More and more, students are using technology in school, from learning apps to online forums to class websites. And understandably, there is growing concern as to the efficacy of the privacy measures in place and the adequacy of the laws protecting student information. In response to this concern, two weeks ago the Future of Privacy Forum (FPF) and the Software & Information Industry Association (SIIA) introduced the Student Privacy Pledge, which commits school service providers to the secure handling of data for K-12 students. But what does this really mean?
Basically the pledge holds accountable school service providers to the following –
- Not sell student information
- No behaviorally targeted advertising
- Use data for authorized education purposes only
- Not change privacy policies without notice and choice
- Enforce strict limits on data retention
- Support parental access to, and correction of errors in, their children’s information
- Provide comprehensive security standards
- Be transparent about collection and use of data
As of today, 32 school service providers made the pledge to keep data secure and private. You can see the list here. This pledge comes at a point where, according to trade group estimates, the pre-K – 12 education sector generates approximately $7.9 billion annually. Schools are increasingly adopting data driven technologies for learning apps and software; technology that needs student data to operate efficiently. The revenue generating numbers obviously create skepticism that the pledge is an empty set of words and a mere PR move by companies because it is not a legally binding document. But if companies violate their own public representations they could be subject to enforcement by the Federal Trade Commission under deceptive trade practices (Section 5 of the FTC Act). This is important. And though some might want to dismiss this, the FTC has charged companies with either deceptive or unfair practices. And even if there is no legal action against a company we know that a strong group of voices criticizing a company’s policies can create tremendous damage to a company’s reputation. Some call this “App Store death”. This pledge makes school service providers accountable for student’s data whether it is collected by the school and then passed to the vendor, or directly by the vendor via an app used by a student. By taking the pledge companies are making a public commitment to students, parents and schools to ensure the safe use of student information.
And while there is no substitute for a strong federal law, the pledge does address some of the weaknesses in FERPA. For example, the pledge applies to all student and personal data whether it is viewed as an “educational record” or not. It also applies whether the data is collected through the school or by the websites and the apps students use. It applies whether or not there is a formal contract with the school. The pledge promotes the transparency we have been asking for; transparency that is necessary to build trust amongst all stakeholders to ensure widespread participation. Parents and students have been stating, “don’t just say you are protecting student privacy, show us you are.” And as a parent, I encourage pledge signatories to do just that. For without it users will mistrust ed-tech products, hampering their adoption to the detriment of all.
I think the greatest value of the Student Privacy Pledge is that it establishes a common baseline of privacy principles that the ed-tech industry did not have before. Let’s use it to remind companies of the responsibility they have towards students, data and privacy. And while this does not create a uniform federal law or strengthen existing privacy laws, it provides a good framework for lawmakers and encourages dialogue between parents, ed-tech companies, schools and other stakeholders to ensure student data is safeguarded. As a parent, I appreciate a document stating a uniform commitment being issued by vendors in their role as stewards of student data.
I hope that this encourages other firms to sign on to the pledge to demonstrate their duty to be responsible data “citizens”. It is an interesting list of signatories. It is worth looking at who has and who has not signed on. And if not, why not?
The pledge goes effective January 2015 but it operates under a rolling admissions policy so companies can sign on to it at any time – no worries. If anybody needs a pen to sign on to the pledge, I have one you can borrow.
All parents want to keep their children safe and protecting their privacy falls under this premise. So when we talk about student data, a parent’s first reaction is “let me decide if I want my child’s information to be used by the school or not”; essentially deciding whether to opt out of data collection for school use. At first glance, the option of choice is obvious – let parents decide what data is collected about their children and what ought to remain private. But when we look at the issue more deeply we see it is not that simple. Not all data are created equal. If parents opt out, it can prevent schools from efficiently managing the day-to-day operations of such administrative tasks as dispensing free lunch to students and organizing bus routes. Furthermore, how will teachers help students learn without access to their histories, including detailed information about their special needs affecting their school performance?
