By Maria Spencer:
Last fall, California passed the Student Online Personal Information Protection Act (SOPIPA), which applies to websites, applications and online services. It prohibits the use of targeted advertising and requires security measures which may require that data be encrypted. SOPIPA has become the “benchmark” law in the area and now serves as model legislation for protecting privacy rights of K-12 students. Following California’s lead an Arkansas (HB 1961) law would prohibit online service providers from using student data for commercial or secondary purposes. A new statute in Virginia directs the Depts. of Education and Information Technology to develop model data security plans to be used by local school districts.
The Obama administration and Congress have also taken steps to address student data privacy. In January, President Obama proposed legislation aimed at preventing companies from selling sensitive student information. Rep. Luke Messer (R-IN) and Rep. Jared Polis (D-CO) were set to introduce legislation modeled in part after the California law; however, advanced drafts of the proposal were criticized by some advocates who felt the law would do little to address privacy rights. The bill continues to be re-worked by the sponsors and to date, has yet to be introduced.
A discussion draft to overhaul Family Educational Rights and Privacy Act (FERPA) was released earlier this month by Rep. John Klein (R-MN) and Rep. Bobby Rush (D-VA). The draft includes penalties for service providers that illegally share student information; it clarifies that both the school or district and the educational agency (person/entity employed by the school or district) are responsible for protecting student information. The draft also highlights the importance of transparency in how companies (contracting with the school for the purpose of collecting student information for school use only) use student data. It also more broadly defines what is considered part of the educational record (for example biometric info and academic information) that follows a student, which is critical given all the advances in technology.
There are some potential concerns with data collection – in particular the balance between the ability to collect data for legitimate educational needs and protecting students’ privacy rights. For instance, ConnectSafely wants to ensure the privacy rights of teens living in abusive or neglectful situations. Do these bills provide appropriate protections for them? If not, how should we address and protect those kids’ privacy rights? There is also the issue of how the person claiming to be the parent can prove custodial rights with respect to access to student data.
With so much at stake and many questions still remaining, we believe that more education is needed to ensure effective policies that protect the privacy of our children while ensuring that educators have the best data they need to advance educational excellence. With this in mind, ConnectSafely recently joined with the National Parent Teacher Association and the Future of Privacy Forum to release “A Parent’s Guide to Student Data Privacy.” This guide is timely given all the discussions among state and federal policy makers regarding what and how student data is created, maintained, used and disseminated. We hope parents will read it and become more informed about the issues. As parents, guardians or advocates who want the best education possible for our children, it is critical if we are communicating with school administrators, school boards or policy makers that we are better educated on the issues and the current laws that are already in place to protect our students’ privacy.
It remains unclear if the Student Data Privacy Bill or the proposed FERPA overhaul will pass this Congress. Many believe FERPA is antiquated and needs updating to address technology in the 21st century. Updates should better define privacy rights with regards to student data, ways to address third-party data collection activities, protection of privacy and rights of parents for redress of any violations. We hope that privacy and security of student data remain a high priority for policy makers and our guide will be useful information for all.
The policy of student data privacy
By Maria Spencer: