Education Framework Blog

Focused on the Future of Education in America

Student Privacy 101: The low down on the laws of the land


Long gone are the days when protecting student information meant locking a filing cabinet. Today, with students using hundreds of different apps over the course of their education, software providers obscuring how they use data in complicated Terms of Service contracts, and an ever-shifting legal landscape, it can be extremely difficult for administrators, teachers and parents to know exactly what they need to do to protect their student data.

Over the next few posts we’ll be exploring the different factors affecting the world of student data. Our goal is to demystify the subject of student data privacy and help bring you up to speed so you can address this serious topic in your school district.

Today we’re starting by taking a current snapshot of the legal landscape. Federal laws like the Family Educational Rights and Privacy Act (FERPA) and the Children's Online Privacy Protection Act (COPPA) work to ensure student data is only used for authorized purposes; protects that data from further disclosure or other uses, like marketing or being resold to others; and mandates that it is destroyed when no longer needed for the authorized purpose.

While these laws lay a foundation for educators and online operators to follow, they don't necessarily cover all aspects of data collection and deletion. For this reason, many states are now creating their own, more specific student data privacy laws to define what is and what isn't acceptable when it comes to the collection of student information in their respective states. 

Over the past two years, nearly every state has introduced its own legislation addressing student data privacy. In 2014, California passed the Student Online Personal Information Protection Act (SOPIPA), the first of its kind, which has since been used as the model for much of the legislation being introduced by other states.

Many of these are focused on creating greater transparency and accountability for educational data, clarifying the data and privacy activities of third-party service providers, and giving parents the ability to have a say in the management of their children's privacy. They generally fall into two types of approaches: prohibitive rules that seek to limit or halt certain types of collection or uses; or governance rules that seek to establish procedures, roles and responsibilities. In addition, numerous bills have established fines and penalties for data misuse and breaches to ensure accountability.

However, for everyone with a stake in education - teachers, parents, school & district leaders, and state & federal policymakers - the new challenge is knowing what all this actually means and understanding how to properly implement an effective plan to manage student privacy. Thankfully, there are resources available to help. 

The U.S. Department of Education’s Privacy Technical Assistance Center (PTAC) is a terrific resource for understanding your legal requirements and what steps you need to take to establish compliance. The Privacy Toolkit in particular provides a useful centralized depository of materials to guide schools and districts looking to improve the security and privacy of their student data. 

In addition, groups like the Future of Privacy Forum (FPF) and the Software and Information Industry Association (SIIA) seek to create change from the industry side by encouraging members to sign the Student Privacy Pledge, committing to use student data in a responsible way. The pledge is intended to hold school service providers accountable and encourage effective communication with parents, teachers and education officials about how student information is used and safeguarded. 

Tools like EdProtect take it one step further and actually manage the process for you. Designed to protect students from data abuse, it ensures that schools and districts are in complete compliance with various federal and state regulations, engages parents in the privacy conversation, and lessens the risk of costly fines and penalties associated with the mismanagement of student information. Resources like this are crucial for helping administrators, IT staff and teachers proactively manage their student privacy obligations with transparency and accountability.

To learn how EdProtect makes your job easier, sign up for a free demonstration today.

Student Privacy Pledge Reaches New Milestone

Introduced by The Future of Privacy Forum (FPF) and The Software & Information Industry Assocation (SIIA), the Student Privacy Pledgedesigned to safeguard student privacy regarding the collection, maintenance, and use of student personal information, has reached a new milestone - over 200 signatories. 

Endorsed by President Obama, the National PTA, and the National School Boards Association, the Pledge is a list of commitments school service providers have made to affirm K-12 student data is maintained in a secure, private and responsible framework.  

The Student Privacy Pledge will hold school service providers accountable to:
  • Not sell student information
  • Not behaviorally target advertising
  • Use data for authorized education purposes only
  • Not change privacy policies without notice and choice
  • Enforce strict limits on data retention
  • Support parental access to, and correction of errors in, their children's information
  • Profide comprehensive security standards
  • Be transparent about collection and use of data
It further states the critical importance of effectively communicating with parents, teachers and education officials about how student information is used and safeguarded. 

We, at Education Framework, signed the Student Privacy Pledge just after it was initally introduced in October 2014. We appreciate the efforts of both FPF and SIIA for bringing attention to a critical and time-sensitive issue, and encourage all school service providers to take the necessary steps to ensure student data is safe. We are especially thankful to all our fellow signatories for making the ethical & cognitive decision to proactively protect student data. 

For more information on how to support the Pledge, please visit: www.studentprivacypledge.org.