District CIOs need to have a complete understanding of a district’s legal obligations to protect student data as more student information is stored with online, third-party providers and parents’ privacy concerns reach new heights, technology experts say.
Some 89 percent of adults are concerned that third-party providers will use students’ personal data for marketing purposes, according to a new survey.
“Personal data in education should be used only for educational purposes, not to sell students snack foods or video games,” said U.S. Secretary of Education Arne Duncan at a February conference hosted by Common Sense Media, a nonprofit dedicated, in part, to helping students and educators navigate the digital world. “Both school systems and technology providers should have appropriate policies for how they handle data.”
That same month, the U.S. Department of Education’s Privacy Technical Assistance Center released a document of best practices for protecting student privacy while using online educational services, available online.
Under federal law, schools must protect students’ education records and personal data. However, many of these privacy laws, including the Family Rights and Educational Privacy Act (FERPA), were drafted in the 1970s, before the rise of personal computers and data clouds. FERPA states that schools in most cases must have written permission from a parent or a student over the age of 18 to release any information from a student’s record.
But when administrators contract with a third-party vendor, such as Google, they also are subject to that vendor’s privacy policies, which may allow the use of a student’s demographic information or search history to target online ads, says Dalia Topelson, a clinical instructor at the Cyberlaw Clinic, part of the Harvard University Berkman Center for Internet & Society.
Most adults want tighter protection of student data, according to a national survey of 800 people conducted in January by Benenson Strategy Group for Common Sense Media. Some 74 percent of respondents said cloud-computing companies should not be allowed to target ads to students based on online search histories on school computers.
CIOs and technology staff need to understand what questions to ask vendors before storing information in the cloud, Topelson says.
Lawyers are one source for school leaders seeking guidance on privacy issues.
“Schools need to learn about what they can negotiate, and use their market power to get vendors to create more secure environments for kids,” Topelson says. “There needs to be some vocalization to these technology companies that the value for this isn’t big data because we’re talking about a vulnerable population. The value is a huge market of schools that are willing to pay for a secure product.”
More at tiny.cc/StudentPrivacy.