Student Privacy: A Back-to-School Refresh

From FERPA to COPPA, we’ve got a rundown on how school districts deal with student privacy.

When it comes to leveraging tech tools, K–12 schools have several federal regulations regarding student privacy that they must keep in mind.

The Family Education Rights and Privacy Act (FERPA) keeps parents apprised of how their children’s information is being used and gives them control over much of what is shared. In addition to this, the Children’s Online Privacy Protection Act (COPPA) requires makers of websites, online services and apps to notify parents and get consent before collecting information on children under the age of 13.

As many schools have already opened their doors, and others are preparing to do so, we’ve created a back-to-school refresh on how to best secure student privacy.

SIGN UP: Get more news from the EdTech newsletter in your inbox every two weeks!

Schools Can Give Privacy Consent with Discretion

A big tenet of FERPA and COPPA is the parental consent that must be issued before student information can be released to an ed tech vendor or app. However, in some cases, schools can disclose information without parental consent.

Under FERPA, parents must be notified of who schools can disclose to without their consent, and schools can’t just release information whenever they want to.

“Instead, disclosure should be limited to those teachers and other school employees directly responsible for the student’s education or services, who ‘need to know’ students’ information in order to be able to fulfill their professional responsibilities,” reports the Parent Toolkit for Student Privacy.

Though it addresses websites and apps, schools can also grant consent in lieu of parents under COPPA, so, as Education Week reports, the details of the law are quite important for school administrators. Like with FERPA regulations, schools can only give disclosure consent when it is required to further a student’s education and the online service is solely for the benefit of the student. Also, schools must notify parents when they have done this.

“Generally, the Federal Trade Commission expects companies to publicly post a privacy policy that includes descriptions of what information is collected from children, how that information may be used and disclosed, contact information for any third parties that may also be collecting information through the site, and more,” reports Education Week. “Schools, in turn, are expected to make such notices available to parents.”

Best Practices to Ensure Student Privacy at All Levels

When schools are entering into partnerships with vendors or choosing to use a website, the Student Privacy Pledge and Common Sense Media’s Privacy Evaluations are great tools to check their reputations.

In addition to this, schools can follow some other best practices to make sure student information is protected.

“We are very guarded about who we share our student data with,” Chris Miller, assistant director for technology services at Eanes Independent School District, says in an EdTech video. “We have agreements that we have our vendors sign so that student data cannot be used for tracking or data mining.”

Other educators in the video indicate the importance of giving students just-in-time digital citizenship training so they are aware of how to evaluate when to disclose certain information while working online. This kind of training can be important to administrators and teachers as well.

“Everyone in the school community has to be aware of what information can be shared and with whom, and administrators must know how all the information gathered is tracked and acted upon,” Thomas Murray, the director of innovation for Future Ready Schools, tells EdTech.

FatCamera/Getty Images
Aug 30 2017