Should we all opt out?


A new school year is just around the corner and my kids will be attending new schools. Not only am I excited about the school year ahead and the experiences of being in a new school, I am also curious to see what kind of Directory Information opt out forms we receive. Should we all opt out of Directory Information? This is certainly an opt out I would consider. It is a clear way for parents to control their children’s data and prevent Directory Information from being shared with third parties.

Opting out of directory information is probably the most misunderstood of opt outs. Directory Information can be anything from student’s name, address, telephone, and email address to weight and height of students, grade level and photographs. Directory Information opt out prevents your child’s personal information from being shared, for example the team roster with student names, a playbill for the school play or the Honor Roll listing in a newspaper. There are other ways opting out prevents Directory Information from being shared with third parties unknown to parents that could legally request this information, such as marketers. It’s important to keep in mind that a school can’t just decide to share this information. Schools have to officially declare which information they consider to be directory information and then they have to notify parents of their right to opt out of sharing this information.

However, as with any privacy and or legal discussion there is the other side of the argument. If you opt out your child’s information, there could be certain opportunities forgone, outside school program opportunities or in the case of High School kids, scholarship opportunities or other university or college correspondence they will not receive when opting out of Directory Information. Further, student’s information will not be listed in the school directory and other families will not have access to phone numbers or emails, for example, unless you provide them directly to whomever is interested in connecting. So the decision to opt out needs to be done based on what works best for each family. Also worth noting is what opting out of Directory Information doesn’t do – it doesn’t prevent students from participating in testing or other education mandated activities. This opt out only applies to schools providing information to other parties outside the school.

How did this option of opting out come into being? Well, FERPA, the Family Educational Rights and Privacy Act, was enacted in 1974 to ensure parents had access to their children’s educational records and to protect the privacy of this sensitive information. As a parent or guardian, you have the right to inspect your children’s records, request corrections be made and opt out of your school sharing Directory Information with third parties. Under FERPA, parents and students have the right to tell schools they cannot share their directory information with a third party.

It’s relatively simple to opt out (although finding the opt out forms on a school website can be nearly impossible). You can request a Directory Information opt out form from your child’s school, fill it out and return it to the school. And the best time to request the opt out form is at the beginning of the school year before schools begin to share information with third party providers.

If your school doesn’t have a FERPA form, you can download one here

The World Privacy Forum recently released a great video explaining why it’s important to #optout. Check it out here!

There are many other resources for FERPA Opt out information such as the National Opt-Out Campaign and of course our own FERPA|Sherpa (more shameless plugs)!

Wishing all the students going back to school all the best for a most fantastic (and private) school year!






Is student data really daunting?


Should we be afraid of student data? More often than not, the conversations around student data revolve around security and privacy concerns. What will happen if there is a data breach? What about security? Are we safekeeping student data adequately? But the reality is that student data is exciting. There is value in data that allows us to help students in ways we otherwise couldn’t.

I am not discounting the concerns surrounding student data privacy, but as Kerry Gallagher points out in her blog “Why is student data both exciting and daunting?” we need to ask ourselves what is the acceptable risk we should be willing to take in order to gain value out of data and protect student privacy.

Kerry Gallagher is a Technology Integration Specialist at a 1:1 iPad school serving 1500 students grades 6-12. She taught middle and high school history in Bring Your Own Device environments for 13 years and writes a blog called Start with a Question.

Kerry discusses a report recently published by the Berkman Center for Internet and Society at Harvard University titled “Student Privacy: The Next Frontier”. One of the main points made is that the conversation around student privacy needs to be balanced and include all parties involved in student data. Both Kerry and the Berkman study point to the exclusion of student voices in the debate. We often ignore or dismiss students in conversations and we must continue to advocate for the inclusion of student voices in the debate surrounding their privacy. After all, students are the generators of the data points we are fiercely trying to protect, we owe it to them to include them in the conversation and allow them to teach us what data privacy means to them. Students bring different backgrounds and perspectives we can often oversee. If we bring student voice into the debate and acknowledge learner ownership of data, our conversations will turn to discussing pedagogical issues surrounding student use of data and privacy and we will more readily acknowledge the student experience and the expectations they have in their educational outcomes.

You can read Kerry Gallagher’s post here –

AND Kerry will be a panelist at the 2015 National Student Privacy Symposium in September which promises to be a great event (shameless plug). You can register for the symposium here –

Hope to see you all at the Symposium!


When privacy becomes too private


Is it possible that in our effort to protect our kid’s privacy we make it too private? Let me put it this way, what happens when we make privacy laws so restrictive that someone can go to jail for using their information? Well, it has happened in Louisiana and the law basically states that if you put two pieces of PII (personally identifiable information) where you can identify a student you are in violation of the statute and can get up to six months in jail and a $10,000 fine. How will this impact the educational resources available to our children?

