The Future of Privacy Forum released a parent survey appropriately called “Beyond the Fear Factor” that asked parents how they really feel about data. I didn’t participate in the survey so I don’t get to skew the results but I can certainly report on it. What the survey tells us is that most parents understand the technology used in their child’s school but don’t really understand the laws protecting student data and have, understandably so, concerns about the security and privacy of their children’s data.
One could argue that the survey is saying that parents are fine with the indiscriminate use of student data and that even though they are concerned about privacy and security, well, we just go with it because the school is going to use technology anyway. But that really is not what the survey is saying. Rather, parents are telling us that they do care how student data is used and that they care how technology is used in the classroom but that they are concerned that the information is not being protected adequately. This is a fair concern, I would say. Particularly when most of us don’t fully understand the laws protecting student privacy and what our rights as parents are.
As I have stated before, my kids are going through new school experiences and so am I. And I am really fascinated by the amount of technology that is deployed in their schools. But more importantly, I am even more fascinated by the amount of paperwork and electronic communications that come home regarding the use of technology in their schools. While impressive, some things definitely could have been done better. For example, nobody told me my kid’s information was being uploaded onto an online portal, the directory information opt out is an all or nothing option and there is a lot more technology being used in school than I am aware of. But on the positive side, I have received communications that are informing me of some of the technology used in my kid’s school and that matters. It matters because now I know that if I wanted to dig and make a decision whether I want my kid using a certain app I can at least find out what it’s about. But something came home this past week that caught my eye. It was a notice asking for permission to setup a student email account for my kids, through Google Apps for Edu (of course). We can argue the merits of GAFE but what is interesting is that the school sent home a notice explaining what it was doing, how the emails were going to be setup and what the purpose is. Further, there is a section on the rules and responsibilities that students have when using this email and they are surprisingly close to what we would ask of an Ed-tech company – students will respect the privacy of others by not using someone else’s files without permission or posting pictures, apps and computers will only be used for educational purposes, respect their privacy and that of others by not disclosing personal information on the computer system etc. I really appreciated this section, not only because it is explaining to us what is expected of the kids but they are working on teaching the kids good digital citizenship, and that is very important. If we instill in kids from an early age how to use technology appropriately and what their responsibilities are we are already moving our conversations forward as these kids increasingly use technological devices at school and home. This school district form had to be signed by parents (giving permission) and students (acknowledging the rules around receiving school email). So when I asked my kid to sign the permission form he looked at me surprised. I asked him to read what he was signing and he rightfully said “if I sign this that means I can’t do all these things but the companies I use in school can’t do the things listed here, right?” Yes, happy dance moment! But I really hope that just as we are asking our kids to be responsible, tech companies are in turn being responsible to kids. So much so, that kids can hold them accountable if they don’t “follow the rules” so to speak.
At the end of the day, what parents want is what we all want when it comes to anyone accessing our information. We want a clear understanding of how data is collected, used and protected. We want transparency of how data is used through the educational system. Parents are willing to be active participants and collaborate with schools on how data and technology can be used to improve the educational process. Don’t ignore parental concerns, let’s address them, discuss them and present to them, to us, with the information we need to trust and in turn collaborate with everyone in the educational system. A top down approach doesn’t work. Parents need to be brought into the conversation in a meaningful way. There is a great opportunity for everyone in the educational system to open the lines of communication now and build trust with parents. If there is one thing the survey clearly states is parents want the data used in a way that can help their kids but make sure we are using the data ethically and protecting it. And I think that is a fair ask. Let’s not dismiss it.
In 8 hours of intense debate about student data privacy, we heard panelists use the words sexy, naked, sex ed class and constipation. This coming from researchers, education policy leaders, privacy advocates, IT experts, teachers and parents, all in one room. And besides making us aware that anyone working in privacy has a pretty good sense of humor, it brought into focus that privacy is an everyday event.
There are a few points I want to highlight from the day. One of the things that struck me the most was that we need to discuss privacy concerns from two different sides – students and parents. Because privacy to a student is not the same as keeping one’s own children’s data private. We can’t forget that the purpose of student data is for students to learn better and not for our research teams to have more data to study learning. And well, if we can improve our research while at it, then so be it. There was also discussion of the implications of opting out of more data sharing. I would argue that the more data we can share, in more useful ways, is a step in the right direction. It can foster trust between students and the adults in the student’s life. Lets make parents partners not only in education but in privacy matters.
