Category Archives: Data Privacy

Student-Data Privacy Guidelines: An Overview

U.S. Department of Education

The federal Education Department and several education and industry groups are among the organizations that have outlined guidelines to help protect the privacy of student data.

“Protecting Student Privacy While Using Online Educational Services: Requirements and Best Practices,” from the department’s Privacy Technical Assistance Center, defines student privacy rights under the Family Educational Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA) and explains how schools and the companies and organizations they work with can meet compliance requirements. It recommends that schools follow these best practices:

• Maintain awareness of other relevant federal, state, tribal, or local laws;

• Be aware of which online educational services are currently being used in a district;

• Have policies and procedures to evaluate and approve proposed online educational services;

• When possible, use a written contract or legal agreement;

• Take extra precautions when accepting “click-wrap” licenses for consumer apps;

• Be transparent with parents and students; and

• Consider that parental consent may be appropriate.

National School Boards Association

“Data in the Cloud” is a legal and policy guide for school boards on student-data privacy in the cloud-computing era. It recommends that school districts:

• Identify an individual districtwide chief privacy officer;

• Conduct a privacy assessment and online-services audit, preferably by an independent third party;

• Establish a data-safety committee or data-governance team;

• Review and update district privacy policies regularly;

• Communicate consistently, clearly, and regularly with students, parents, and the community about privacy issues;

• Adopt consistent and clear contracting practices that address student data appropriately, and discourage take-it-or-leave-it terms; and

• Train staff members about data-privacy issues and tactics for protecting data.

Consortium for School Networking

The “Protecting Privacy in Connected Learning Toolkit for School Leaders” gives advice to help school systems navigate some of the privacy issues that can arise when selecting an online service provider. It offers:

• Guidance about evaluating and contracting with online-service providers;

• Advice on requirements about notification and obtaining parental consent for the use of student data;

• Suggested contract terms;

• Security questions to ask online-service providers; and

• Advice on how to analyze “click-wrap” terms-of-service agreements in software.

Houston Independent School District

The district’s “Software Ratings for Parents” microsite displays a matrix to help parents learn more about the types of information that are collected about their children on websites commonly used in the district. Ratings are based on:

• How personally identifiable information is shared;

• How users are allowed to share information;

• Whether an email is required to use a product or service;

• Whether Internet “cookies” are used to collect data on individuals; and

• If third-party ads are part of the package.

Software & Information Industry Association

The association’s “Best Practices to Safeguard Student Information Privacy and Data Security and Advance the Effective Use of Technology in Education” is intended for education service providers to inform the contracts that govern their relationships with districts and schools. To the extent that students’ personally identifiable information (PII) is collected, used, or shared by school service providers, the practices recommend that such actions be done:

• Only for educational or related purposes;

• Transparently, disclosing in contracts and/or privacy policies what’s being collected from students, how it’s being used, and when it would be shared;

• Only when authorized by privacy policy or contract, or other specified circumstances;

• After following reasonably designed security policies and procedures to protect the information; and

• Only if companies have reasonable policies and procedures for notification in case a data breach occurs.

Association for Competitive Technology (ACT) and Moms With Apps

ACT, representing app developers, and Moms With Apps, a community of app developers founded to create educational apps they would approve for their own children, released the “Know What’s Inside” digital badge. To earn that designation, which notifies parents and educators about an app’s compliance with certain criteria, an app maker must confirm that its app is:

• Specifically for children;

• Accompanied by a clearly written and displayed privacy policy;

• Supported by an explanation of the app features;

• Developed with an understanding of, and support for, the latest privacy regulations and industry best practices; and

• Created by a member of the ACT organization.

Internet Keep Safe Coalition (iKeepSafe)

An application before the Federal Trade Commission proposes to create an iKeepSafe “safe harbor” designation for companies around compliance with the Children’s Online Privacy Protection Act (COPPA). This provision is designed to encourage better industry self-regulation. Companies that comply with FTC-approved guidelines would receive “safe harbor” from agency enforcement action. Under the iKeepSafe proposal, companies would agree, in part, to:

• Practice transparency, with clearly written policies explaining what data are collected, how the information is used and stored, and to whom it may be disclosed;

• Engage in minimal data collection, gathering only what is reasonably required to deliver a promised product, feature, or service to a child;

• Ensure parental, or school, control of data collected from the child;

• Take reasonable measures to secure and maintain the confidentiality and integrity of data; and

• Educate themselves about privacy requirements and best practices.