Recently, a couple of articles like this one and this one got me thinking about the unintended consequences of restrictive privacy laws.  Because, really, when we talk about student data privacy our first reaction is to advocate for fines and penalties that would deter anyone from abusing student information. However, what happens when a teacher inadvertently shares information for the honor roll, for example. Could that teacher go to jail? Or what about yearbooks? More importantly, what if student information can’t be shared and a college scholarship deserving student can’t get the coveted scholarship because he/she can’t be identified? The key is balance. Balance when we talk about privacy. Balance when we draft legislation to protect student information. Should student information be freely shared? No, absolutely not. But should teachers and schools be allowed to conduct school business and help students based on the information they have? Yes, absolutely.

We still have a long way to go in finding the right balance when drafting legislation to protect student privacy. There isn’t a right or wrong answer to the question of how restrictive, or not, privacy laws ought to be when it comes to students. But we certainly have to remember that there is value in data. Without good data we cannot help students in a comprehensive way and we certainly cannot address issues of inequity if we cannot share information about the disparities in our educational systems. And we must look at all the different aspects of student data privacy – is a law protecting data when used in apps but not allowing for teachers to share information? Is a different law allowing parents to opt out their kid’s information from valuable aggregate data sets? Parents should certainly be allowed to opt out of directory information but aggregate data is useful when assessing school district performance, for example.

That is what makes the student data privacy debate so interesting. It is complicated at best and messy at its worst. It is complex and multifaceted. And I don’t think there is anything wrong with that, but we need to be aware of all the risks. It’s difficult to come to a consensus on what is the best privacy law. We must recognize that as we legislate what should and should not be allowed, the law must protect students so that we can provide them with the best education possible.

The Louisiana legislature addressed the issue and corrected it. That is a step in the right direction, but as more and more student privacy bills make their way through our system we must be cognizant of the unintended consequences we might bring upon ourselves when trying to work on making privacy more private.



Having the Talk?


The new school year is about to start and so is the season when parents are posting pictures on social media of their adorable moppets going back to school. But in today’s connected world their pictures can circulate the online world to a wide audience instead of going into a hardcopy scrapbook only to be shared with grandma. And what do kids think of their pictures and anecdotes being shared online? What do they think about privacy? Their privacy? What are their ideas of being private in a connected world?

Most of us share information about our kids because we are proud, because we want the world to know that it’s their first day of school or they did something silly that we think is funny. But we need to stop and think what are we teaching our kids about privacy and how do we teach them to be smart about protecting their privacy. Eventually, kids will have a tremendous digital catalog of their information. So I think it’s never too early to have “the privacy talk” with kids. Because preparing the next generation to protect their privacy, means teaching our kids now what they can do to protect themselves tomorrow.

I recently read an article on college campuses scanning students’ eyeballs instead of their student ID’s. And even though the scanning is voluntary, it would behoove us to discuss the implications of such retinal scan. And this is a time when having empowered students to advocate for their privacy is essential. Some students described this program as “creepy and unnecessary” and they have a right to feel that way but it seems that few knew they could decline being scanned or that they should.

So as we take pictures of our adorable little kids, we need to keep in mind how we are preparing them to advocate for their privacy. There are a few resources we can turn to in order to help us have “the talk” with our kids.

Connect Safely has an ever growing collection of clearly written guidebooks that help us discern the different apps, services and different platforms that are popular with kids and teenagers.

iKeepSafe is one of my favorite resources. They have a section dedicated to parents including a “Parent’s guide to Facebook.” Maybe now I can keep up with my kids…..seriously.

The Family Online Safety Institute, commonly referred to as FOSI has a great digital parenting guide, you can search for resources by age group and they have a great “Seven Steps to Good Digital Parenting” guide.

Common Sense Media has information to help kids (and parents) navigate the world of media and technology. When it comes to privacy and internet safety they have tips and tools for all of us. I particularly like the section about good usernames, passwords and what is appropriate to share.

The FTC has a portal on kid’s online safety too! It has great information on how to talk to kids about privacy and how to talk to kids on using social media and the benefits and risks of socializing online and how to make responsible decisions.

We can’t assume that because they let us take their picture and they are our kids we have their implied consent. We need to make sure that this is what they really want to show to the world. And if we can’t, at a minimum we should allow them to decide what to keep and what to exclude from their digital record. Having the privacy talk with our kids will help them protect those experiences that are personal and decide what the world can know about them. We need to all be responsible about their digital catalog. Technology and apps have given us a tremendous insight into our own lives but also to the lives of others and as we collect this data we need to be aware of what it means to create that history online.