We need to critically look at the implications of our choices and recognize that we cannot address privacy in education in a vacuum. The issues of equity and discrimination in our schools today cannot be addressed without adequate information. We must be able to clearly determine whether we are truly serving our students. How can parents be assured that our schools are addressing these issues if they have incomplete data sets? Providing parents with consent forms for every data collection issue in school runs the risk to protect some but not all. And we shouldn’t ask parents to be privacy auditors either. What if a parent cannot understand a complex school contract or simply does not have time to read it? We risk excluding students from beneficial educational programs and therapies, if information about them is not in the system. When wealthy parents fight to protect their children’s privacy, because their children have access to the same (or better) technology at home, they may in effect deprive lower income families of such access, since their only access to such technology is in school. We need to critically examine the role of consent and question how in our attempts to protect the privacy of some we leave others behind.
Which takes us back to student ownership of their data. As we continue to have conversations of privacy and consent on data collection we must shift our focus to include students in the decision making process. If we do not do that, we relegate them to being passive participants in their education in which education and privacy becomes something that happens to students instead of something that belongs to them. For it is their education, that is at stake. And the opportunities open to them over the rest of their lives will depend on the quality of the education they receive as children.
All students deserve the right to privacy but they also deserve access to the best education possible. If parents do not give consent to information being collected about students what opportunities are we inadvertently denying our children? It is their information – their education, and in making decisions whether asking for parental consent or not, we must make them with all students in mind.
California’s new student privacy law – A law that protects student data privacy and fosters technological innovation?
The Student Online Personal Information Protection Act (SOPIPA) or SB1177 was signed into law last week. It has been called the first in the nation law that strengthens privacy protections for the personal information of California students while permitting innovation in education and technology. There have been many student data privacy laws enacted in recent legislative sessions but many focus on either restricting the types of data collected or mandating states and/or school districts improve their governance and infrastructure to safeguard student information. But asking a school district to improve its infrastructure is easier said than done, especially without supplying the funds for implementation. And restricting data collection can veer into the path of limiting school operations and fail to serve its students.
SOPIPA is interesting in that the law places the responsibility for ensuring student data privacy on the ed-tech industry. It directly addresses the way online service providers and apps can collect and use student data. It is important to recognize that software applications need to collect data in order to personalize the service students receive but also to maintain student records for teachers to keep track of grades, student progress, reading records etc. It is also worth noting that the new law allows these service providers to use the data they have to improve their products but they cannot use the information for targeted or “behavioral” advertising. The law does not unnecessarily impede the use of data and technology, which can stall under more restrictive laws. This is what I find of great importance. This premise fosters innovation in education technologies by enabling service providers to use the de-identified data at their disposal to develop products beneficial to all.
There are also some points that require clarification. For example, what does the law define as “k-12 purposes”? Besides the services used in schools does the term include apps used outside of school by students without the school’s knowledge? And even though COPPA applies to apps generally used by the “under 13” crowd does SOPIPA protect students’ data when they use apps outside of school but the app is an “educational” one? I don’t believe this is addressed, and if it’s not, it is inadvertently creating a grey area of how student data is protected in these cases. This is where an update of FERPA and a well-delineated Federal standard is necessary. There needs to be a blanket Federal Standard that will address these issues when necessary and eliminate ambiguity as much as possible.
SOPIPA is a significant step forward. It provides a framework for stronger protections for student data and with a different (and interesting) approach than other state bills. It provides a good framework for other states to use, and I hope they do. I am encouraged to see the legislature promote collaboration, but we must not forget students in the process.
And don’t worry, there is time to debate this endlessly – the bill’s provisions will not take effect until January of 2016.
