Appendix I
“The Educator’s Guide to Student Data Privacy”
Retrieved and revised on August 1, 2020 from “The Educator’s Guide to Student Data Privacy” by Kelly Gallagher, Larry Magid, & Kobie Pruitt: https://studentprivacycompass.org/wp-content/uploads/2017/05/EduGuide_DataPrivacy_516.pdf
Please go the link for additional explanations and helpful information!
Why should classroom teachers care about student data privacy?
There are legal and ethical restrictions that impact districts, school, and teachers.
Traditionally, student data consisted of things like attendance, grades, discipline records, and health records. Access to that data used to be restricted to the administrator, guidance counselor, teacher, or other school official who needed it to serve the educational needs of the child. With the use of technology in schools, traditional data is now often shared with companies that provide Student Information Systems (SIS), Learning Management Systems (LMS), and many other technologies. Parents, students, and others have raised concerns about what information is being collected or shared, and what use those companies might make of that data.
Teachers should be aware of Family Educational Rights and Privacy Act (FERPA) and applicable state laws, along with their district or school policies regarding the use of educational products and services from ed tech vendors. (More on FERPA and other laws below)
What constitutes student data?
Information that is tied to individual students is referred to as personally identifiable information, or PII, and is subject to additional restrictions in laws and regulations.
Student personal information includes any information about a student’s identity, academics, medical conditions, or anything else that is collected, stored, and communicated by schools or technology vendors on behalf of schools that is particular to that individual student. This includes a student’s name, address, names of parents or guardians, date of birth, grades, attendance, disciplinary records, eligibility for lunch programs, special needs, and other information necessary for basic administration and instruction. It also includes the data created or generated by the student or teacher in the use of technology—email accounts, online bulletin boards, work performed with an educational program or app, anything that is by or about the individual student in the educational setting. Some student personal information such as social security number, is highly sensitive and collection may be barred by state law.
What is an education record?
The federal law, FERPA protects educational records that contain information directly related to an individual student and which are maintained by an educational agency or institution or by a party acting for the agency or institution. However, new state student privacy laws protect all “student personal information” and data that is now collected and used via modern educational technology products and services.
What if I want to use an education app or tool and I don’t know if my school/district has vetted it? NOTE: Do NOT use any technology with your students without your cooperating teacher’s knowledge and approval:
Be familiar with your school’s policy or process for selecting new educational tools, if one exists.
If an app or service you want to use is not on the “approved” list, ask for it to be vetted and ask how long the vetting process takes. If the process is lengthy, you will want to redesign your lesson or project plan. Once the app is approved, you can certainly use it later. The list may also contain similar alternative apps you can use in the meantime.
What are the federal and state laws that we need to follow?
FERPA – Information in a student’s education record is governed by the Family Educational Rights and Privacy Act, a federal law enacted in 1974 that guarantees that parents have access to their child’s education record and restricts who can access and use student information.
FERPA protects the access to and sharing of a student’s education record, which is all information directly related to a particular student as part of his or her education. FERPA gives parents specific rights to their child’s education records and when a child turns 18, the rights belong directly to him or her.
COPPA – The Children’s Online Privacy Protection Act (COPPA) controls what information is collected from young children by companies operating websites, games, and mobile applications directed toward children under 13.
COPPA requires companies to have a clear privacy policy, provide direct notice to parents, and obtain parental consent before collecting information from children under 13. Teachers and other school officials are authorized to provide this consent on behalf of parents for use of an educational program, but only for use in the educational context. This means the company can only collect personal information from students for the specified educational purpose, and for no other commercial purpose. Some schools have policies that require school administrator approval before teachers can allow use of certain apps or services. When information is collected with the consent of a school official, the company may keep the information only as long as necessary to achieve the educational purposes.
PPRA – The Protection of Pupil Rights Amendment (PPRA) outlines restrictions for the process when students might be asked for information as part of federally funded surveys or evaluations. In order to administer such surveys, schools must be able to show parents any of the survey materials used, and provide parents with choices for any surveys that deal with certain sensitive categories.
Some questions to help you quickly evaluate whether an app, website, product, or service will protect your students’ information. NOTE: Do NOT use any technology with your students without your cooperating teacher’s knowledge and approval! |
Ads are allowed, but many states ban ads targeted based on data about students or behavioral ads that are based on tracking a student across the web.
TIP: A particularly secure product will specify that it uses encryption when it stores or transmits student information. Encrypting the data adds a critical layer of protection for student information and indicates a higher level of security.