There’s a lot of student data flying in and out of classrooms these days. Many teachers and school districts are using “cloud-based” services to manage class assignments or store student’s personal academic data. School systems utilized- cloud-base applications and resources because it is a cheaper alternative. Cloud-based computing eliminates expensive infrastructure costs. More importantly, it’s a convenient technology for schools. Cloud-based services deliver on-demand data outcomes, which helps school staff evaluate student progress in a timely matter.
However, conveniences is not always secure.
Not all cloud-based providers restrict the use of students’ personal data for commercial purposes. These online educational services have the ability to amass large amount of contextual or transactional data know as Metadata (i.e., student’s test scores, grade point average, learning disability plans, email and home addresses, and date of birth). With this information, they theoretically could create a “data profile” of each student and sell his/her information to marketing companies. And, this has many parents and privacy advocates concerned.
Currently, there is no comprehensive federal regulation restricting “data brokers” or companies from retaining student data indefinitely. The two main federal laws regulating student information and access (FERPA and COPPA) do not provide students with any protection against online data collection. Under these laws, these providers are not required to comply with FERPA and COPPA regulation.
Senators Orrin Hatch, R-Utah, Markey, D-Mass, have introduced the “Protecting Student Privacy Act” (S.2690), which would amend FERPA and require schools and school districts to implement data security protections to safeguard students’ personal academic data. However, this legislation is still pending approval. There are 30-plus states in the process of crafting student data protection laws.
Until these laws are enacted, there are some measures school districts can take to ensure some level of data security.
Review Current Data Handling Policies: All staff should receive data handling awareness/data protection training and should be made aware of their responsibilities. Schools need to make certain its employees will do everything within their power to ensure the safety and security of any material of a personal or sensitive nature.
Invest in IT Security: All school systems should have a professional on staff that understands data security protocols. This individual’s goal is to help schools protect students’ privacy without inhibiting educators use of digital technologies in the classroom.
Conduct an Inventory of Online Providers: It is important that districts are aware of the different online educational services currently being used at each school site. This will help districts assess the scope and range of student information being shared online. With this information, school officials can evaluate each provider’s terms of agreements to determine which service is safe to use in the classroom.
Restrict Free-for-All Sign-Ups: Individual teachers and staff should be restricted from signing up their students to random websites and apps. Instead, districts should provide staff with a list of approved classroom apps or websites, which have been vetted by their IT security expert.
The practice of using un-vetted online educational services has come to an end. No longer is it acceptable for school systems or teachers to ignore FERPA compliance just because it is an online vendor. Strict accountability measures need to be imposed on schools to guarantee privacy and security for all students. Online educational vendors should be required to follow FERPA and uphold student privacy guidelines just like all other brick and motor organizations.
- Protecting Student Privacy While Using Online Educational Services: Requirements and Best Practices
- Image courtesy of jesadaphorn at FreeDigitalPhotos.net