Student Data Privacy in Real Life


“We need to safeguard student data.” But how do we do this and what does it mean to use student data? The Ed-Fi Alliance, an organization dedicated to advancing the education technology sector and advocating for the responsible use of data to improve student achievement and teacher satisfaction, is publishing a series of posts on its website on strong data privacy practices. What is appealing in this series is that they are providing real-world examples and practical situations we can learn from.

There is nothing simple about student data privacy. The issue is so multifaceted and complex we continue to struggle with determining what is the ultimate student data privacy protection. However, this latest Ed-Fi blog’s post features Lenny Schad, Chief Technology Information Officer for the Houston Independent School District. He is an advocate for data-driven learning environments but more importantly, he is well aware of the importance of student data privacy protections and implementing a robust technology infrastructure to protect such data.

The conversations about student data privacy are important but reading about real life experiences implementing data privacy and security protections provides an entire new perspective to the topic.

Mr. Schad shared five essential best practices for district leaders to adopt:

  1. Build awareness among educators
  2. Strengthen technical solutions by consolidating and securing resources
  3. Strengthen educators’ role in the student data security chain through formal training and resources
  4. Enlist vendors as data protection partners
  5. Get started now and keep going


How do we keep going? There are a number of resources available, among them the Future of Privacy ForumCommon Sense Media, iKeepSafe and Consortium on School Networking (CoSN).


It’s a good read for anyone involved in student data but particularly for school districts.

You can read the entire post here –


Enjoy reading!



And the Senate follows suit


It might be summer, but things are certainly not slowing down in education and student privacy. Last week the Senate, following the House’s vote, passed a rewrite of the ESEA by a pretty big 81-17 margin. This is significant in the fact that the ESEA reauthorization gives us an opportunity to purposely use student data to help us all (parents, students, schools, policymakers) make informed decisions about our children’s education. I find it particularly interesting that lawmakers are taking such a keen interest in student data and privacy but I do hope that the intent is to promote the effective use of data and not hinder its use.

In addition to the ESEA, there are several other bills from both House and Senate about student privacy, and what caught my attention is that for the most part, the focus is on protecting student data while at the same time allowing for the use of data and technology. For example, Sen. Richard Blumenthal (D-Conn) and Sen. Steve Daines (R-Mont) introduced the SAFE KIDS Act. What this Act would do is prohibit ed-tech companies from selling student data, using the information for targeted advertising or disclosing information to unapproved third parties. Noteworthy in this bill is that it requires providers of services to publicly disclose their privacy policies and provide notice before making material changes to such policies. What I would very much like is a provision asking for such privacy policies to be written concisely and in plain simple language so that we can all understand them but….wishful thinking….

In short, the SAFE KIDS Act would provide student data protections without discouraging service providers from creating innovative educational products that could help improve student learning and teaching. But while all these protections and collaborative efforts are important, we fall short if we continue to fail to include student voices in the process. We must acknowledge that the use of data in education is not only for apps and ed-tech products to be developed and used. Student voices need to be heard when groups of learners are being discriminated against because of the lack of student data. You see, educational data is not only about one student or a group of students and their educational achievements or use of technology. Educational data can help us identify students that need help in different areas and help facilitate the diversion of services to them, for example how are homeless children or those in foster care doing in school? Are we providing adequate support services for them to increase the graduation rates in this vulnerable group? What can we, as a society, do to support children who need additional resources so that we can provide to them the best education possible and the opportunity of success in their future? How are we analyzing the outcomes of different groups of students, and are we providing the services they require? All of these would not be possible without student data.

I encourage lawmakers to continue to work on protecting student privacy as it will only help further the debate and encourage others to follow suit. I appreciate the trend different bills are promoting in encouraging tech companies to voluntarily agree to a pledge to protect student information. They are all important efforts but we cannot forget that there is a greater purpose in protecting student data – and that is helping all students not just a few.

As the summer continues and the new school year approaches, I couldn’t think of better summer reading than the different bills proposed to protect student privacy. All children deserve the right to reach their full potential, but we can only help do so with complete information at our disposal. It can be done, we just need to be smart about it.



The importance of good data

For the first time since 2001, the U.S. House of Representatives debated and passed the reauthorization of the Elementary and Secondary Education Act. As a parent who is looking to have more robust information on my children’s education I find the reauthorization particularly interesting. Mostly because the ESEA requirement of 2002 was to provide disaggregate data to the public so that we could have better insights into schools’ academic performance. And we can argue the merits of standardized testing and whether the data collected is being used in the most effective way, but what I believe is critical is that parents have access to this data, a comprehensive set of information of their children’s education. Something that is still not possible in many states. All states have a state longitudinal data system but few (a handful maybe) can provide this information to parents and students so that we can all make informed decisions.