Kids love technology, it’s shiny, bright and does a lot of fancy things. In some schools technology has become as prevalent as pencil and paper. With the introduction of smartboards, computers and educational apps, technology has become a staple in schools throughout the country. It can be an important tool to help kids in school. Recently, I read an article about a 10th grader lamenting the lack of technology in the classroom. And while he made some valid points as to the usefulness of technology, the article read very much like a paid advertisement. He was a fervent advocate of using a tablet in school and how this made High School a fun experience. The excitement is contagious and I understand it. I have seen first-hand what adaptive technology can do to help students with disabilities. A child with dysgraphia can use a tablet to take a picture of the board instead of writing notes by hand. There are apps that can similarly serve to improve the educational experience of students with disabilities.
But we must take a step back and think critically how much technology is necessary to help students and that we are protecting their privacy when employing technology that compiles information about our students.
I am an advocate for using technology in schools. I do not advocate for increased screen time but quality screen time. So rather than collecting as much data as possible, I propose a smarter collection of data. And in our efforts to improve the available technology and products we must not allow students to become testers for these new products. Earlier this year, Common Sense Media asked the educational technology industry to develop tough national standards for personal data collected about students and this message needs to be acted upon. Schools also need to understand the contracts they enter with so that third party vendors are held accountable for protecting student data and their privacy. We need to recognize that in order to purposely use technology we shall have to integrate the information at our disposal.
Technology and privacy do not need to be mutually exclusive. We all have a shared responsibility to protect student privacy. Parents need to be engaged in their children’s learning and schools must learn how to safeguard student data to make use of technology in the classroom. Technology companies have an obligation to ensure the data they hold in their custody is not commercialized and that it is kept secure and with adequate privacy restrictions.
Technology can be a great equalizer in education. It can enable us to deliver to children in underserved schools the same educational opportunities their more affluent peers take for granted. Just as we have to exercise caution in protecting student privacy, we must be cautious that in enacting safeguards to protect student data we do not impede the use of valuable technology.
The key for us is to build good guidelines for implementing technological change in an evolving landscape; that we are mindful that students are the end users and beneficiaries of this technology. They stand to gain tremendous opportunities but can also lose them if the technologies are unnecessarily restricted. We must work together to integrate technology and privacy in education in a manner that is balanced so we can all reap the rewards.
Schools are increasingly using technology in a variety of settings and there is more record keeping of how students learn and information about them than ever before. Technology advocates tout its use and the ability to personalize a child’s education. Privacy advocates warn that vast amounts of personal data students generate can be misused.
In Room for Debate, The New York Times invited outside contributors to answer the question -Is the collection of data from school’s an invasion of student’s privacy?
It’s an interesting debate with contributions from Khaliah Barnes, Tyler Bosmeny, Richard Kahlenberg, Jules Polonetsky and myself.
My contribution is below:
While there are surely benefits to the collection of student data, as a parent, I am concerned about the use of my children’s personal information. Schools and districts rely on students’ personal information (and test scores, behavioral records and, sometimes, health evaluations) to conduct day-to-day operations and the state relies on it to plan policy. Access to this data is important as it can alert to warning signs of learning disabilities so they can be addressed early and efficiently.
But what is the educational goal of collecting all the other information? Don’t our students have the right to learn imperfectly, and with the privacy for trial and error? It is difficult to justify data collection that may be used for commercial purposes if that data does not show a clear educational advantage. We must consider the implications this will have on our children and their future.
Parents need to understand what data is being collected, who has access to this information and what security protocols are in place at the school, district and state level to ensure that student data is kept private and secure. In a more practical vein, schools must also make smart decisions regarding what data should be collected about students for it to be meaningful at all.
And empowering students to have a larger role in deciding what ought to be included in their educational records would improve the value of the information: students would be invested in their data — as some are with grades, for example — and not merely passive participants, harboring concerns about their privacy. As more data is collected about students, including on their strengths and weaknesses, we must ensure that we do not inadvertently punish their failures and miss celebrating their successes.
