Education Framework Blog

Focused on the Future of Education in America

What Is Student Data Privacy?


School and district leaders know they need to protect student data, but effectively adopting and implementing a student privacy plan that includes parent, educator, administrator and policymaker input and approval, is a lot easier said than done. Efforts like this require dedicated time, commitment, clearly defined roles, a concrete understanding of what student data privacy actually is, and if you're lucky, tools to help you get the job done right.


While there are a myriad of checklists, to-dos and best practice recommendations available to help educators and administrators up their game, there is still much uncertainty surrounding this issue. But it's no surprise considering that there is, ironically, no set definition for student data privacy. And despite it being a relatively self-explanatory term, it is still complex and more-often-than-not, fraught with confusion. 


To put it simply, student data privacy is the idea of safely, securely and privately introducing online technologies into the classroom - in the form of apps, websites, surveys, assessments, etc. - without risk of compromising personally identifiable student information (PII). But it also so much more than that. 


Student data is protected under federal law (COPPA, FERPA, PPRA) and requires thorough knowledge and understanding of data collection, data use, data retention, data deletion and data integrity for all online technologies used in a school or district. It means reading endless privacy policies to know precisely who has access to student data, for what purposes and for how long. And it demands ongoing maintenance and monitoring to ensure there haven’t been any changes to the privacy policies that could compromise PII.   

Knowledge is Power

Protecting student data privacy starts with knowing precisely what technologies are being used in the classroom. Conducting a comprehensive audit of the technologies currently in use is a necessary first step towards establishing a baseline understanding and gaining a big picture view of the technology usage in a school or district.

Once there is an understanding of what technology is being used in the classroom, the next step is to conduct a thorough privacy assessment for each and every online technology to ensure student data privacy is indeed private and protected. 

For many, this step can be quite daunting, especially when considering the sheer volume of online technologies available to schools today. But with the right tools, this process can be relatively straight-forward, simple and streamlined.

Education Framework Inc. tackles student data privacy with the goal of protecting student PII while providing a great resource for industry leaders to connect with parents and their communities.

The Rise of Student Data Privacy 

Student data privacy has been a rapidly growing administrative pain point over the past few years. The massive push for 1:1 and other digital learning initiatives are major factors in this, but the equally explosive growth of new learning technologies created by third party vendors has changed the way we view student privacy. No longer can we assume that student privacy is safe, secure and protected, especially when it can be accessed by so many different entities, at different capacities, for different periods of time. Because of this, it is imperative that education leaders establish user controls that determine precisely who has access to what student data, for what purposes and for how long.


Besides the exponential growth of technology in schools, it's worth noting that there are a few contributing factors that have led to the rise of student data privacy as an immediate and necessary need, all of which are tied to the increased usage of digital media and online technologies:


1. Parents are technologically savvy. Parents are technology users themselves, so naturally they’re becoming better acquainted with security and privacy issues, especially when it comes to online technologies and services they use every day.

Many parents, especially those that are actively involved in their child’s online usage at home, want to know precisely what technologies they are using in school. More importantly, they need reassurance that they’re child’s privacy is being considered and respected.

Parents want a window into their child’s technology usage in school. Providing a way to communicate this information in a clear and concise manner helps connect the dots and bring parents into the loop, engaging them in the privacy conversation. This approach goes a long way towards building trust, as it conveys that their point-of-view is valued.

2. Technology forces transparency. One of the most unique ways the Internet has affected our society is the quick transmission of information. Education leaders have never been more powerful or in a better position to make informed decisions than they are today. 

With the right tools and approach, educators and administrators can discover safe learning technologies for students, measure growth, use actionable data to make classroom, school or district-wide improvements, and communicate with parents and communities in a way for all to understand. 

Student data privacy is about accurately and authentically conveying what technologies are being used so that stakeholders, community leaders, and parents can easily understand the health, safety and vitality of a school or districts' student privacy efforts. It is also about providing reassurance that students, schools and districts are safe from risk.

Transparency engages all interested parties and allows everyone to work together towards a greater good. Automated student privacy protection is one way for school and district leaders to adopt transparency measures and gain greater control of student privacy efforts, without heavily increasing the administrative workload. Utilizing tools that do much of the work for you - in an open and transparent way - are helpful in saving time and ensuring student privacy is, in fact, protected.

