Understanding that you need to do something and knowing what to do are two very different things. But simply breaking things down into smaller chunks often allows one to see more clearly, understand how the pieces fit together, and determine how to tackle each piece individually to achieve a positive end result.
Today, we are utilizing this approach with regards to managing student data privacy. By breaking it down into simpler components, we are condensing a vast and often confusing array of information into a manageable set of guidelines for educators to follow.
1. Be Knowledgeable - Understand the privacy landscape and your legal obligations.
- Know your student privacy laws. Federal laws include FERPA, COPPA and PPRA, but new state regulations are being implemented all across the nation, so it is important to know what is going on in your state.
- Create data inventories to fully understand the scope of information being collected and shared.
- Track which online and educational services are currently being used in your district.
- Monitor privacy policies for changes.
2. Be Accountable - Establish a data governance plan and guidelines to follow.
- Make a plan that addresses the full life cycle of data, from acquisition - to use - to disposal. Ensure the individual privacy and confidentiality of education records by defining rules.
- Have policies and procedures in place to evaluate and approve online educational services. Determine who has purchasing authority and proactively define the scope and
limitations of that authority.
- Use written contracts or legal agreements laying out security and data stewardship, data collection, data deletion, data use, data retention, data disclosure and data destruction provisions.
- Consider parental consent even in instances where federal law does not require.
3. Be Transparent - Communicate your plan and engage parents in the privacy conversation.
- Post information about your student data policies, practices and usage on an easy-to-locate public webpage. Utilize parent-teacher dashboards, if possible.
- Be explicit about what information you collect about your students, and what that information is used for.
- Explain what, if any, personal information is shared with third party service providers, and how that information is safeguarded.
- Let parents know where they can get more information.
By following these recommendations, school and district administrators are taking necessary precautions to protect their students and their districts from harm. As mentioned in our previous blog entry, PTAC has a wealth of resources available to help. They have even created a specific checklist for developing school district privacy programs. There are also automated student data privacy solutions available to help schools and districts proactively manage privacy obligations with transparency and accountability. Solutions like EdProtect take the guesswork out of managing student data privacy and offer an added layer of security, providing peace-of-mind for those tasked with protecting student information.