Students are at the center of all data generated in education and the debate centered on privacy, data access, and security needs to acknowledge data ownership. Who should be the owners of student data? I like to think that the answer is clear – students should be the owners of their data, even when cloud providers are being employed. Kathleen Styles, the US Department of Education Chief Privacy Officer said – The provider never “owns” the data, and can only act at the direction of the school or district. We need to define the roles in the education system so that we can make decisions of how student data is used. If we recognize students as having ownership of their data we can in turn trust parents and schools to act as stewards and technology companies as processors of such data.
Students should be able to decide what data about them is used, who has access and how security is maintained. Students every day provide information about themselves, and parents should not be asked to relinquish the personal information of our children unless there is a tangible return for this exchange of information.
However, we need to recognize that today schools are using technology in a variety of settings, from interactive dashboards and personalized apps for students with disabilities, to recording test scores, running reading records, class exams and sometimes, parent feedback. There is more record keeping of how students learn and information about them than ever before. But all this information would not be generated absent a student sitting in a classroom. Once we acknowledge students as owners of their data we can have a conversation in which our focus becomes improving educational outcomes. But if we do not do this we reduce them to innocuous data points in which the only debate is whether the information should be shared or not.
For the conversation on data ownership and privacy to move forward, we need interactive communication between the owners, stewards and processors of this data. Technology needs to acknowledge parental concerns and show value to students. The success of data analytics depends on having access to the sources of data. And in order to address student and school needs, technology companies can look at their datasets in order to gain insights about their students with the goal of increasing the learning potential in the classroom. Students empowered to help make decisions about their data can inform app developers what works and what doesn’t so that in turn technology can adapt and help them.
The conversation needs to be transparent and respectful of student privacy. Acknowledging the challenges in protecting student privacy while using technology and working together with students at the center of the discussion enables all stakeholders to collaborate at all levels to create trusted environments for learning. The guidelines for creating and using student data will need to evolve as technologies present new challenges that require new approaches to privacy, but we must not prevent the conversation from happening. Parents and students need a consistent and enforceable commitment to student privacy from the technology community to protect student information. If we recognize students as active participants and owners of the data we can move our conversation away from concerns of commercializing data to a cooperative environment that benefits everyone.
I am an advocate for using technology in the classroom, I have seen first hand the positive impact it can have when used appropriately as a complement to the instruction students receive from teachers. I am also fiercely protective of my children’s privacy but firmly believe we can achieve a balance. Let’s recognize who owns the data, who processes it, and together make decisions to protect and use it efficiently.
Recently, I was having a conversation with a group of friends. One of them broke the big news – she had just registered her daughter for Kindergarten. Certainly a milestone in a parent’s life. “Kindergarten!” “Wow” “Congrats!”
And right on cue, a friend said (jokingly) “Oh no! She is in the system.”
We laughed and joked how life was about to change for this soon-to-be kindergartner. But the thought lingered in my mind. What exactly does it mean to be in “the education system”?
There is much talk about the collection of student data, how it relates to privacy, and sharing data with third party vendors. The conversations also veer into discussions of government overreach in collecting student data for state databases. And while I understand these concerns, the fact is schools collect a tremendous amount of information about students today. Some of the information collected goes into state databases called State Longitudinal Data Systems (SLDS). The purpose of the SLDSs is to enhance the states’ ability to efficiently analyze education data and help make data driven decisions to improve student achievement as well as to facilitate research to direct resources where needed.
The SLDS program was created through the Education Sciences Reform Act (ESRA) in 2002. In order to support this (expensive) undertaking, the federal government has been awarding grants to states since 2005. By 2012 every state had an SLDS in place.
So what can be done with all this data? On a large scale, the data collected can help analyze chronic absenteeism or drop out rates, for example. It also helps schools and districts in their day-to-day operations. The Data Quality Campaign has a great info graphic illustrating the various ways data is used.
