Select your state


online/internet safety

Online Safety Considerations for K-12 Schools and School Districts

The internet allows for access to information 24 hours a day, 7 days a week. For schools (public and private), the internet provides a vast number of resources and facilitates distance learning and collaboration between classes and students in different locations.

But along with the benefits of the internet come costs such as new threats to students. For example, criminals have extorted sexually explicit images from minors using social media and instances of cyberbullying have significantly increased. These incidents can lead to depression and anxiety, health complaints, and decreased academic performance by students.

Some protections for children online are provided by federal law and regulations, such as the Children’s Internet Protection Act (CIPA). CIPA aims to protect children from obscene or harmful content on the internet.

Schools or libraries that are eligible to receive discounts for telecommunications, internet access, or internal connections through the E-rate program (Universal Service Program for Schools and Libraries) must certify they have an internet safety policy that blocks or filters access to pictures that are obscene, child pornography, or harmful to minors. See 20 U.S.C. §9134; 47 U.S.C. §254.

Although CIPA may help prevent students from accessing inappropriate content on the internet, this will not protect students from the full range of online threats. Below is some information on the most common online threats facing students and what schools can do before, during, and after an incident.

Online Threats to Students

In addition to the threats that all users face when going online—such as computer viruses and email scams—students are at risk from the following:

• Cyberbullying. Cyberbullying is bullying that takes place over digital devices such as cell phones, computers, and tablets. Cyberbullying can occur through SMS, text, and mobile applications (apps) or online in social media, forums, or gaming where people can view, participate in, or share content. Cyberbullying includes sending, posting, or sharing negative, harmful, false, or mean content about someone else. It can include sharing personal or private information about someone else, causing embarrassment or humiliation. Some cyberbullying crosses the line into unlawful or criminal behavior.

• Inappropriate Content. Adolescents and children can unintentionally come into contact with inappropriate content, such as sexually explicit material. Unsolicited obscene materials can also be received electronically.

• Sexting. Sexting is the sharing and receiving of sexually explicit messages and nude or partially nude images via text messages or apps. Sexting, while commonly occurring off school grounds, also occurs on school property, with content being sent and viewed on cell phones. Of note is that possession of sexually explicit photos received by sexting can be considered a type of possession of child pornography from a legal perspective.

• Sextortion/Ransomware. Students may also become victim to sextortion, possibly via ransomware, if they engage in sexting. Sextortion occurs when someone threatens to distribute private and sensitive material if not provided with images of a sexual nature, sexual favors, or money. Ransomware is a particular form of computer malware in which perpetrators encrypt users’ files, then demand the payment of a ransom for users to regain access to their data. Ransomware can also include an element of extortion, in which the perpetrator threatens to publish data or (possibly sexually explicit) images if the victim does not do what the perpetrator wants, such as provide nude photos.

• Oversharing. Personal information that is sometimes shared by students includes their name, age, address, phone number, and Social Security number.

• Online Predation. Online predators put victims through the grooming process—a series of steps by which they build the victim’s trust by sympathizing with him or her or feigning common interests, after which they proceed to set up a face-to-face meeting with the victim and then move forward with manipulation and seduction.

Preparing for Online Threats to Students

Before an Incident

Schools and school districts can implement several cyber policies and procedures to help keep their students safe from online threats. These include the creation and implementation of responsible use policies to ensure that students are aware of appropriate online behavior, the use of filtering and blocking software at school to prevent access to inappropriate content, and education about the risks of being online and how to stay safe.

Responsible Use Policies (RUPs)

Schools and school districts are encouraged to develop an RUP—also known as an Acceptable Use Policy—before students are allowed to access the internet at school via a school device or the student’s personal device. A RUP is an agreement written in simple and accessible language among parents or guardians, students, and school personnel that outlines the terms of responsible use and consequences for misuse. Families are usually expected to acknowledge that their child(ren) will follow basic guidelines, and students agree to the standards laid out in the policy.

