Data Privacy & Security Service
Issue 7
Comptroller’s Corner
PTAC Releases Guidance Video Concerning Use of Email and Student Privacy The U.S. Department of Education through its resource called PTAC, the Privacy Technical Assistance Center, released its latest guidance video on the use of email in schools and student data privacy. This video is one of eight that PTAC has on its site. The videos on PTAC’s site are relatively short and are related to privacy, data use, directory information, parent information, and the Family Educational Rights and Privacy Act (FERPA). In the second report (2015), the Comptroller discusses the use of Student Grading Systems to record information about stu- dents’ grades. Because of the nature of this information, the Comptroller indicates that access to grades by teachers, adminis- trators, various staff members and external information technology support staff should be limited to a “business need” and users should have the minimum amount of access necessary to perform job responsibilities. The New York State Comptroller conducts audits of school districts on a regular basis. The reports produced can assist districts when it comes to evaluating their use of data and controls. In this issue of the Digital Digest, we are sharing two Comptroller reports with you. In the first report (2014), the Comptroller discusses the use of Student Information Systems (SIS) and the amount of personally identifiable data contained in these databases. The report states that only users with a “business need” should have access and be provided with the minimum access necessary to perform job responsibilities.
Student Privacy Pledge
Impact on Districts By signing the pledge, vendors commit to protect students’ data and privacy. For districts, protecting this data should be paramount. Vendors that have signed the pledge declare that they are committed to this goal. Districts should take this into consideration when choosing vendors to work with. The DPSS Inventory Tool helps districts to easily determine if a vendor has signed the pledge.
Recent FCC Ruling The beginning of the school year saw just over 300 companies signing the Student Privacy Pledge . This pledge was first introduced by the Software & Infor- mation Industry Association (SIIA) and the Future of Privacy Forum (FPF) in October 2014 and became le- gally enforceable for companies that signed the Pledge and provide services to schools. “The Pledge requires participating companies to follow 12 obligations in- cluding: not selling student personal information, not using collected information for behavioral advertising and clearly disclosing priva- cy” ( 300: Rise of Student Privacy Pledge , ¶3). The recent FCC ruling in October protecting consumer data does not go far enough. The FCC issued a ruling that ISPs need to get consent before sharing consumer information with third parties. ISPs have the ability to collect a variety of information ranging from a consumer’s loca- tion (GPS) to health information to items that they purchase. In the past, this information has been provided to marketers. Now, ISPs will need to provide its customers with information on the type of data they collect as well as how they keep sensitive data secure. They will also be required to notify customers of security breaches within 30 days. The FCC’s regulations do not extend to web-based companies such as Google, Facebook, Yahoo, and Twitter, to name a few. These companies can still collect, share, and market personally identifiable data.
3
Made with FlippingBook - Online Brochure Maker