3. The right tools make things a whole lot easier. Knowledge is one of the most powerful benefits of the Internet age. Twenty-five years ago, when there was no Internet, student privacy was hardly a consideration. When technology usage started to go mainstream, particularly in schools across the country and around the globe, we simply couldn’t fathom where we’d be today. But with all this technological growth and opportunity has come an overwhelming need to increase privacy protections.

Educational development is no longer only about exploring and discovering the best learning solutions for students, but it’s also about finding technologies that are safe for use in the classroom. 

Automated solutions are the best way to capitalize on this theory, which is why Education Framework Inc. exists. We help position school and district leaders as experts in managing student data privacy by providing services that produce information at the ready. With over 1100 (and counting) online technologies assessed to date, we’re able to help educators, administrators and IT leaders make quick, yet safe and informed technology decisions for the classroom. All while minimizing the risk of exposing student information.

Food for Thought 

While there are plenty of factors that have led to student privacy’s rising value, these macro elements are the key reasons why protecting student data privacy is more relevant and important than ever before. 

Educators, administrators and IT leaders who establish themselves as pioneers in this space are positioning themselves to be helpful resources for their communities and models for other education leaders to follow. More importantly, those that take the necessary steps to ensure privacy is protected will be education leaders that parents will appreciate and trust.

Education Framework gets iKeepSafe FERPA Privacy Badge


Thrilled to share that iKeepSafe, a leading digital safety and privacy nonprofit organization, has awarded Education Framework with the FERPA Privacy Badge for our student data privacy and parental consent solution, EdProtect

The iKeepSafe FERPA Privacy Badge is the first independent assessment program for the Family Educational Rights and Privacy Act, and seeks to help educators and parents identify edtech services and tools that protect student data privacy. 

"Education Framework's primary mission is to help school districts protect the privacy of their student data, so it's very important that our solutions, themselves, are trusted by education leaders," said Jim Onstad, President & Co-Founder of Education Framework Inc. "Obtaining iKeepSafe's FERPA Badge assures our school and district partners that we are making every effort to align our services with federal education laws, keeping students safe." 

EdProtect is the third product to receive this symbol of distinction in student data privacy. For the evaluation, an independant privacy expert reviewed EdProtect, its privacy policy and practices, as well as its data security practices. 


Who is Responsible for Protecting Student Data?


In a perfect world, student data would belong solely to the student. In practice, the responsibility for student data is shared by anyone who has contact with that data, including teachers, administrators, IT departments, school districts, software developers and parents. As such, there are often competing philosophies for how much or how little student data is collected and shared. Today we are talking about how you can manage student data in a way that best satisfies parents, your school districts, and the law.

The first step, after understanding your requirements under state and federal law, is to create written policies and provide the resources required to support data protection. These policies should be crafted in a way that ensure front-line teachers and administrators are using the tools and processes necessary for optimal data protection. The Privacy Technical Assistance Center has created a checklist for developing school district privacy programs that should help you get started. In addition, a data governance team should be created, within the district, to recommend new policies and best practices related to data use, to collect feedback, and to conduct compliance audits. Perhaps the team’s greatest responsibility will be acting as an advocate for resources and investment into student privacy, such as training, technical assistance and data coaches.

Second, you should work with your local, state and federal government representatives to advocate for consistent policies and support across the state. By advocating for strong, consistent laws across school district lines based on transparency and accountability, schools and software makers will find it easier to be in compliance, reducing costs and ensuring stronger, more robust data protection for schools. Talk to legislators and policymakers about the importance of secure student data, and their role in ensuring consistent regulations across state lines. The more you can be part of the conversation, the more you can ensure new laws and policies are crafted with your concerns in mind.

Next, understand how your software and service providers use student data. Each app, website and program your students use is limited in how they can use the data they collect and manage. For example, they are prohibited by law from using or disclosing student data for commercial purposes like advertising without parental consent. However, with schools using hundreds of different apps and websites, it can be difficult to weed through countless Terms of Services documents to ensure compliance. Tools like EdProtect make it easy for teachers and administrators to review individual apps and websites, and know at-a-glance whether they comply with state and federal regulations. At the same time, schools are equally responsible for ensuring their contracts with vendors spell out specific requirements for student data privacy, such as stating the district retains ownership of all data, and that the service provider is prohibited from using data in any way they aren’t explicitly given permission for.