And while I don’t believe in collecting as much data as possible about my children, I do believe in maximizing the valuable information contained in these databases. This information can help states identify and address issues of equity and channel much needed resources into underserved schools. Big data sets can tell important stories. It would be interesting to look at which stories states focus on and which they choose to ignore. We know from previous decades that children who have breakfast do better in school, and so we have programs in place to provide that meal for children who won’t otherwise get it. And a recent Civil Rights Data Collection study (CRDC) from the 2011-12 school year showed racial disparities in discipline in the early years of schooling. This information identifies gaps and allows schools and districts to address discrimination issues and ensure equal access to education. What other causes and effects are waiting to be identified, now that we have the ability to evaluate some of these questions?
What I find especially interesting is how information contained in an SLDS is potentially useful to students and parents directly. How can we take this information and put it in the hands of students so they can make decisions about their education? We should seek ways to let students decide “what works” and provide mediums for them to be active participants in “the system.” Students should be empowered to tell their own educational stories; after all they are the main characters.
I recognize any collection of data poses some risk to student privacy. But without data we cannot make informed decisions. It is important for policymakers to erect safeguards so that student data is used responsibly. As data collection continues, we must weigh the privacy risks against the benefits of data analysis but the benefits of having the information can yield great results for students. It is essential that parents see tangible results of the progress that has been made in answering the questions we have using SLDS data. Parents must be able to trust that their children’s data is secure and being managed responsibly, much as we rely on our banks to handle our electronic finances. The more trust parents have in the way their children’s data is used, the better the opportunity for collaboration that will improve educational outcomes.
There is no question that the topic of student data collection and privacy is personal and emotional, but we must deal with specifics and be correct about the facts. There is great potential for student empowerment in enabling students and their parents to be advocates and owners of their learning. We have the data, let’s use it effectively and responsibly.
Last week I wrote about FERPA notices and how we, as parents, can prevent our children’s schools from sharing directory information. Schools should be able to provide accessible and accurate information online on parent’s FERPA rights but this can be easier said than done as Bill Fitzgerald wrote recently.
I am delighted to introduce Bill as our guest blogger this week. Bill is the founder of FunnyMonkey, a software development company. He writes a blog focused on technology, education and student privacy and brings an important voice to the student privacy debate. Bill recently wrote a blog post on a survey he conducted on the accessibility and ease for parents to exercise their FERPA rights. With back to school in full swing, this could not have been more timely.
You can read more of Bill’s writings on his blog at funnymonkey.com/blog
The Family Educational Rights and Privacy Act, or FERPA, gives students and parents rights to access, review, and dispute educational records. FERPA also attempts to define an “educational record.”
However, having rights is one thing, being able to use them is another, and being informed of those rights is yet another. In order to get a sense of how easy or difficult is is for students and parents to learn how to use their FERPA rights in different educational settings, we conducted a series of basic searches on charter school districts and large urban school districts.
Our method is pretty simple: start with a Google search on the term FERPA and the phrase “Family Educational Rights and Privacy Act” limited to a specific school district or charter organization.
In some cases, we would then do a follow up search using the site’s native search for both terms separately: FERPA, followed by “Family Educational Rights and Privacy Act.”
In the text below, we link to our searches and include screenshots so you can see what we saw.
Recovery School District
The Recovery School District returns three documents via Google. Two link to gibberish, and the third has nothing about student or parent rights under FERPA.
The Recovery School District uses Google for their local site search, so the results are identical to what we see when searching via google.com.
Education Achievement Authority
The EAA has no information about FERPA on their site.
Rocketship Education returns several hits via Google, and they appear to link to pdfs for different schools. However, the pdfs appear to be scanned documents, which means that people can’t search within them using the “Find” feature of their web browser. As a result, the only way to find anything is to scroll through and skim each page, which is pretty laborious. This could be fixed by using actual html pages, having their docs available as read-only Google docs, or even uploading pdfs that have been generated directly from word processing software.
Several results are returned via Google, and I found FERPA information in their “Policies” document, which is the first result returned by Google.
Rocketship Education has no obvious site search on their site.
