Student Data Privacy is a priority issue in education. States have introduced 410 privacy bills since 2013, 36 states have passed 71 bills into law, and federal bills are being introduced to change FERPA along with new privacy provisions in ESSA.
Let’s make sure we approach the issue intelligently.
In an earlier post, we provided a primer on how to be compliant. And in an Edchat Interactive on October 4, Bob Dillon is going to discuss how to make sure your voice is heard in the discussions.
This post looks at the Data Quality Campaign report Student Data Privacy Legislation, to discuss the types of issues before the states.
The interest in privacy reflects the “public appetite for greater accountability, restrictions, and transparency about information sharing practices.” States seem to be focusing on the processes that districts (and schools) use for making decisions about data use (or governance), transparency, and how third-party providers can access, store, use, and dispose student information. Some issues that are gaining importance is the role of parents and parental consent and what happens when the data crosses over between school and personal life.
Proposed laws tend to take two tacks. Prohibitive provisions spell out what each party cannot do, and what types of data they cannot collect. Governance provisions to laws tend to ensure that authorities have the right roles and procedures to use data appropriately. Most laws use both.
Most of the laws deal with how schools interface with third party providers. Some of the common issues that were or are being considered for various state laws:
- If a teacher chooses to use a program with her kids, what are the privacy ramifications?
- If a learning application stores student progress on the cloud, what can they do with the data?
- Does a parent have a right to refuse to let her child use a school-approved program?
- If a student uses the same device for school and social networking, what responsibility does the school have for what the student posts?
- Should there be special provisions for student information systems, 1:1 device programs, surveillance, or other issues?
- Should parents or students fill out surveys, and what types of consent should be required?
- Should parents have an easy way to find out what types of data are being accumulated on their children?
- What privacy and security training should teachers and students undergo?
- What should happen when there is a privacy breach?
Why should state legislators have the only seat at the table? How can school and district administrators develop compliant privacy policies that further student learning? How can teachers make sure students have access to the right resources and still comply with laws and policies?
If you are curious or have an opinion, perhaps you should join us October 4 as Robert Dillon leads a discussion on Privacy, Security, and Innovation in Education.