online Privacy Protection Act - Wikipedia - The U.S. law governing data collection from learners under 13, with parental-consent and data-minimization rules that directly constrain xAPI Actor design and result extensions.

  3. General Data Protection Regulation - Wikipedia - The EU regulation that governs any xAPI deployment touching European learners; explains lawful basis, the right to erasure, and the data-protection-by-design principle this chapter operationalizes.

  4. Student Data Privacy: Building a School Compliance Program - Linnette Attai - Rowman & Littlefield - Practitioner guide to the K-12 privacy compliance program that an xAPI deployment must fit inside, including vendor-management and consent workflows.

  5. The Algorithmic Foundations of Differential Privacy - Cynthia Dwork and Aaron Roth - Now Publishers - The technical foundation for privacy-preserving analytics; relevant when an xAPI deployment publishes aggregate statistics from a small cohort and needs mathematical guarantees against re-identification.

  6. U.S. Department of Education FERPA Resources - U.S. Department of Education - The Privacy Technical Assistance Center hub for FERPA guidance, model agreements, and the K-12 vendor-management resources this chapter's compliance checklist draws from.

  7. FTC COPPA Guidance for Operators - U.S. Federal Trade Commission - Authoritative FTC guidance on COPPA compliance for online services; covers verifiable parental consent, the safe-harbor program, and the Actor-identifier patterns that meet the rule.

  8. ICO Guide to the GDPR - UK Information Commissioner's Office - The most accessible regulator-published GDPR guide; the children's-data and education sections shape what an xAPI deployment can lawfully capture in the UK and EU.

  9. Privacy Patterns Catalog - Privacy by Design Foundation - Catalog of design patterns (pseudonymization, data-minimization, purpose-limitation) that operationalize "privacy by design" in xAPI Actor and extension design.

  10. Future of Privacy Forum — Student Privacy - Future of Privacy Forum - Research and policy-tracking hub for U.S. student-data privacy, including district-level case studies of LRS deployments and the contractual safeguards this chapter recommends.