Data Privacy & Security Service
Issue 7
FORUM GUIDE TO EDUCATION DATA PRIVACY
What is Student Data Privacy? The National Forum on Educational Statistics seeks to answer that question in its comprehensive report called a Forum Guide to Education Data Privacy . The first chapter of this report looks at privacy laws at a federal level, privacy and security con- siderations needed to protect student data, and roles and responsibilities of SEAs, LEAs, and vendors with respect to data confidentiality. In the Winter edition of the Digital Digest , Chapter 1 of the research report will be highlighted. Additional chap- ters of this report will be highlighted in upcoming editions.
Additional Resources
6 things schools can do to ensure student data privacy 1. Create clear governance policies 2. Lock down access to PII with identi- ty and access management 3. Manage data with precision 4. Randomize data whenever possible 5. Use encryption 6. Vet your vendors
When it comes to protecting student data and privacy, one size does not fit all accord- ing to the research conducted by the National Forum on Educational Statistics (NFES, 2016). Data is shared at alarming speeds across schools and districts as well as with agencies outside of districts all in the name of improving services directed to students. Parents appear to support the use of student data by teachers and administrators within school districts if the data is for educa- tional purposes. However, parents are less comfortable with data being shared with online service providers or third party ven-
dors. Parental concerns include: the use of data for advertis- ing or marketing purposes; the creation of student profiles that could later be used by vendors for marketing; sensitive information such as disciplinary records that could impact educational or employment opportunities later in life; identity theft; and data that is not properly deleted when it is no long- er needed (NFES, Future of Privacy Forum, 2015). Federal student data and privacy laws such as the Family Edu- cational Rights and Privacy Act (FERPA), passed in 1974 and revised in 2008 and 2011, require schools to give parents and eligible students (age 18 or older) the opportunity to review information contained in educational records. If information
is incorrect, amendments are to be made. Disclosure of personally identifiable information (PII) to a third party without consent is prohibited under FERPA. LEAs must notify parents and eligible students of their rights each school year under FERPA. The Report discusses the use of PII and audit or evaluation exceptions, directory information exceptions and FERPA exceptions. Additional federal requirements such as the Protection of Pupil Rights Amendment (PPRA), COPPA, HIPAA, National School Lunch Act, and Military Recruiters are included. Information must be protected from both technical and human threats. These threats can be mitigated through proper and ongoing professional development. The full context of chapter 1 is available here .
4 Companies Agree to Stop Tracking Children Online After Settlement with New York Attorney General
Most kids love cookies, but not the type that track their web movements. New York State’s attorney general, Eric Schneiderman, reached a settlement with four children’s companies for using technology to track movements on websites. These companies, Viacom, Mattel, Hasbro and Jumpstart Games, were in violation of the Children’s Online Privacy Protection Act (COPPA) that prohibits the online collection of personal information by persons or entities from children under 13 years of age.
2
Made with FlippingBook - Online Brochure Maker