You are here

CIO News

New laws strengthen protection of student data

New laws set rules for how districts should store this information, and for informing parents what data has been collected
When students use technology in the classroom, every keystroke creates a trail of digital information.
When students use technology in the classroom, every keystroke creates a trail of digital information.

States are ramping up student data privacy laws, with lawmakers in the 2014 legislative cycle passing 30 of 120 proposed bills aimed at protecting personal information.

The most comprehensive law was passed in California in September. It prohibits educational sites, apps and cloud services from selling or disclosing students’ personal information. The data also cannot be used to target advertising to students.

New Hampshire law prohibits students’ criminal records, email addresses and information about family members from being stored in a state-run educational database. A Florida law prevents districts from collecting unique biological data such as fingerprints or palm scans.

“To realize ed tech’s promise to transform education and increase school efficiency, you have to be sure students’ personal and sensitive information is kept private and secure,” says Joni Lupovitz, vice president of policy at Common Sense Media, a nonprofit that rates the safety of media and technology for students and families. “The goal is to help kids have a safe space to focus on learning, and not worry that their personal information is going to be used for some other purpose.”

Schools hold troves of sensitive information, including academic records, online assessments, attendance and discipline records, health and family financial information. Some laws set rules for how districts should store this information, and for informing parents what data has been collected and for what purpose.

When students use technology in the classroom, every keystroke creates a trail of digital information, Lupovitz says. Some parents fear vendors will create student profiles containing academic records and social media activity, and that the sale of this information to another party will impact college admissions or employment searches, she adds.

A December 2013 study from Fordham University found that fewer than 25 percent of cloud service agreements specify how student information can be used, and fewer than 7 percent of the contracts restrict the sale or marketing of student information by vendors.

Set up a privacy policy

New student privacy laws and policies need to ensure that data can still be used by trusted sources, says Reg Leichty, a policy consultant at CoSN.

“We want school leaders and policy makers to have access to the rich datasets that are needed to improve instruction and make decisions about how to guide schools,” Leichty says. “But that has to be balanced with the strong protections for personally identifiable student information.”

Administrators should have a thorough understanding of what data is being collected in their schools and why, Leichty says. And every district should have a comprehensive privacy policy governing data use, including:

  • A senior leadership team member responsible for student privacy policies.
  • Professional development to teach staff how to protect and use data.
  • Steps to ensure that personally identifiable data is properly secured.

Leichty expects more states to follow in California’s digital protection footsteps. “2015 will be a busy year for these privacy policy discussions,” he says.