The Future of Privacy Forum released the results of the parent survey and it wasn’t surprising to me that parents are in favor of data collection as long as it is not used for commercial purposes. One statistic that jumped out at me was the fact that most parents want to opt out of data collection for racial and socioeconomic concerns. I’d argue that in a world where we see racial profiling happening every day, and increasingly in schools, the concerns about the collection of biased data are real. But I feel we need to start asking the question to parents and students on what they feel a student profile should contain, what it should be, and who should get access to it. Further, when looking at these results, we need to be aware that if only certain demographics opt out of sharing information they would significantly alter the results of big data sets and inadvertently divert much needed funds away from high need districts and schools. We also need to constantly remind ourselves that not all parents have access to the technology we discussed at the symposium, and as Rafranz Davis pointed out “anyone who things BYOD is equitable doesn’t know what school in many places is like.” All kids should have access to their own devices to learn, and it’s easier said than done. How do we help districts with limited resources achieve this?
One of the things I struggle with when discussing the results of the survey is that even though collecting data is valuable and using the information to improve teaching practices is the purpose, I find the all or nothing approach of my children’s school district regarding FERPA opting out problematic. For example, what if I want my kids information on the school directory so that we can meet other families and communicate about activities, homework etc. but I don’t want my child’s information released to a third party that will use it to try to sell me something? I can either opt in all the way or opt out completely. So we need to discuss these issues and come to a happy medium where parents have control over the information schools share about their child.
I think we can all agree that the consensus is that we need to discuss what types of data we really need? Are we collecting the right data that will help disadvantaged students and help create a more equitable educational environment? Are we finally recognizing that student data belongs to students? Kathleen Styles made an excellent point and reminded us that teachers need to be trained not only in protecting student data but in learning how to use it effectively.
We can’t place the burden on students to understand policy and law but at the same time, privacy and security need to happen every day in schools. At the end of the day, we need to get this right. I certainly walked away with many lessons learned and points to think about and debate in the future. Student privacy is complicated, that’s for sure, but everyone in that room is trying to work it out so we can do good by the kids. We can’t afford to not do right by kids, and if that means talking FERPish (as Kathleen Styles said) then we should be knowledgeable about it…..
And if you want to read a play by play of the day’s conversations check out the #NSPS2015 hashtag on Twitter. It was fun!
We moved. We left our beloved Brooklyn for a new State to call home. Moving means not just a new house but new routines, new friends and new schools! And as excited and anxious as the kids were to start in new schools, well, so was I. The schools are great, we’re slowly making new friends and we’re getting to know the school system. It’s vastly different than New York City, that’s for sure. Technology is more accessible and all schools have online portals for parents. There is an integrated platform that allows me to login and look at my children’s personal information, grades, attendance, homework assignments and teachers’ notes about my kids. Mind you, they are in two different schools. I log in to one system. This is so much more than we had in NYC so I should have been happy, ecstatic actually. But I wasn’t.
For starters, no one asked if I wanted to partake in this online system. A few weeks before school started I began receiving emails about the schools. I am glad to be receiving important information, but felt rather uneasy by the fact that my email and my children’s information was provided to a third party without my knowledge. Further, this application connects to other platforms that collect my children’s information. For example, there is an online school lunch system, school garb shopping portal, bus routes and of course, the school’s directory. All of these collect, at a minimum, parent names, student names and school they are enrolled in. And I do want to be clear, I am not so concerned about the information collected as the way it was released. I was surprised when I received a FERPA notice to opt out of directory information. I received an email from the school district, clicked on the link, logged on to the portal and opted out. But here is the issue, the login for the portal was already populated with my children’s information and had been done without my knowledge. This lack of disclosure is not optimal to build trust between schools, parents and third party vendors. An email informing me would have been enough. And that is why communication is key to building trust when it comes to student data and privacy. Trust can’t be built if a school district can’t be bothered with informing families that this information is collected and placed in an online portal for third parties to use, and then sends a link to the FERPA notice. After I logged in, I diligently looked for the portal’s privacy policies. I am still looking for them. If they are published, they are in such an obscure link on their website that I had to give up after three days of searching.