RUPs can cover issues such as expectations for online behavior, what resources can be accessed, academic integrity when using technology, and how student data and information will be used by the school. For example, the New York City Department of Education’s Internet Acceptable Use and Safety Policy provides a summary of the policy—including a hyperlink to an easy-to-read description for parents/guardians, teachers, and students—and principles for use, such as monitoring, privacy, prohibited uses of the internet systems, and filtering, among others.

Filtering and Blocking Content

One of the first ways to prevent students from accessing inappropriate content—either deliberately or accidentally—is for schools and school districts to use filtering and blocking software, which allows users access to only preapproved websites. Teachers and staff can help determine what sites should be blocked. Regular audits can also be conducted to ensure that appropriate online educational material can still be accessed and to determine if blocked sites should remain blocked.

Digital Citizenship

Schools and school districts are also encouraged to teach students what it means to be a responsible digital citizen as part of a broader strategy of promoting a positive school climate. A digital citizenship curriculum can include topics such as privacy and security, relationships and communication, cyberbullying and digital drama, digital footprints and reputation, self-image and identity, information literacy, and creative credit and copyright.

For example, a digital citizenship curriculum used by the K-12 school community may educate students in internet safety, privacy, relationships, cyberbullying, self-image, copyright rules, and other topics. Lessons should be age appropriate, address the most recent digital trends, and include topics such as the importance of making only constructive comments online.

Education and Training

Students, teachers, staff, and families can also be educated on online safety. Three sources of information are:

• Stop.Think.Connect. Campaign (; U.S. Department of Homeland Security) is a national awareness campaign that provides resources such as videos, a toolkit, and blogs to help raise the awareness of cyber threats and how to be safer online.

• NetSmartz® Worskhop (; National Center for Missing and Exploited Children® [NCMEC]) provides resources for parents and guardians, educators, and law enforcement with the goal of educating, engaging, and empowering children to recognize potential internet threats, talk to adults about risks, prevent themselves from being exploited, and report victimization to adults. Separate websites and resources are available for kids, tweens, and teens.

• OnGuard Online program (; Federal Trad,e Commission) provides instructional material for elementary and middle school teachers, high school teachers, and community educators and resources for parents on how to talk to their children about being online.

During and After an Incident

Students also need to be aware of what to do if they are a victim of an online threat. They can be encouraged to report threats to a teacher, a school counselor, another trusted adult, and the online service provider, if appropriate.

Students, teachers, and other members of the public can also contact NCMEC’s CyberTipline to report a concern by submitting an online report at or calling 1-800-843-5678. If somebody is in immediate danger or a crime may have been committed, students, teachers, and staff should contact the school resource officer, police officer, or local law enforcement.

In Texas, online safety considerations for K-12 schools and school districts are guided by both federal and state regulations. The Children’s Internet Protection Act (CIPA) is a federal law that requires schools and libraries to implement internet safety policies and to use filtering and blocking software to protect minors from exposure to inappropriate content online. Compliance with CIPA is tied to the receipt of E-rate program discounts. Texas schools are also expected to develop and enforce Responsible Use Policies (RUPs) to set clear expectations for online behavior and use of digital resources. These policies often include guidelines on cyberbullying, sexting, and the handling of personal information. Schools are encouraged to provide digital citizenship education to students, covering topics such as online privacy, cyberbullying, and responsible online communication. In the event of an online safety incident, Texas schools have protocols for reporting and responding, including the use of resources like the CyberTipline and local law enforcement. Additionally, educational campaigns such as Stop.Think.Connect., NetSmartz Workshop, and OnGuard Online offer resources for students, educators, and families to promote safer online practices.

Texas Statutes & Rules

Federal Statutes & Rules

Children’s Internet Protection Act (CIPA), 20 U.S.C. § 9134; 47 U.S.C. § 254
CIPA is a federal law enacted to address concerns about access to offensive content over the Internet on school and library computers.