Comments Off on Student-Data Privacy Guidelines: An Overview

Filed under Data Collection, Data Privacy, Education

Big Data Enters the Classroom

Technological Advances and Privacy Concerns Clash

With the shift to computerized testing, tablets in the classroom and digitized personal records, schools are collecting more data than ever on how children are doing.

Now, some educators believe, it’s time to put that data to use.

Every answer on a quiz can be analyzed to give teachers a precise picture of what their students have learned. A pattern of wrong answers is no longer just a bad grade; teachers can get clues to why students picked the wrong answer. Publishers can analyze which chapters in their textbooks are working, and which might need revising.

Steven Ross, a professor at the Center for Research and Reform in Education at Johns Hopkins University, says using data to help tailor education to individuals will drive learning in the future. “Most of us in research and education policy think that for today’s and tomorrow’s generation of kids, it’s probably the only way,” he says.

Perhaps the biggest stumbling block to using data in schools isn’t technological, though. Rather, it’s the fear that doing so will invade the privacy of students. Parents worry, for example, that details of a child’s early struggles with reading could hurt them with future employers—or with schoolyard bullies.

“It’s really invasive,” says Lisa Shaw, a parent in the New York City public school system. “There’s no amount of monetary funds that could replace personal information that could be used to hurt or harm children in the future.”

Expanding Field

Over the past decade, schools have started using cloud storage or begun sending more data to state education departments for collection and analysis. The amount of data collected is expected to swell as more schools use apps and tablets that can collect information down to individual keystrokes, or even how long a student holds a mouse pointer above a certain answer.

Innovative education projects include Teach to One, a program run by New York City-based New Classrooms Innovation Partners. The company works with schools in Chicago, New York City and Washington, D.C., to track whether students have mastered math concepts. Through its software, students are given personalized quizzes and lessons that target their weaknesses. Students take classes in a few different settings—in a classroom with a live teacher, with a one-on-one tutor online or even through computer lessons—and the software aims to figure out which setting works best for them.

On a larger scale, Renaissance Learning, a testing and student-data company that recently was sold to a private-equity firm for $1.1 billion, has data on 10.7 million students across the country, who regularly take quizzes through the company’s portal. Chief Executive Jack Lynch says he believes soon it will be possible for the country to drill down to find out which states or districts are doing best at setting up their curricula or teaching fractions.

Some firms want to track students through their entire academic careers. ACT Inc., the company behind the ACT test, the competitor to the SAT exam, in April will launch a system to track students from third through 10th grades in English, math and science. ACT says the series of tests will help make sure students are ready to go to college and work. Another ACT product could help steer students toward careers that fit their skills.

Among their efforts to stave off privacy concerns, education-data companies are hiring chief privacy officers, testifying before state legislatures and reshaping their messages to emphasize their data security. State lawmakers are considering passing bills to rein in access to student data or allow parents to opt out of data collection.

Protests about data privacy have partly derailed one ambitious project, inBloom, a nonprofit with $100 million from the Bill & Melinda Gates Foundation and the nonprofit Carnegie Corporation of New York. InBloom wants to link education-tech companies with school districts—serving as a type of middleman for student data. Its system gives schools the option of uploading hundreds of characteristics about students, including disabilities such as autism or vision problems. Five states initially said they would work with inBloom. That number is down to three: New York, Illinois and Massachusetts.

In November, inBloom hired Virginia Bartlett as chief privacy officer. Ms. Bartlett says she sees a big gap in what parents and school district officials believe about student data and what is actually happening.

“There’s a lot of fear,” she says. InBloom officials, for example, don’t have access to the student data, and there isn’t a national database being created, she says. The data is stored through Amazon Web Services in what she describes as a safe-deposit box. Even if there was a leak of data, she says, it would be nearly impossible to use.
‘Hermetically Sealed’

Mr. Lynch is also emphatic about security. He describes Renaissance Learning’s data as “hermetically sealed.” He says he understands parents’ concerns. Still, at a recent conference on the topic, he said: “It can’t mean rolling back the availability of technology. We know that’s a historical impossibility.”

Kathleen Styles, the U.S. Department of Education’s first chief privacy officer, says the biggest issue she has seen is schools don’t have rules or policies on how much data to collect, how long to keep it and who has access to it.

“The only way to make data totally safe is to not ever use it or keep it,” she says. “That’s just not an option.”

Ms. Fleisher is a Wall Street Journal reporter in London.

Comments Off on Big Data Enters the Classroom

Filed under Data Collection, Data Privacy, Education