A FERPA Rewrite?



This year, student data privacy seems to be more popular than ever. Consider this, as of March 5th, there were 138 bills addressing student data privacy. Even more interesting is how student privacy has become such a big part of the conversation in state legislatures. The main message, seems to be, how can states keep student data safe and secure while still continuing to use it to support learning?

However, what is particularly interesting is the proposed rewrite to the Family Education Rights and Privacy Act (FERPA). This rewrite would expand parental rights, set guidelines for student data use by third parties and establish penalties for failure to follow these guidelines. Congressmen John Kline and Bobby Scott circulated a draft of the proposal amongst several organizations asking for comments. Now, I haven’t seen the draft but I hope that everyone reading this is focused on building an infrastructure which safeguards student data so we can all get the most out of the technological advances sure to come. I would love to see clear guidance for schools and other education institutions. Teachers, school board members and other personnel require training on data usage by third party vendors. It is important to get this right because as Amelia Vance, NASBE’s director of education data and technology so rightly said – When regulating student data privacy: Don’t throw the baby out with the bathwater.

I see a great need to acknowledge that school personnel, school board members and third party vendors will require training on adequate data usage and protection. We can pass new laws and update FERPA, but it will not make a difference unless the people charged with carrying out these mandates are adequately prepared. The burden increasingly falls on school administrators, and what are they to do when they have limited time and are in an already budget strapped school?

The legislation will also require educational institutions to enter into a written agreements with a third parties before any data sharing can occur. This is, I believe, one of the strongest points being made on the Bill. This requirement prohibits third parties from sharing information with others unless there is a clear written agreement to do so and that this agreement is compliant with federal law. If the Bill manages to establish what requirements the written agreements should have we could be looking at increased student data protection as it relates to third party usage. Further, if strong guidelines for security standards are outlined, there could be an increase in the safety of student data as clear security standards will need to be adhered to. Requiring strong security standards for third parties will create a greater security net for student data provided there are clear and steep penalties if third parties do not comply with these requirements.

I will certainly keep an eye on this draft as it moves through. I strongly urge anyone providing direct feedback to consider that as much as strong privacy policies are essential, the ability for students to use technology, own their data and be confident it is safe, private and secure is really what matters in this debate. Let’s continue to work on protecting student data privacy. We need to be smart about how to best protect student data, because the impact of any legislation passed will be felt for years to come. Many of these consequences are unforeseeable and we do not want to hamper the development of what could be valuable tools for helping our students learn.

Any suggestions to add to the FERPA rewrite?