I think we can all agree that an updated law is necessary to provide students in America with opportunities for growth. But we cannot do so without the right information in our hands. For example, the Colorado Growth Model provides both student specific sets to parents and teachers to guide their decision making and to the public at large in an aggregate form so we can get an accurate picture of school performance. The information these data sets provide has tremendous potential. It can identify groups of vulnerable learners that are being left behind as well as provide parents with information to help their children in areas in which they may be struggling.

As the debates over ESEA continue, we must recognize that we cannot effectively help students without the correct information. We should not reduce the amount of information at our disposal. Big data sets are helpful and can identify how well certain groups of students are doing, or not. They can help us understand the impact that different policies have on schools and allow us to correct course. Robust information empowers students and parents to advocate for themselves. None of this would be possible without data.

Rather than advocating for less data collected, lets advocate for good data sets. Data that is collected purposely and kept safe and private but that is given back to students, parents and the community at large to make informed decisions about our educational system. We cannot afford to know less about student learning.

I am looking forward to following how the debate over ESEA continues but I do hope everyone recognizes the importance of data and how useful it can be in helping student learning.

And seriously, we should all be demanding evidence that all our students are learning. Isn’t that what matters at the end of the day?


A new data portal for students

Finally a new student data website that delivers better information on students? I was excited, thrilled actually, to learn that in New York City, parents of students in public schools would be able to view their children’s educational records (and information) on a new website replacing the previous ARIS data system. So I promptly made an appointment to go to my kid’s school to request a login and temporary password to access my children’s information.

Information in hand I quickly setup my login so that I could test drive this new data portal. NYC schools says the new portal is designed internally for less than $2 million and is expected to cost under $4 million for further development over the next four years. So what did I find? The portal has my kid’s name, address, last term’s grades and attendance. No more. As the parent of two children in elementary school (three kids actually but the third is not yet school age), I want comprehensive information on how my children are doing in school. I know where they live and how many days they have been absent. But what I do not have access to is how my children have progressed over time. There is no linked data through their school years. I know my 11 yr old has a good grade in math but what are his weaknesses and strengths? Where can he use some extra help and what can linked data tell his teacher about him next year? Unfortunately the new portal does not have any of this information.

The NYC DOE promises that at the end of the school year, report cards will go online and that test scores will be added once the state releases them. Previous year scores and test grades are expected to be added later in the year. But what the NYC DOE does not specify is if parents will have access to data analytics. If the portal will deliver more than a report card.

I was hoping for a robust buildout, a data portal that would extract the valuable student data that is most likely sitting in a black box somewhere in school. I understand more features will be added as the portal is expanded but unfortunately the kids continue to grow and study. We can’t afford to wait for a buildout. There is value in data but it is only valuable if we can have access to it.

I hope that over the next few months the portal will have added features, in particular features that provide valuable information that allows us to answer questions about our kid’s education and their progress. I would certainly love to have information on teacher assessments, curriculum, reporting and analysis of my child’s education. The portal has a section for parent comments and I’m certainly entering my wish list.


What does it take to protect student privacy?


We often discuss privacy in terms of what needs to be done to protect student data but the thing that has become clear in my conversations with different stakeholders is the need to focus on providing training and awareness to everyone involved in working with student data. In particular, teachers and school administrators.

Though there are numerous federal and state laws that regulate privacy and we are slowly building a greater awareness of what we need to do to increase protections for student data, I feel that we are often missing the point in these debates and conversations. There seems to be more information shared about students than ever before. Sometimes, teachers with all the good intentions breach a student’s privacy revealing deep personal details about their students. And even though this point is important, there is an even greater need for teachers and school administrators to understand that student data can be leaked, because of a mistake or misunderstanding on the implications of disclosing student data. Disclosing student data can hurt students. If a teacher is discussing a student, or group of students, struggling with certain issues then that student’s privacy was not protected. And failure to respond to these incidents can damage the relationship between teachers, parents, schools, etc. The trust we need to build upon is lost.