But it doesn’t have to be that difficult. There are a few simple things that schools and vendors can do to build trust with parents and students. They ought to list all the vendors that work with the schools, list the data that is provided to these vendors, and a clear and easy to link to their privacy policies. I looked at both the online portal and the district’s website and couldn’t find this information. I understand that schools have many things to work on and that the beginning of the school year is particularly hectic, but these lists are basic and should not be a heavy lift for any school district. Transparency builds trust and accurate information can help dispel many fears parents have when it comes to student data and their privacy.
With the attention being given to student privacy and technology I hope that schools shift their focus a bit and realize that this is important information to make accessible to parents. I would also hope that the tech companies providing this service have clear and easy to understand privacy policies so that parents can make informed decisions.
We like to put the responsibility of student data privacy on school districts and tech companies, but it is also our responsibility to look for privacy policies and understand how data is being used in schools. If we can’t get the information easily we should reach out to the school and ask for the information. So as I am now buying school supplies, the question arises – should I go to a store and physically buy the school supplies, or order them online through a school portal that will collect my credit card information in addition to the other data previously gathered.
We are in a privacy maze, it seems, but it is up to us to call out school districts, tech vendors and demand they make their privacy policies transparent so parents can understand what they’re signing up for.
I know that nobody asked me what I thought about student data privacy when I began inquiring about my children’s education records and how their privacy was protected, but now the Future of Privacy Forum conducted a survey that showed that the majority of parents with children in the K-12 environment are concerned about the privacy and security of their children’s information. With privacy being discussed more and more in education circles and by parents, I find that a survey that addresses parents is worthwhile, as parents (and more so students) are often left out of the conversations surrounding student data.
The results came in AND….not surprisingly, 85% of parents said they are willing to support the use of student data and technology in education but that it must be coupled with clear efforts to ensure its security. I would add that once parents are assured that their child’s data is safeguarded, they are more willing to give access to third parties as long as there is a clear educational intent. Once I am assured that my kids’ information is protected and only visible to appropriate entities, I am ready to have data sets that include my child’s information. And that is what matters, because there are so many ways of linking information that datasets can generate new insights – is my school addressing my child’s needs? Is the data showing that certain groups of students are being discriminated against? What is the graduation rate? For parents to have confidence that their child’s data is being protected, they must see first hand that collecting student data is valuable. Only then will they trust the process.
So I conducted my unscientific, most likely biased, survey amongst a few parents I know. Their responses were similar to those in the survey. My group of surveyed parents expressed that they are more willing to use student data for individual students when they can see the clear benefit of this data collection. For example, can the data help identify a struggling student so that schools can provide adequate support services? Another important result was that they are all encouraged by the use of personalized learning tools if they were able to see the results and trends of their children’s performance. But what we all came back to in our conversation was the trust factor. They all agreed that if we can trust the institutions that work with our children’s data we would all be more comfortable with it. And the only way I see how trust can be built is by schools, districts, States and the Federal government is by communicating with parents on a regular basis, to listen to their concerns and together come up with a plan that can be supported by the school’s organizations, such as the PTA.
So there you have it. A very reliable survey from the Future of Privacy Forum and my very own homegrown survey both agree that data is important and that parents are willing to allow for such data collection as long as we have adequate safeguards in place to protect student privacy.
I do wonder what a group of 6th graders would think of this debate and what they want to see protected in their records. We need to revise the methodology and compile results from students and how they would like their data protected. Maybe I will ask them soon…..
In the meantime, the entire survey will be released at the National Student Privacy Symposium on Monday, September 21st and if you haven’t registered I hope you do! The conversation promises to be engaging and I can’t wait for the debate amongst different panelists since we all have various perspectives on this issue. I’ll be there so please come by and say hello!
A new school year is just around the corner and my kids will be attending new schools. Not only am I excited about the school year ahead and the experiences of being in a new school, I am also curious to see what kind of Directory Information opt out forms we receive. Should we all opt out of Directory Information? This is certainly an opt out I would consider. It is a clear way for parents to control their children’s data and prevent Directory Information from being shared with third parties.
