69ý

Privacy & Security

Student-Data Privacy Guidelines: An Overview

By Michele Molnar — April 14, 2014 4 min read
  • Save to favorites
  • Print
Email Copy URL

U.S. Department of Education

The federal Education Department and several education and industry groups are among the organizations that have outlined guidelines to help protect the privacy of student data.

“Protecting Student Privacy While Using Online Educational Services: Requirements and Best Practices,” from the department’s Privacy Technical Assistance Center, defines student privacy rights under the Family Educational Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA) and explains how schools and the companies and organizations they work with can meet compliance requirements. It recommends that schools follow these best practices:

• Maintain awareness of other relevant federal, state, tribal, or local laws;

• Be aware of which online educational services are currently being used in a district;

• Have policies and procedures to evaluate and approve proposed online educational services;

• When possible, use a written contract or legal agreement;

• Take extra precautions when accepting “click-wrap” licenses for consumer apps;

• Be transparent with parents and students; and

• Consider that parental consent may be appropriate.

National School Boards Association

“Data in the Cloud” is a legal and policy guide for school boards on student-data privacy in the cloud-computing era. It recommends that school districts:

• Identify an individual districtwide chief privacy officer;

• Conduct a privacy assessment and online-services audit, preferably by an independent third party;

• Establish a data-safety committee or data-governance team;

• Review and update district privacy policies regularly;

• Communicate consistently, clearly, and regularly with students, parents, and the community about privacy issues;

• Adopt consistent and clear contracting practices that address student data appropriately, and discourage take-it-or-leave-it terms; and

• Train staff members about data-privacy issues and tactics for protecting data.

Consortium for School Networking

The “Protecting Privacy in Connected Learning Toolkit for School Leaders” gives advice to help school systems navigate some of the privacy issues that can arise when selecting an online service provider. It offers:

• Guidance about evaluating and contracting with online-service providers;

• Advice on requirements about notification and obtaining parental consent for the use of student data;

• Suggested contract terms;

• Security questions to ask online-service providers; and

• Advice on how to analyze “click-wrap” terms-of-service agreements in software.

Houston Independent School District

The district’s “Software Ratings for Parents” microsite displays a matrix to help parents learn more about the types of information that are collected about their children on websites commonly used in the district. Ratings are based on:

• How personally identifiable information is shared;

• How users are allowed to share information;

• Whether an email is required to use a product or service;

• Whether Internet “cookies” are used to collect data on individuals; and

• If third-party ads are part of the package.

Software & Information Industry Association

The association’s “Best Practices to Safeguard Student Information Privacy and Data Security and Advance the Effective Use of Technology in Education” is intended for education service providers to inform the contracts that govern their relationships with districts and schools. To the extent that students’ personally identifiable information (PII) is collected, used, or shared by school service providers, the practices recommend that such actions be done:

• Only for educational or related purposes;

• Transparently, disclosing in contracts and/or privacy policies what’s being collected from students, how it’s being used, and when it would be shared;

• Only when authorized by privacy policy or contract, or other specified circumstances;

• After following reasonably designed security policies and procedures to protect the information; and

• Only if companies have reasonable policies and procedures for notification in case a data breach occurs.

Association for Competitive Technology (ACT) and Moms With Apps

ACT, representing app developers, and Moms With Apps, a community of app developers founded to create educational apps they would approve for their own children, released the “Know What’s Inside” digital badge. To earn that designation, which notifies parents and educators about an app’s compliance with certain criteria, an app maker must confirm that its app is:

• Specifically for children;

• Accompanied by a clearly written and displayed privacy policy;

• Supported by an explanation of the app features;

• Developed with an understanding of, and support for, the latest privacy regulations and industry best practices; and

• Created by a member of the ACT organization.

Internet Keep Safe Coalition (iKeepSafe)

An application before the Federal Trade Commission proposes to create an iKeepSafe “safe harbor” designation for companies around compliance with the Children’s Online Privacy Protection Act (COPPA). This provision is designed to encourage better industry self-regulation. Companies that comply with FTC-approved guidelines would receive “safe harbor” from agency enforcement action. Under the iKeepSafe proposal, companies would agree, in part, to:

• Practice transparency, with clearly written policies explaining what data are collected, how the information is used and stored, and to whom it may be disclosed;

• Engage in minimal data collection, gathering only what is reasonably required to deliver a promised product, feature, or service to a child;

• Ensure parental, or school, control of data collected from the child;

• Take reasonable measures to secure and maintain the confidentiality and integrity of data; and

• Educate themselves about privacy requirements and best practices.

A version of this article appeared in the April 16, 2014 edition of Education Week

Events

School & District Management Webinar Crafting Outcomes-Based Contracts That Work for Everyone
Discover the power of outcomes-based contracts and how they can drive student achievement.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
School & District Management Webinar
Harnessing AI to Address Chronic Absenteeism in 69ý
Learn how AI can help your district improve student attendance and boost academic outcomes.
Content provided by 
School & District Management Webinar EdMarketer Quick Hit: What’s Trending among K-12 Leaders?
What issues are keeping K-12 leaders up at night? Join us for EdMarketer Quick Hit: What’s Trending among K-12 Leaders?

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.

Read Next

Privacy & Security What Teachers Need to Know About Changes to Instagram Teen Accounts
The adjustments come as Meta faces multiple lawsuits from states and school districts.
4 min read
Close up photo of Black teen looking at Instagram photos on her cellphone.
Anastasia_Prish/Getty
Privacy & Security Download A Tip Sheet to Help Teachers Prevent and Respond to Doxxing
Teachers can be a target for malicious actors. Use this tip sheet to prevent and respond to doxxing.
1 min read
Image of digital safety against doxxing and privacy invasion.
Laura Baker/Education Week via Canva
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Privacy & Security Quiz
Quiz Yourself: How Much Do You Know About Cybersecurity For 69ý And Districts?
Answer 6 questions about actionable cybersecurity solutions.
Content provided by 
Privacy & Security What 69ý Need to Know About These Federal Data-Privacy Bills
Congress is considering at least three data-privacy bills that could have big implications for schools.
5 min read
Photo illustration of a key on a digital background of zeros and ones.
E+