Privacy “accidents” happen, but we need to invest in educating schools on what are adequate privacy protections, what are best practices for discussing student information and protecting their privacy so they do not happen unnecessarily. There are a number of privacy best practices across other industries in which employees are trained. We need to have this structure available to schools. If we are going to invest time and funding to develop laws at the Federal and State level, we need to invest in “privacy education” for educational institutions. We must be able to explain in clear and easy terms – what does it mean to protect student privacy, what issues schools need to be educated on and why it matters. Recently the US DOE created PTAC – the best source for government guidance to learn about data privacy and of course the one stop shop for all things on student privacy and ed-tech FERPA|Sherpa (shameless plug). These are great resource, full of important information and videos, but I believe we need to be able to give teachers a support system that will enable and encourage them to learn more about privacy. We can’t just leave it up to them and hope schools are taking privacy seriously.

We leave our children in the care of teachers whom we trust. They are charged with making good decisions on behalf of our children. To do so, they require our support.



What is PPRA? Another student data privacy law


We hear a lot of conversation around FERPA and the need to update the law but there is another law that protects student privacy that has a different purpose, yet is no less important. That law is PPRA, the Protection of Pupil Rights Amendment. Both laws are important in that they provide protections for student privacy but they are different.

FERPA protects student educational records and ensures parental access to these records. It allows for a system enabling parents (or students) to correct inaccuracies in their records. FERPA also provides guidelines for who has access to these records and gives students the means to opt out of directory information (name, address, school clubs, etc.) that may be disclosed without consent unless a parent opts out of this disclosure.

But PPRA is completely different. PPRA’s purpose is to allow parents to limit the kind of personal information that a school may collect from students. For example, this information can be collected as part of surveys, physical examinations, or certain evaluations. The law requires that schools obtain written consent from parents when students are required to participate in any U.S. Department of Education funded survey, analysis, or evaluation. A simple way to understand the difference between FERPA and PPRA is that FERPA protects information the school already has on record and PPRA protects information that schools do not have but can collect for surveys.

It is worthwhile to clarify that the law applies to U.S. Dept of Ed funded surveys. Not all surveys that come home are necessarily funded by the USDOE. However, in 2001 NCLB expanded PPRA to include all applicable surveys in public schools, not just those funded by U.S. Dept of Ed funds in 8 protected categories:

  1. political affiliations or beliefs of the student or the student’s parent;
  2. mental or psychological problems of the student or the student’s family;
  3. sex behavior or attitudes;
  4. illegal, anti-social, self-incriminating, or demeaning behavior;
  5. critical appraisals of other individuals with whom respondents have close family relationships;
  6. legally recognized privileged or analogous relationships, such as those of lawyers, physicians, and ministers;
  7. religious practices, affiliations, or beliefs of the student or student’s parent; or,
  8. income (other than that required by law to determine eligibility for participation in a program or for receiving financial assistance under such program).

In other words –

For surveys that contain questions from one or more of the eight protected areas that are not funded in whole or in part with Department funds, LEAs must notify a parent at least annually, at the beginning of the school year, of the specific or approximate date(s) of the survey and provide the parent with an opportunity to opt his or her child out of participating.  LEAs must also notify parents that they have the right to review, upon request, any instructional materials used in connection with any survey that concerns one or more of the eight protected areas and those used as part of the educational curriculum.

So while PPRA doesn’t cover all surveys it does cover surveys that collect information considered “intrusive”. What I also learned is that it appears that in these cases, the surveys require prior parental consent otherwise the school cannot collect information from that student. And this is truly an opt-in option as opposed to an opt-out one. And worth noting that PPRA also has some other key requirements, besides surveys that have received little attention. Such as requiring that all instructional material (besides tests) be available to parents for review and (c)(1)(E) requires that every school have a local policy concerning “the collection, disclosure, or use of personal information collected from students for the purpose of marketing or for selling that information (or otherwise providing that information to others for that purpose), including arrangements to protect student privacy that are provided by the agency in the event of such collection, disclosure, or use.”

While our first reaction is to opt out our children from any school survey we need to think about what we are opting out from. It is important to recognize that some of these surveys could provide valuable feedback to schools – are the right kids getting support, lunch assistance, or are our children being discriminated against because of their race or gender? These surveys could yield important information so that schools get adequate funding or professional assistance to address deficiencies that are identified. Of course, not all surveys’ goal is to identify this. Others could be just aimed at marketing or addressing issues that we are not comfortable providing our children’s information for. The process must be clear, the mechanism for opting out clear and easy in the event parents feel uncomfortable. Parents must know what the survey is for, who is conducting it, how it is funded, how their child’s privacy will be protected. If we can trust the information we are given regarding the survey we can trust that if we decide to provide this information it will be used for the benefit of our children, and that is important.

I am a big advocate of having data and using it purposely. There is value in information. But parents must be given the information needed so that we can make informed decisions and be comfortable when providing details, sometimes extremely personal details, about our children.