Opting out of directory information is probably the most misunderstood of opt outs. Directory Information can be anything from student’s name, address, telephone, and email address to weight and height of students, grade level and photographs. Directory Information opt out prevents your child’s personal information from being shared, for example the team roster with student names, a playbill for the school play or the Honor Roll listing in a newspaper. There are other ways opting out prevents Directory Information from being shared with third parties unknown to parents that could legally request this information, such as marketers. It’s important to keep in mind that a school can’t just decide to share this information. Schools have to officially declare which information they consider to be directory information and then they have to notify parents of their right to opt out of sharing this information.
However, as with any privacy and or legal discussion there is the other side of the argument. If you opt out your child’s information, there could be certain opportunities forgone, outside school program opportunities or in the case of High School kids, scholarship opportunities or other university or college correspondence they will not receive when opting out of Directory Information. Further, student’s information will not be listed in the school directory and other families will not have access to phone numbers or emails, for example, unless you provide them directly to whomever is interested in connecting. So the decision to opt out needs to be done based on what works best for each family. Also worth noting is what opting out of Directory Information doesn’t do – it doesn’t prevent students from participating in testing or other education mandated activities. This opt out only applies to schools providing information to other parties outside the school.
How did this option of opting out come into being? Well, FERPA, the Family Educational Rights and Privacy Act, was enacted in 1974 to ensure parents had access to their children’s educational records and to protect the privacy of this sensitive information. As a parent or guardian, you have the right to inspect your children’s records, request corrections be made and opt out of your school sharing Directory Information with third parties. Under FERPA, parents and students have the right to tell schools they cannot share their directory information with a third party.
It’s relatively simple to opt out (although finding the opt out forms on a school website can be nearly impossible). You can request a Directory Information opt out form from your child’s school, fill it out and return it to the school. And the best time to request the opt out form is at the beginning of the school year before schools begin to share information with third party providers.
If your school doesn’t have a FERPA form, you can download one here
The World Privacy Forum recently released a great video explaining why it’s important to #optout. Check it out here!
Wishing all the students going back to school all the best for a most fantastic (and private) school year!
Should we be afraid of student data? More often than not, the conversations around student data revolve around security and privacy concerns. What will happen if there is a data breach? What about security? Are we safekeeping student data adequately? But the reality is that student data is exciting. There is value in data that allows us to help students in ways we otherwise couldn’t.
I am not discounting the concerns surrounding student data privacy, but as Kerry Gallagher points out in her blog “Why is student data both exciting and daunting?” we need to ask ourselves what is the acceptable risk we should be willing to take in order to gain value out of data and protect student privacy.
Kerry Gallagher is a Technology Integration Specialist at a 1:1 iPad school serving 1500 students grades 6-12. She taught middle and high school history in Bring Your Own Device environments for 13 years and writes a blog called Start with a Question.
Kerry discusses a report recently published by the Berkman Center for Internet and Society at Harvard University titled “Student Privacy: The Next Frontier”. One of the main points made is that the conversation around student privacy needs to be balanced and include all parties involved in student data. Both Kerry and the Berkman study point to the exclusion of student voices in the debate. We often ignore or dismiss students in conversations and we must continue to advocate for the inclusion of student voices in the debate surrounding their privacy. After all, students are the generators of the data points we are fiercely trying to protect, we owe it to them to include them in the conversation and allow them to teach us what data privacy means to them. Students bring different backgrounds and perspectives we can often oversee. If we bring student voice into the debate and acknowledge learner ownership of data, our conversations will turn to discussing pedagogical issues surrounding student use of data and privacy and we will more readily acknowledge the student experience and the expectations they have in their educational outcomes.
You can read Kerry Gallagher’s post here – http://www.kerryhawk02.com/2015/08/why-is-student-data-both-daunting-and.html
AND Kerry will be a panelist at the 2015 National Student Privacy Symposium in September which promises to be a great event (shameless plug). You can register for the symposium here – www.studentprivacysimposium.org
Hope to see you all at the Symposium!
Is it possible that in our effort to protect our kid’s privacy we make it too private? Let me put it this way, what happens when we make privacy laws so restrictive that someone can go to jail for using their information? Well, it has happened in Louisiana and the law basically states that if you put two pieces of PII (personally identifiable information) where you can identify a student you are in violation of the statute and can get up to six months in jail and a $10,000 fine. How will this impact the educational resources available to our children?