Aspire Schools fares pretty well when searched via Google.
Several results are returned via Google, and the third hit is for their student handbook, which includes FERPA information on pages 27-28.
However, their site search returns nothing, which is not very useful.
Green Dot returns several results via Google. The third hit links to the Student Policy Manual, a 125 page pdf that appears to mention FERPA several times without specifying student and parent rights under FERPA. My method for searching this doc was to use the “Find” feature in my browser, however, so if the language on FERPA was added as an image when they were creating the PDF, I would not see it.
Success Academy Charters
The Success Academy Charters return one result via Google. However, this document does not contain any information on parent or student rights under FERPA.
KIPP is a slightly different setup because it has the the main KIPP site, with local sites broken down by region.
The top level KIPP site has no results for FERPA via Google.
The top level KIPP site also has no results via site search.
However, it’s possible that the regional sites could have FERPA information – to get a sense of what the local sites shared about FERPA rights online, we can look at what comes back when we search 5 regional sites. Each regional site covers multiple schools; this search covers KIPP in Massachusetts, the San Francisco Bay Area (including San Jose), Colorado, Austin TX, and Chicago IL.
This search returns three hits. None provide any information about parent or student rights under FERPA; two of the hits are a form (in Spanish and English) asking parents to renounce their rights under FERPA so their students can be included in a Mathematica Policy Research study.
YES Prep returns several results via Google. Included in these results are links to both English and Spanish language versions of their student handbooks. Both handbooks contain detailed information on FERPA, and also mention that students and parents have the right to opt out of directory information.
Other schools would do well to follow YES Prep’s example here.
Unfortunately, YES Prep’s native site search does not return any results.
On a technical note, if the YES Prep web team is reading this: your site runs Drupal. You could probably add this module to search within attachments.
Democracy Prep shows no results via Google.
And, Democracy Prep has no obvious search feature on its home page.
The Concept web presence is organized like KIPP; it has the main organization site in one domain, with schools at other domains. To get a sample, we searched through a subset of sites (the main organization site and five regional sites). Searching via Google brings up two hits; one is a web page that contains a variety of legal links, including two about FERPA. The second hit is a document only posted for the Columbus, Ohio schools in response to an Ohio legal case.
Uno Charter Schools show no results via Google.
Additionally, no results are returned via site search.
Noble Charter Schools
Noble Charter Schools show no results via Google.
Noble shows no results via site search.
Urban Prep shows no results via Google.
Urban Prep shows no results via site search.
Chicago International Charter Schools
The Chicago International Charter Schools return many hits via Google. The first hit is an English and Spanish version that outlines basic FERPA rights, but does not mention the right to opt out of directory information. However, many of the the other hits on the page are forms that can be used to request access to data as part of research, including this form to avoid review by the data monitoring committee.
Chicago Public Schools
Chicago Public Schools shows several results via Google, but no information on FERPA at the district level. One school within CPS shows up; the link leads to the school’s information on FERPA. Based on this review, the CPS site does not have any obvious resources online showing students and parents their rights under FERPA.
Los Angeles Unified School District
Los Angeles Unified School District returns immediately relevant results via Google. The top hits include both information on FERPA and information on the review process. The LAUSD documentation also flags that students and parents can opt out of directory information.
So, while LAUSD has a hard time with technology acquisition and Student Information Systems, the visibility of their FERPA information is something that other districts would do well to emulate.
Portland (Oregon) Public Schools returns several relevant results via Google. The top hits are all immediately useful.
Boston Public Schools
BPS gives several results via Google, including their student handbook in multiple langages. The English language version of the handbook specifies that additional information on FERPA is available in each individual school.
Dallas Independent School District
DISD returns several immediately relevant results via Google. Of all the districts and organizations surveyed here, Dallas provides the most complete and helpful set of materials. They include a set of brochures on what FERPA means, an opt-out form for directory information, and their documentation includes human-readable breakdowns of the legalese. Ideally, they have versions of these documents in multiple languages.
