The growth of electronic learning systems and the mounting frequency of public data breaches has brought new tensions to the debate on how to safeguard student data privacy in and out of the nation’s schools. While schools have been collecting sensitive information about students for decades, the transition from paper to digital record keeping has created a new and complex set of issues for school administrators and state and federal policy makers.
The digital platforms being used by students, teachers and school systems can be extremely beneficial and act as a transformative force in education, but only if they are handled properly and parents are brought into the loop, a group of experts said at an annual gathering of state educators specializing in technology issues this week.
Amelia Vance, policy analyst at National Association of State Boards of Education (NASBE), said the issue is now front and center because people are discovering how vulnerable their information actually is.
“If there hadn’t been the NSA leaks and if there hadn’t been the Target breach last year, you wouldn’t have had this outcry as people were discovering that educational agencies were also collecting and possibly had vulnerable information,” she said, speaking at the State Educational Technology Directors Association (SETDA) forum.
One of the biggest problems, according to Richard Culatta, director of the Office of Educational Technology at the U.S. Department of Education, is that information can be transferred in seconds with the click of a button. “When you have a digital format that can be instantly mined or used, it’s much easier to share and exploit student data.”
The general lack of transparency about student data collection, and how that data might eventually be used, is also a significant problem, and more parents are taking notice.
Paige Kowalski, director of state policy and advocacy at the Data Quality Campaign, said the difficulty of finding out what information is being collected often leads to misinformation. “When you simply can’t answer the question what kind of data is out there and who has access to it or how is it being used … if that doesn’t exist, then any misinformation out there becomes the truth,” she said.
The Education Department has tried to help, Culatta said. In July, the department’s Privacy Technical Assistance Center announced new guidance for schools and districts on how to keep parents and students better informed about what student data is collected and how it is used.
Vague and confusing terminology, however, continues to make it difficult for state lawmakers to grapple with student data privacy issues. Compounding matters is that fact that virtually every state has different legislation and regulations about what information can be collected and who can use or modify it. States also differ when it comes to punishments for a data breach. In some states there are fines for intentional data breaches, and in others states, the threat of prison time.
State leaders are also wrestling with a host of other education technology issues, including finding ways to ensure all students have equitable access to the Internet and online learning resources, SETDA Executive Director Douglas Levin said.
Parents meanwhile continue to raise concerns about what recourse they have over the misuse of their children’s data. A new law recently passed in California to address that concern is gaining a lot of attention, experts at the conference said.
California’s Student Online Personal Information Protection Act, also known as SOPIPA, is the first state law that puts the burden on private companies for the misuse of student information, instead of the school districts, according to Cindy Kazanis, director of the data management division of California’s Department of Education. The new law has received praise from many student data privacy advocates.
The Department of Education, however, has insisted that many state laws currently under consideration are unnecessary because their provisions are already covered in large part under the Family Educational Rights and Privacy Act (FERPA).
But Joni Lupovitz, vice president of policy at Common Sense Media, said the law only applies to federally funded schools, not private schools or companies. She said there are many loopholes in FERPA, and that the law, first enacted during the Ford administration, hasn’t caught up with the digital age and technology.
Fixing FERPA would be tricky, insists Vance. “Once you open up FERPA to Congress, you don’t know what’s going to happen.” She argues that states still can play an important role in establishing student privacy laws that reflect the unique needs of their state as well as the rapidly evolving technology landscape.
“I think everyone has a role to play,” said Lupovitz. She pointed to efforts by groups such as the Future of Privacy Forum, a Washington, D.C.-based think tank that seeks to advance responsible data practices. The group includes a growing consortium of industry players “who have pledged to treat information right. It’s not perfect. But it’s an advance, and a way to give schools and parents … greater assurance” about what happens with students’ data.
Wyatt Kash contributed to this story.