Be Mindful of the High Stakes of Protecting Student Data
For IT teams, putting those principles into practice to protect student privacy during the pandemic requires some finesse and knowledge of the scope of relevant laws.
Does a temperature check at the front door fall under HIPAA compliance guidelines? Most experts say no. But the rules around FERPA, the Family Educational Rights and Privacy Act, are less clear cut.
“FERPA is concerned with how data is stored — what is stored and where it is stored. Part of that is security, making sure it is secured, and part of that is privacy, knowing who has access to it and when,” Frisbee says. The regulations don’t spell out rules for safeguarding data, however, “so it falls to the district to have the expertise, to have the right people and the right policies involved.”
The stakes are high to get it right, especially when it comes to surveillance used for contact tracing.
“We are dealing with unprecedented levels of invasive surveillance equipment — proximity detection, location tracking, biometric tracking,” says Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project.
“Tech implemented in the name of COVID-19 could be used to track students and potentially penalize them for everything from truancy to substance use and countless other offenses,” Cahn says. “We’ve seen really disturbing cases where students have police show up at their door because of conduct they engage in in their own bedroom: Having a toy gun in their own bedroom is suddenly a law enforcement matter.”
For in-home learning, “countless people with access to these children’s cameras could easily misuse that access,” he says. Parents could sit in on a class, compromising other students’ privacy. Kids might record classroom sessions and post them to YouTube. It’s a privacy minefield.