Bringing technology into the classroom is no easy task. In addition to evaluating the effectiveness of programs and services, schools also must ensure that student data privacy is protected. A comprehensive compliance program establishes the policies and processes you need to support that work. If you’re not sure how to build your school compliance program, read on for some tips to help you get started. With thanks to Hobsons for the venue to post. Read More.
When I was in school, no one seemed terribly concerned about privacy. Beginning at age 5, my grades, behavior, vaccinations, allergies, eyesight, hearing, sick days, physical fitness, interests, attitudes, aptitudes, whether I drank the free milk (and was it skim or whole?), socialization skills, what I wanted to be when I grew up and more were noted. Most of it was kept in a dusty file cabinet in the principal’s office. No one thought about accessing the information. After all, what was so interesting about that pile of book reports or whether or not my third grade teacher thought I was working up to my potential? Certainly no one thought that the information in those records might inform a teacher about what learning style worked best for me, or that it could be used to help me carve out my path to college and beyond. And if they did, such extrapolation wasn’t possible on any scale.
Flash forward. Today schools, parents, technology providers and legislators wrestle with student data privacy almost daily. From confusion over FERPA to concerns about who might have access to the data, a matrix of worry, fear and regulation has been created that is difficult to untangle.
According to Data Quality Campaign, in 2014, 36 states proposed over 110 student data privacy bills. So far this year, another 55 bills have been added to the list, and President Obama is proposing a student data privacy bill of rights to make it a federal violation to use student data for marketing purposes.
What’s driving this climate? It’s impossible to capture all the details in one article, but perhaps it can best be summed up with one word: FEAR.
Fear of FERPA, fear of technology, fear of marketing, fear of data and mostly, fear of the unknown.
Let’s examine further.
FERPA, the Family Educational Rights and Privacy Act, has been federal law since 1974. It’s complex, but it basically requires that educational institutions receiving federal funding take steps to protect the privacy of student data. It prevents schools from disclosing certain information about students without prior permission from or notice to parents or students who have reached the age of majority. Receiving permission or providing notice depends on the data and in some cases, the circumstances. When it comes to compliance, the stakes are high: schools that don’t align with FERPA risk losing federal funding.
FERPA was written well before the culture of privacy that currently exists, and the data definitions don’t always align well with those in other privacy regulations. In addition, schools are challenged to be fully fluent in FERPA, but are often unsure of how to accurately interpret the requirements. There’s also very little in the way of enforcement history to guide them around the edges.
Enter technology, and schools are even more nervous about compliance. It’s common to hear questions such as, “who has the data” and “where might it end up?” Some fear that technology companies are taking the students’ personal information and using it for financial gain by behaviorally marketing to students. Is that possible? Yes. Would it happen without a parent or adult student providing permission in advance? Not legally! Is that a common business model for education technology companies? No.
Many K-12 education technology companies earn revenue by selling or licensing their product to schools, or through subscriptions. Some do accept advertising. Others shun that entirely. (Truth be told, there are many small ed tech developers that launch with no revenue model, just good intentions, fingers crossed and a dogged pursuit of foundation grants and investors to help get them off the ground.)
Consider that, in addition to FERPA, under the Children’s Online Privacy Protection Act (COPPA), when personal information is collected online from children under the age of 13, companies are not legally allowed to send that data to a third party for marketing purposes without a parent’s prior permission.
Repercussions for an operator that violates federal privacy requirements? With COPPA, the penalties begin with fines of up to $16K per violation (that’s per student, so it adds up quickly). Repercussions for a technology provider who operates outside the bounds of FERPA? They’re prevented from operating in a school system for a period of 5 years. Long enough to torpedo most any business plan.
Schools need to be able to tell parents what data management platforms, websites and apps are used in their school, and their policies around technology and student data privacy. Technology providers need to be compliant and transparent about their practices. Legislators need to enforce existing rules and listen to the needs of all stakeholders before creating new ones.
Where does this leave us? There’s nothing simple about addressing data privacy and security concerns, and there are many voices that lay stakes around the issues. As a result, there is no one-size-fits-all solution. However, as in most situations, the antidote to fear starts with KNOWLEDGE.
Up next: Taking Fear out of the Student Data Privacy Equation. A look at some of the available resources and action that each stakeholder group can take to bring greater transparency to the process.
Can’t wait for the next post? Want to talk about solutions today? Email me at Linnette@PlayWell-LLC.com. I’d be happy to discuss in more detail.
Don’t forget to sign up for our newsletter! Simply write “subscribe” in the subject line of an email and send to Linnette@PlayWell-LLC.com.
PlayWell provides a variety of services to help education technology companies comply with student data privacy regulations.
Education technology products and questions surrounding student data privacy protections have been in the spotlight over the past year. According to Data Quality Campaign, 110 bills were introduced across 36 states, with 24 signed into law, representing an unprecedented level of regulatory scrutiny.
The White House has now stepped in, recognizing the significant concerns of percolating across the nation around how to best product student data privacy. In a visit to the Federal Trade Commission, President Obama noted that education technology is “transforming how our children learn,” but some companies are using student data for “commercial purposes, like targeted advertising,” much to the chagrin of parents, educators and legislators.
He has introduced the Student Digital Privacy Act, which is intended to ensure that data collected about students is only used for educational purposes, and not for behavioral profiling or targeted marketing.
At PlayWell, we recognize that it’s incumbent upon developers and operators in the ed tech space to understand their responsibilities to protect student data privacy and security, and to support schools in their efforts to use compliant products in the classroom. We offer companies a variety of student data privacy assessment services related to the Family Educational Rights and Privacy Act (FERPA), the Protection of Pupil Rights Amendment (PPRA), and certain state requirements. We also offer workshops for schools, parents and youth groups interested in better understanding how to choose compliant technology products and manage their privacy and safety in the digital world.
In addition, PlayWell is the architect and author of the nation’s first industry self-regulatory assessment program for FERPA, which it also implements. PlayWell created the FERPA Assessment Program in connection with a nonprofit organization, and we are pleased to also extend our support to all of the other fantastic organizations bringing meaningful self-regulation to the education technology industry.