Finally, and most importantly, make sure you are constantly communicating your plans to others responsible for student data, with special attention given to parents. By engaging parents in an ongoing conversation about their student’s data, together you'll ensure that the data is safe and secure. Ways to engage parents include sharing lists of apps and websites their children use and posting the safety ratings of those apps and websites on an easy-to-access district website. Report any changes to privacy policies, and obtain parental approval when necessary. Doing so actively draws parents into the conversation and assures them that their child's data is a priority in your school district.

The responsibility for student data belongs to all of us. We help make it easier to do your part with tools that protect your students from data abuse and your district from costly fines and litigation. 

To learn how EdProtect makes your job easier, sign up for a free demonstration today.

Student Data Privacy Best Practices


Understanding that you need to do something and knowing what to do are two very different things. But simply breaking things down into smaller chunks often allows one to see more clearly, understand how the pieces fit together, and determine how to tackle each piece individually to achieve a positive end result. 

Today, we are utilizing this approach with regards to managing student data privacy. By breaking it down into simpler components, we are condensing a vast and often confusing array of information into a manageable set of guidelines for educators to follow. 

Based on best practice recommendations from the U.S. Department of Education Privacy Technical Assistance Center (PTAC) and other leading education organizations, we have assembled three easy-to-remember recommendations to help protect student privacy. They are as follows: 

1. Be Knowledgeable - Understand the privacy landscape and your legal obligations.

  • Know your student privacy laws. Federal laws include FERPA, COPPA and PPRA, but new state regulations are being implemented all across the nation, so it is important to know what is going on in your state. 
  • Create data inventories to fully understand the scope of information being collected and shared. 
  • Track which online and educational services are currently being used in your district.
  • Monitor privacy policies for changes.

2. Be Accountable Establish a data governance plan and guidelines to follow. 

  • Make a plan that addresses the full life cycle of data, from acquisition - to use - to disposal. Ensure the individual privacy and confidentiality of education records by defining rules.
  • Have policies and procedures in place to evaluate and approve online educational services. Determine who has purchasing authority and proactively define the scope and limitations of that authority. 
  • Use written contracts or legal agreements laying out security and data stewardship, data collection, data deletion, data use, data retention, data disclosure and data destruction provisions. 
  • Consider parental consent even in instances where federal law does not require. 

3. Be Transparent - Communicate your plan and engage parents in the privacy conversation. 

  • Post information about your student data policies, practices and usage on an easy-to-locate public webpage. Utilize parent-teacher dashboards, if possible. 
  • Be explicit about what information you collect about your students, and what that information is used for. 
  • Explain what, if any, personal information is shared with third party service providers, and how that information is safeguarded. 
  • Let parents know where they can get more information.

By following these recommendations, school and district administrators are taking necessary precautions to protect their students and their districts from harm. As mentioned in our previous blog entryPTAC has a wealth of resources available to help. They have even created a specific checklist for developing school district privacy programs. 


There are also automated student data privacy solutions available to help schools and districts proactively manage privacy obligations with transparency and accountability. Solutions like EdProtect take the guesswork out of managing student data privacy and offer an added layer of security, providing peace-of-mind for those tasked with protecting student information.  

Student Privacy 101: The low down on the laws of the land


Long gone are the days when protecting student information meant locking a filing cabinet. Today, with students using hundreds of different apps over the course of their education, software providers obscuring how they use data in complicated Terms of Service contracts, and an ever-shifting legal landscape, it can be extremely difficult for administrators, teachers and parents to know exactly what they need to do to protect their student data.

Over the next few posts we’ll be exploring the different factors affecting the world of student data. Our goal is to demystify the subject of student data privacy and help bring you up to speed so you can address this serious topic in your school district.

