In a perfect world, student data would belong solely to the student. In practice, the responsibility for student data is shared by anyone who has contact with that data, including teachers, administrators, IT departments, school districts, software developers and parents. As such, there are often competing philosophies for how much or how little student data is collected and shared. Today we are talking about how you can manage student data in a way that best satisfies parents, your school districts, and the law.
The first step, after understanding your requirements under state and federal law, is to create written policies and provide the resources required to support data protection. These policies should be crafted in a way that ensure front-line teachers and administrators are using the tools and processes necessary for optimal data protection. The Privacy Technical Assistance Center has created a checklist for developing school district privacy programs that should help you get started. In addition, a data governance team should be created, within the district, to recommend new policies and best practices related to data use, to collect feedback, and to conduct compliance audits. Perhaps the team’s greatest responsibility will be acting as an advocate for resources and investment into student privacy, such as training, technical assistance and data coaches.
Second, you should work with your local, state and federal government representatives to advocate for consistent policies and support across the state. By advocating for strong, consistent laws across school district lines based on transparency and accountability, schools and software makers will find it easier to be in compliance, reducing costs and ensuring stronger, more robust data protection for schools. Talk to legislators and policymakers about the importance of secure student data, and their role in ensuring consistent regulations across state lines. The more you can be part of the conversation, the more you can ensure new laws and policies are crafted with your concerns in mind.
Next, understand how your software and service providers use student data. Each app, website and program your students use is limited in how they can use the data they collect and manage. For example, they are prohibited by law from using or disclosing student data for commercial purposes like advertising without parental consent. However, with schools using hundreds of different apps and websites, it can be difficult to weed through countless Terms of Services documents to ensure compliance. Tools like EdProtect make it easy for teachers and administrators to review individual apps and websites, and know at-a-glance whether they comply with state and federal regulations. At the same time, schools are equally responsible for ensuring their contracts with vendors spell out specific requirements for student data privacy, such as stating the district retains ownership of all data, and that the service provider is prohibited from using data in any way they aren’t explicitly given permission for.
Finally, and most importantly, make sure you are constantly communicating your plans to others responsible for student data, with special attention given to parents. By engaging parents in an ongoing conversation about their student’s data, together you'll ensure that the data is safe and secure. Ways to engage parents include sharing lists of apps and websites their children use and posting the safety ratings of those apps and websites on an easy-to-access district website. Report any changes to privacy policies, and obtain parental approval when necessary. Doing so actively draws parents into the conversation and assures them that their child's data is a priority in your school district.
The responsibility for student data belongs to all of us. We help make it easier to do your part with
tools that protect your students from data abuse and your district from costly fines and litigation.
To learn how EdProtect makes your job easier, sign up for a free