Recently, a couple of articles like this one and this one got me thinking about the unintended consequences of restrictive privacy laws. Because, really, when we talk about student data privacy our first reaction is to advocate for fines and penalties that would deter anyone from abusing student information. However, what happens when a teacher inadvertently shares information for the honor roll, for example. Could that teacher go to jail? Or what about yearbooks? More importantly, what if student information can’t be shared and a college scholarship deserving student can’t get the coveted scholarship because he/she can’t be identified? The key is balance. Balance when we talk about privacy. Balance when we draft legislation to protect student information. Should student information be freely shared? No, absolutely not. But should teachers and schools be allowed to conduct school business and help students based on the information they have? Yes, absolutely.
We still have a long way to go in finding the right balance when drafting legislation to protect student privacy. There isn’t a right or wrong answer to the question of how restrictive, or not, privacy laws ought to be when it comes to students. But we certainly have to remember that there is value in data. Without good data we cannot help students in a comprehensive way and we certainly cannot address issues of inequity if we cannot share information about the disparities in our educational systems. And we must look at all the different aspects of student data privacy – is a law protecting data when used in apps but not allowing for teachers to share information? Is a different law allowing parents to opt out their kid’s information from valuable aggregate data sets? Parents should certainly be allowed to opt out of directory information but aggregate data is useful when assessing school district performance, for example.
That is what makes the student data privacy debate so interesting. It is complicated at best and messy at its worst. It is complex and multifaceted. And I don’t think there is anything wrong with that, but we need to be aware of all the risks. It’s difficult to come to a consensus on what is the best privacy law. We must recognize that as we legislate what should and should not be allowed, the law must protect students so that we can provide them with the best education possible.
The Louisiana legislature addressed the issue and corrected it. That is a step in the right direction, but as more and more student privacy bills make their way through our system we must be cognizant of the unintended consequences we might bring upon ourselves when trying to work on making privacy more private.
The new school year is about to start and so is the season when parents are posting pictures on social media of their adorable moppets going back to school. But in today’s connected world their pictures can circulate the online world to a wide audience instead of going into a hardcopy scrapbook only to be shared with grandma. And what do kids think of their pictures and anecdotes being shared online? What do they think about privacy? Their privacy? What are their ideas of being private in a connected world?
Most of us share information about our kids because we are proud, because we want the world to know that it’s their first day of school or they did something silly that we think is funny. But we need to stop and think what are we teaching our kids about privacy and how do we teach them to be smart about protecting their privacy. Eventually, kids will have a tremendous digital catalog of their information. So I think it’s never too early to have “the privacy talk” with kids. Because preparing the next generation to protect their privacy, means teaching our kids now what they can do to protect themselves tomorrow.
I recently read an article on college campuses scanning students’ eyeballs instead of their student ID’s. And even though the scanning is voluntary, it would behoove us to discuss the implications of such retinal scan. And this is a time when having empowered students to advocate for their privacy is essential. Some students described this program as “creepy and unnecessary” and they have a right to feel that way but it seems that few knew they could decline being scanned or that they should.
So as we take pictures of our adorable little kids, we need to keep in mind how we are preparing them to advocate for their privacy. There are a few resources we can turn to in order to help us have “the talk” with our kids.
Connect Safely has an ever growing collection of clearly written guidebooks that help us discern the different apps, services and different platforms that are popular with kids and teenagers.
iKeepSafe is one of my favorite resources. They have a section dedicated to parents including a “Parent’s guide to Facebook.” Maybe now I can keep up with my kids…..seriously.
The Family Online Safety Institute, commonly referred to as FOSI has a great digital parenting guide, you can search for resources by age group and they have a great “Seven Steps to Good Digital Parenting” guide.
Common Sense Media has information to help kids (and parents) navigate the world of media and technology. When it comes to privacy and internet safety they have tips and tools for all of us. I particularly like the section about good usernames, passwords and what is appropriate to share.
The FTC has a portal on kid’s online safety too! It has great information on how to talk to kids about privacy and how to talk to kids on using social media and the benefits and risks of socializing online and how to make responsible decisions.