It’s also worth highlighting that they are the only organization with a page set aside to explain FERPA on their site: http://www.dallasisd.org/ferpa – over time, I suspect that this practice will become the norm.
Out of all the organizations and districts reviewed here, Dallas Independent School District provides the best example of how students and parents should be informed about FERPA online. The things they do right include:
- Set aside a page for FERPA information, at a URL (http://www.dallasisd.org/ferpa) that makes sense;
- Include human-readable guides to FERPA;
- Include information and a form that allows students and parents to opt out of directory information;
- Include information defining that parents have a right to review records
It’s also worth noting that, among the public school districts surveyed, the majority of them included comparable information as Dallas, just not as well organized. The notable exception was Chicago Public Schools, where district-level information was not readily available online.
Moving on to charter school organizations, YES Prep did the best job of providing online resources. Aspire also has taken steps to make FERPA information easy to find. However, the number of high-profile charter organizations with zero information available online about FERPA is an oddly avoidable oversight. It’s especially troubling given how data and tech heavy some of these schools are – it’s imperative that both students and parents are informed of their rights by their schools. The fact that some schools have information and forms online that are used to remove parental rights under FERPA without any accompanying information that defines those rights is especially problematic.
And, it’s also worth noting that FERPA rights can be given to parents offline, on paper. It’s also possible that there are other places where schools are sharing this information online that did not get seen in this review. However, privacy concerns are going to increase, and schools need to be ahead of these concerns. Sharing accurate, useful information online is an easy step to take.
It’s back to school time! Many parents spent the last few weeks buying school supplies, sharpening pencils and filling out forms. These first days of school are filled with excitement for what the school year will bring and the friends our children will make. But it can also be overwhelming and a challenge for parents to keep up with the flood of information sent home. Many flyers will come back home in kid’s backpacks – parent meet up night, volunteer fairs, bake sales, field trip forms and, maybe, a notice that explains your rights under FERPA. Wait! What is that?
FERPA is the Family Educational Rights and Privacy Act. It was enacted in 1974 to ensure parents had access to their children’s educational records and to protect the privacy of this sensitive information. As a parent or guardian, you have the right to inspect your child’s records, request that corrections be made and opt out of your school sharing directory information with third parties.
School’s sharing information about your child? Why would a school share any information about your child? Well, here are a few examples – consider the school yearbook, the team roster with student names, the playbill of the school play or the Honor Roll listing in a newspaper. There are other ways such information could be shared and other third parties unknown to you could legally request this information, including marketers.
It’s important to keep in mind that a school can’t just decide to share this information. The school has to officially declare which information they consider to be directory information and then they have to notify parents of their right to opt out of sharing this information. Typically, directory information includes basic information such as name and address, phone number, date of birth and email address. It may also include pictures, hobbies, interests and awards. FERPA requires schools to annually notify parents and eligible students of their right to opt out of sharing this directory information.
There are, however, other ways in which third parties can access your child’s data. School districts, state agencies and vendors that do everything from running the cafeteria and school buses to technology services your school may be using or requiring students to use are considered third parties with access to student data. FERPA has different rules for these type of uses and I will discuss this in future posts.
Why should parents be on the lookout? Because, according to the US Department Of Education, the actual means of notification is at the discretion of the school. So you won’t necessarily receive a FERPA notice in your child’s backpack. The notice could be in a link on the school’s website, a note on a PTA bulletin, the school calendar or student handbook and can be easily missed.
If you missed your school’s FERPA opt out notice, here is an example: http://www2.ed.gov/policy/gen/guid/fpco/ferpa/mndirectoryinfo.html
Add student privacy to your “back to school list” and ask your school for the annual FERPA notice and decide whether you want to opt your child out of directory information disclosure.