Today we’re starting by taking a current snapshot of the legal landscape. Federal laws like the Family Educational Rights and Privacy Act (FERPA) and the Children's Online Privacy Protection Act (COPPA) work to ensure student data is only used for authorized purposes; protects that data from further disclosure or other uses, like marketing or being resold to others; and mandates that it is destroyed when no longer needed for the authorized purpose.

While these laws lay a foundation for educators and online operators to follow, they don't necessarily cover all aspects of data collection and deletion. For this reason, many states are now creating their own, more specific student data privacy laws to define what is and what isn't acceptable when it comes to the collection of student information in their respective states. 

Over the past two years, nearly every state has introduced its own legislation addressing student data privacy. In 2014, California passed the Student Online Personal Information Protection Act (SOPIPA), the first of its kind, which has since been used as the model for much of the legislation being introduced by other states.

Many of these are focused on creating greater transparency and accountability for educational data, clarifying the data and privacy activities of third-party service providers, and giving parents the ability to have a say in the management of their children's privacy. They generally fall into two types of approaches: prohibitive rules that seek to limit or halt certain types of collection or uses; or governance rules that seek to establish procedures, roles and responsibilities. In addition, numerous bills have established fines and penalties for data misuse and breaches to ensure accountability.

However, for everyone with a stake in education - teachers, parents, school & district leaders, and state & federal policymakers - the new challenge is knowing what all this actually means and understanding how to properly implement an effective plan to manage student privacy. Thankfully, there are resources available to help. 

The U.S. Department of Education’s Privacy Technical Assistance Center (PTAC) is a terrific resource for understanding your legal requirements and what steps you need to take to establish compliance. The Privacy Toolkit in particular provides a useful centralized depository of materials to guide schools and districts looking to improve the security and privacy of their student data. 

In addition, groups like the Future of Privacy Forum (FPF) and the Software and Information Industry Association (SIIA) seek to create change from the industry side by encouraging members to sign the Student Privacy Pledge, committing to use student data in a responsible way. The pledge is intended to hold school service providers accountable and encourage effective communication with parents, teachers and education officials about how student information is used and safeguarded. 

Tools like EdProtect take it one step further and actually manage the process for you. Designed to protect students from data abuse, it ensures that schools and districts are in complete compliance with various federal and state regulations, engages parents in the privacy conversation, and lessens the risk of costly fines and penalties associated with the mismanagement of student information. Resources like this are crucial for helping administrators, IT staff and teachers proactively manage their student privacy obligations with transparency and accountability.

To learn how EdProtect makes your job easier, sign up for a free demonstration today.

Senators Unveil New Student Data Protection Bills

Two bills specifically designed to protect private student information were unveiled in the U.S. Senate last week.


The first, introduced by Senators Hatch (R-Utah) and Markey (D-Mass.), reintroduced the Protecting Student Privacy Act, which amends the Family Educational Rights and Privacy Act of 1974 (“FERPA”) to ensure greater protection of student data. 

The second, a student data privacy bill introduced by Senator Vitter (R-Louisiana), referred to as the Student Privacy Protection Act, would (i) “reinstate protections originally outlined under [FERPA] by clarifying who can access student data and what information is accessible,” (ii) “require educational agencies to gain prior consent from students or parents and implement measures to ensure records remain private,” and (iii) hold liable through monetary fines “any educational agency, school, or third party that fails to get consent.” 

In support of his bill, Senator Vitter stated that “parents are right to feel betrayed when schools collect and release information about their kids.  This is real, sensitive information—and it doesn’t belong to some bureaucrat in Washington D.C.  We need to make sure that parents and students have complete control over their own information.”

Read full article here 


FERPA Overhaul Under Consideration in U.S. House

Major FERPA Overhaul Under Consideration in U.S. House

The bipartisan leadership of the Education & the Workforce Committee of the U.S. House released a "discussion draft" of a bill that would rewrite the Family Educational Rights and Privacy Act (FERPA). Under the bill, the definition of what constitutes a student's "educational record" would be expanded, and a ban would be placed on using such information for marketing or advertising. States and local education agencies would be subject to new requirements when contracting with vendors handling sensitive student information. The bill would allow fines of up to $500,000 to be levied on educational service providers that improperly share student information, and parents would be given new opportunities to access and amend their children's data and opt out of the use of that information for research purposes.

Read full article here >