educationtechnologyinsights

The State of K12 Student Data Privacy in the Cloud

By Steve Smith, CIO, Cambridge Public Schools& Founder, Student Data Privacy Consortium

Steve Smith, CIO, Cambridge Public Schools& Founder, Student Data Privacy Consortium

Has anything changed since the rise and fall on InBloom in 2013? For those of you that do not recall, InBloom was the Gates-funded project to create a national operational data store of K12 student data to address student movement and interoperability. Sounds like a good idea right? The project failed and spawned the growing attention to student data privacy concerns in schools across the U.S. The answer to the question; a lot has changed, yet a lot still remains the same.

Since 2013, a great deal of attention has been given to student privacy in our schools. Many state laws have been passed and new non-profit organizations have appeared to assist schools. Still many schools are not aware of the privacy risks that may be taking place in their classrooms.

The explosion of EdTech apps over the last ten years or so has created many risk areas. For years educators were encouraged to attend conferences and experiment with new innovative online tools to support teaching and learning. Many of these applications were free. All employed with good intentions. Unfortunately, we are now finding out that many of these applications may not have been built with privacy in mind, or the data collected is purposefully being leveraged for other uses. As a result, violations of FERPA may be occurring in many schools.

"If your district is one of the many districts that have not yet addressed student data privacy at the classroom level, now is the time you will want to get started. It is better to be proactive than to wait until you have to respond to an unpleasant incident"

Schools in the U.S. are bound by FERPA to protect student-level data and only share with parental consent or under other very specific exceptions. Using online providers to support teaching and learning may fall under one of these exceptions; “The School Official Exception”, but only when specific criteria are met and the provider is under the control of the school/district. Meeting these requirements may include annual notices to parents, executing data privacy agreements with all online providers and thoroughly vetting all applications that are in use.

School districts that are aware of these requirements often find the burden to vet all applications overwhelming. It is quite common for schools to be using hundreds or even thousands of online applications with their students that have not been vetted for privacy. Backtracking and getting a handle on these can feel like an insurmountable task. The good news is that there are many resources available for district leaders to help jump-start a privacy program. District staff should recognize that they are not alone in this work.

Resources include;

- Student Data Privacy Consortium’s (SDPC) tools for vetting applications and contracting with providers

- Future of Privacy Forum’s website entitled “FERPA Sherpa” that has great guidance for school staff

- U.S. Department of Education’sPrivacy Technical Assistance Center (PTAC) offers online and in person trainings

These are just a few of the great resources available to school staff to address privacy issues at the district level.If your district is one of the many districts that have not yet addressed student data privacy at the classroom level, now is the time you will want to get started. It is better to be proactive than to wait until you have to respond to an unpleasant incident. Reach out to other districts that have tackled this issue and utilize the resources listed in this article. We all have a responsibility to protect the privacy of our students.

Weekly Brief

Read Also

What is ITIL: Is it Applicable to it in Higher Education

What is ITIL: Is it Applicable to it in Higher Education

Anthony Adade, Ph.D, AVP & CIO, Worcester State University
Enhance Learning Experiences with Technology

Enhance Learning Experiences with Technology

LeRoy Butler, Chief Information Officer,Lewis University
Redefining the Role of Technology in Education

Redefining the Role of Technology in Education

Interview of Sue Workman, Vice President and CIO, Case Western Reserve University
Increased Efficiency and Productivity through Cloud ERP

Increased Efficiency and Productivity through Cloud ERP

Mark H. Nestor, Associate President and CIO, University of the Sciences
Redefining Education Industry with Cloud Computing

Redefining Education Industry with Cloud Computing

Michael Mundrane, CIO and Vice President, University of Connecticut
Higher Education Challenges: Big Data; Cloud Computing; Information Security

Higher Education Challenges: Big Data; Cloud Computing; Information Security

Elias G. Eldayrie, VP & CIO, University of Florida