If you want additional information you can contact the US Department of Education at 1-800-USA-LEARN (1-800-872-5327) or at the following address:
Family Policy Compliance Office
U.S. Department of Education
400 Maryland Avenue, SW
Washington, D.C. 20202-8520
Or visit the National Opt-Out Campaign website here – http://www.opt-out-now.info
Did your school make sure you saw their Directory Information Opt Out Notice? Is it on the school’s website? Is this all news to you, as it was to me several years ago when my kids entered school and I started digging into this? Questions? Comments? I will do my best to answer or point you to the appropriate source.
Wishing you all a wonderful school year!
Student data privacy has become a central topic of conversation in education and amongst parents of school aged children. Common questions include, “What data about students is being collected?”, ”Who is looking at this data?”, “How is it being used?”, “Are third parties outside of educational institutions using the data responsibly?”, and – more importantly -– “Is it being kept secure and private?”
Parents are commonly left out of the conversation taking place amongst policymakers, school districts and tech companies. My goal in this blog is to open the discussion from a parent’s perspective and include all stakeholders in the discussion. What are the issues we should be looking at? What improvements are being implemented? And, how can we collaborate to ensure student data privacy?”
But when we talk about student data privacy, we must first ask how we define “privacy” when talking about student data. What do students define as their privacy? What do students think of their data and who owns it in order to make decisions about their education? What protections may parents and students expect?
Maybe, for parents and students, privacy should be defined on the context of the situation and we should engage in debate about what data collection is appropriate to address personal and public concerns.
Building trust among all stakeholders is imperative. For only with trust can we ensure the level of participation necessary to obtain and deploy the information critical to raising student standards and achievement. While I believe we must not argue for increased data collection or none at all, rather, I believe we must advocate for data that is collected for meaningful purposes and kept private and secure. After all, there are amazing opportunities to put information into the hands of parents and teachers enabling them to tailor individual instruction to education plans, so all students can meet their potential.
Student data is collected in State Longitudinal Databases for federal reporting purposes. What questions are these databases answering, and as parents, how can we benefit from them? Data can be useful to help study chronic absenteeism or drop out rates. But, on a smaller scale, these reports can help parents and teachers identify early warning signs of learning disabilities, for example. The purpose of student data should be to help states, school districts and schools in their day-to-day operations. But also, and more importantly, to help our students. But parents need to be able to access that information in a timely manner in order to have productive discussions with their children and their teachers. Together, we can achieve tangible results with an effective system of data and collaboration.
Technology is constantly evolving and so should the conversation around student data privacy. Technology is scalable and dynamic, and we should advocate for policies, legislation, and terms of service that reflect this while keeping the focus on students and their privacy. A system that empowers students to take ownership of their education will help them make informed decisions about their privacy
In 2014, 110 education data privacy bills were introduced and 28 were signed into law. What does that mean for parents? Some of these new laws include data governance that define roles and responsibilities to ensure student data is used appropriately, and others look to protect data by prohibiting certain data to be collected and analysis to be performed.
Recently, U.S. Senators Edward J. Markey (D-Mass.) and Orrin Hatch (R-Utah) introduced the “Protecting Student Privacy Act”, a bill that asked for FERPA (Family Educational Rights and Privacy Act) to be updated. Some say the bill is not strong enough; others argue that it is unnecessary to revamp FERPA. Should parents be concerned? Whatever the approach, transparency is vital. And, while parents should not be asked to be privacy auditors, we need to know how these bills affect students and schools. That’s why the newly launched FERPA|SHERPA website includes a “Parents” section that hosts information important to parents and explains how data and technology in schools affects students – so that we can all make informed decisions.
I’ll be writing about different issues surrounding student data privacy. Data is more than test scores or innocuous data points. Data can be any piece of information that helps parents, students and educators know more about their students. To make it work well and responsibly, we must look at the entire system and actively discuss the ramifications of data collection, what equity issues are unaddressed, and the privacy challenges it raises.
I’m looking forward to having you join me in this timely and critical conversation.
Olga M. Garcia-Kaplan