We can’t assume that because they let us take their picture and they are our kids we have their implied consent. We need to make sure that this is what they really want to show to the world. And if we can’t, at a minimum we should allow them to decide what to keep and what to exclude from their digital record. Having the privacy talk with our kids will help them protect those experiences that are personal and decide what the world can know about them. We need to all be responsible about their digital catalog. Technology and apps have given us a tremendous insight into our own lives but also to the lives of others and as we collect this data we need to be aware of what it means to create that history online.
“We need to safeguard student data.” But how do we do this and what does it mean to use student data? The Ed-Fi Alliance, an organization dedicated to advancing the education technology sector and advocating for the responsible use of data to improve student achievement and teacher satisfaction, is publishing a series of posts on its website on strong data privacy practices. What is appealing in this series is that they are providing real-world examples and practical situations we can learn from.
There is nothing simple about student data privacy. The issue is so multifaceted and complex we continue to struggle with determining what is the ultimate student data privacy protection. However, this latest Ed-Fi blog’s post features Lenny Schad, Chief Technology Information Officer for the Houston Independent School District. He is an advocate for data-driven learning environments but more importantly, he is well aware of the importance of student data privacy protections and implementing a robust technology infrastructure to protect such data.
The conversations about student data privacy are important but reading about real life experiences implementing data privacy and security protections provides an entire new perspective to the topic.
Mr. Schad shared five essential best practices for district leaders to adopt:
- Build awareness among educators
- Strengthen technical solutions by consolidating and securing resources
- Strengthen educators’ role in the student data security chain through formal training and resources
- Enlist vendors as data protection partners
- Get started now— and keep going
It’s a good read for anyone involved in student data but particularly for school districts.
You can read the entire post here – http://www.ed-fi.org/blog/2015/07/key-advice-on-the-new-frontiers-of-student-data-protection/
It might be summer, but things are certainly not slowing down in education and student privacy. Last week the Senate, following the House’s vote, passed a rewrite of the ESEA by a pretty big 81-17 margin. This is significant in the fact that the ESEA reauthorization gives us an opportunity to purposely use student data to help us all (parents, students, schools, policymakers) make informed decisions about our children’s education. I find it particularly interesting that lawmakers are taking such a keen interest in student data and privacy but I do hope that the intent is to promote the effective use of data and not hinder its use.
In addition to the ESEA, there are several other bills from both House and Senate about student privacy, and what caught my attention is that for the most part, the focus is on protecting student data while at the same time allowing for the use of data and technology. For example, Sen. Richard Blumenthal (D-Conn) and Sen. Steve Daines (R-Mont) introduced the SAFE KIDS Act. What this Act would do is prohibit ed-tech companies from selling student data, using the information for targeted advertising or disclosing information to unapproved third parties. Noteworthy in this bill is that it requires providers of services to publicly disclose their privacy policies and provide notice before making material changes to such policies. What I would very much like is a provision asking for such privacy policies to be written concisely and in plain simple language so that we can all understand them but….wishful thinking….
In short, the SAFE KIDS Act would provide student data protections without discouraging service providers from creating innovative educational products that could help improve student learning and teaching. But while all these protections and collaborative efforts are important, we fall short if we continue to fail to include student voices in the process. We must acknowledge that the use of data in education is not only for apps and ed-tech products to be developed and used. Student voices need to be heard when groups of learners are being discriminated against because of the lack of student data. You see, educational data is not only about one student or a group of students and their educational achievements or use of technology. Educational data can help us identify students that need help in different areas and help facilitate the diversion of services to them, for example how are homeless children or those in foster care doing in school? Are we providing adequate support services for them to increase the graduation rates in this vulnerable group? What can we, as a society, do to support children who need additional resources so that we can provide to them the best education possible and the opportunity of success in their future? How are we analyzing the outcomes of different groups of students, and are we providing the services they require? All of these would not be possible without student data.
I encourage lawmakers to continue to work on protecting student privacy as it will only help further the debate and encourage others to follow suit. I appreciate the trend different bills are promoting in encouraging tech companies to voluntarily agree to a pledge to protect student information. They are all important efforts but we cannot forget that there is a greater purpose in protecting student data – and that is helping all students not just a few.
As the summer continues and the new school year approaches, I couldn’t think of better summer reading than the different bills proposed to protect student privacy. All children deserve the right to reach their full potential, but we can only help do so with complete information at our disposal. It can be done, we just need to be smart about it.