CIPA imposes certain requirements on schools or libraries that receive discounts for Internet access or internal connections through the E-rate program – a program that makes certain communications services and products more affordable for eligible schools and libraries. Specifically, CIPA requires schools and libraries to certify that they have an Internet safety policy that includes technology protection measures. These measures must block or filter Internet access to pictures that are obscene, child pornography, or harmful to minors (for computers that are accessed by minors). Schools subject to CIPA are required to adopt and enforce a policy to monitor online activities of minors; and as required by the Protecting Children in the 21st Century Act, they must also educate minors about appropriate online behavior, including interacting with other individuals on social networking websites and in chat rooms, and cyberbullying awareness and response.

Protecting Children in the 21st Century Act
This Act complements CIPA by focusing on the educational aspects of online safety for minors.

The Protecting Children in the 21st Century Act requires schools to provide for educating minors about appropriate online behavior. This includes education on interacting with other individuals on social networking websites and in chat rooms, and cyberbullying awareness and response. The goal is to provide students with the knowledge and skills to navigate the online environment in a safe, responsible, and ethical manner. This education is often integrated into the school curriculum or presented through special assemblies, workshops, or parent-teacher meetings.

Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g; 34 CFR Part 99
FERPA protects the privacy of student education records and applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

FERPA gives parents certain rights with respect to their children's education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Schools must have written permission from the parent or eligible student to release any information from a student's education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions: school officials with legitimate educational interest; other schools to which a student is transferring; specified officials for audit or evaluation purposes; appropriate parties in connection with financial aid to a student; organizations conducting certain studies for or on behalf of the school; accrediting organizations; to comply with a judicial order or lawfully issued subpoena; appropriate officials in cases of health and safety emergencies; and state and local authorities, within a juvenile justice system, pursuant to specific State law.

Cyberbullying Prevention Act
While not a specific federal statute, various state laws address cyberbullying and related behaviors, and there have been proposals for federal legislation to specifically address cyberbullying.

The Cyberbullying Prevention Act is a proposed federal law that would make it a federal crime to cyberbully any person under the age of 18. The proposed legislation would make it illegal to use electronic communication to transmit interstate or foreign commerce any communication intended to coerce, intimidate, harass, or cause substantial emotional distress to a person. This would include communications through social media platforms, text messages, and other online mediums. The goal of such legislation is to provide a clear legal framework for the prevention of cyberbullying and to ensure that individuals engaging in such behavior can be held accountable under federal law. As of the knowledge cutoff date, this act has not been enacted, but it represents ongoing efforts to address cyberbullying at the federal level.

Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030
The CFAA is a federal statute that provides a legal framework for addressing crimes committed against computers, networks, and the data they contain.

The CFAA criminalizes various computer-related acts, such as unauthorized access to computer systems, obtaining information from a protected computer without authorization, and transmitting harmful code such as viruses. It also covers the transmission of threats, which can include certain forms of cyberbullying or online harassment. The Act is often used to prosecute hackers, but it can also apply to individuals who use computers or the Internet to commit acts of extortion, such as sextortion. Schools and school districts may refer to the CFAA when dealing with incidents involving unauthorized access to school computer systems or networks, or when students are involved in hacking activities.

Electronic Communications Privacy Act (ECPA), 18 U.S.C. §§ 2510-2522
The ECPA is a federal statute that addresses the interception and disclosure of electronic communications.

The ECPA prohibits the unauthorized interception, access, use, and disclosure of wire, oral, and electronic communications. This law is relevant to schools and school districts as it pertains to the privacy and security of electronic communications, including emails and online messages. It also provides protections against the unauthorized surveillance of electronic communications, which can be pertinent in cases of cyberbullying or online predation. Schools must ensure that any monitoring of student communications complies with ECPA provisions, and they may rely on this statute when taking action against individuals who illegally intercept or disclose students' electronic communications.