Wisconsin Pupil Records Privacy and Access Guide
Primary Law
Pupil records definitions, access rules, and disclosure limitations
Citation
Wisconsin Statutes Section 118.125 (Pupil records)
Official Text
https://docs.legis.wisconsin.gov/statutes/statutes/118/125
Overview
Wisconsin governs student privacy through its pupil records statute, which defines what counts as a pupil record and sets expectations for access, disclosure, and categories of records (including progress records and behavioral records). This framework is designed to work alongside federal FERPA concepts while providing Wisconsin-specific definitions and procedures.
For districts, the practical outcome is role and request management: define who can access which record types, document disclosures, and ensure vendor access to student data is controlled through purpose limitation and security safeguards.
Applicability and Scope
Wisconsin's pupil records requirements are relevant whenever schools maintain records relating to individual pupils, including digital records stored in vendor-hosted platforms.
District teams commonly treat the statute as in-scope for:
- Student information systems, learning platforms, and assessment tools
- Health and counseling-related school records (as defined and categorized by the statute)
- Requests to access or disclose pupil records, including parent requests and inter-district transfers
Key Definitions That Matter Operationally
Wisconsin distinguishes between categories such as progress records and behavioral records, and it defines directory data. These categories affect what may be disclosed, to whom, and under what conditions. Districts should ensure staff understand how a record is classified before responding to a request.
Access and Disclosure Controls
Wisconsin places limits on who may access pupil records and under what circumstances. Districts should be prepared to apply consistent controls across both paper and electronic systems.
Practical controls commonly include:
- Role-based permissions in systems so staff see only the students and record types needed for their duties
- Documented procedures for parent access requests and for corrections or disputes when applicable
- Careful handling of disclosures to third parties, including vendors, with clear written terms
Vendor-Hosted Records and Security Practices
While the statute addresses pupil records generally, modern compliance depends on vendor governance. Districts should ensure that edtech vendors handling pupil records are limited to the authorized educational purpose and that the vendor provides reasonable security safeguards, incident response commitments, and retention or deletion controls.
How Can EdPrivacy Help Wisconsin Schools
Wisconsin districts benefit from having a reliable system of record for which apps are approved, what student data they touch, and what access and disclosure rules apply. EdPrivacy helps districts centralize vendor documentation and approvals so teams can respond consistently to privacy and pupil record questions.
The platform helps districts:
- Keep an inventory of district-used apps and flag which ones store pupil records or directory data
- Store DPAs, vendor terms, and security documentation alongside approval decisions
- Document record classification and disclosure constraints tied to district policy and Wisconsin requirements
- Track vendor changes and trigger re-review when data use, integrations, or terms shift
Summary
Wisconsin districts should be prepared to:
- Apply Wisconsin pupil record definitions consistently when responding to requests
- Control access through role-based permissions and documented disclosure workflows
- Govern vendor access with written terms, security safeguards, and data lifecycle expectations
- Maintain ongoing documentation so privacy oversight stays consistent across many tools
Wisconsin Statutes Section 118.125 supports a structured approach to protecting pupil records by combining clear definitions with practical access and disclosure controls.