Federal

Ed. Dept. Makes Protecting Student Data a High Priority

By Benjamin Herold — March 04, 2014 6 min read
  • Save to favorites
  • Print

Seeking to help schools protect students’ privacy without inhibiting the use of digital technologies in the classroom, the U.S. Department of Education released new guidance last week on the proper use, storage, and security of the massive amounts of data being generated by new, online educational resources.

“This can’t be a choice between privacy and progress,” Secretary of Education Arne Duncan told a gathering of privacy advocates and ed-tech leaders who gathered for a “summit” on the hot-button issue.

The guidance comes amid a flurry of activity around student-data privacy. Also in recent weeks, a leading technology trade group issued its own recommendations for protecting such data; major state legislation was proposed in California; U.S. Sen. Edward J. Markey, D-Mass., announced that he will soon introduce a federal bill; and the San Francisco-based nonprofit Common Sense Media hosted the high-profile “School Privacy Zone” summit here.

James P. Steyer, the CEO of Common Sense Media, said the confluence of efforts is a good sign.

A Flurry of Recommendations

February was a busy month for a wide cross-section of groups interested in student-data privacy:

Federal Government
The U.S. Department of Education released new guidance to help schools and districts interpret major student-privacy laws and implement best practices. Sen. Edward J. Markey, D-Mass., announced that he will soon introduce new legislation on the issue.

State Government
California state Sen. Darrell Steinberg, a Democrat, sponsored a new bill that, among other goals, would prohibit providers of online educational services from using or disclosing student data for commercial purposes, such as marketing. Bills in Kansas and a number of other states are also under consideration.

Ed-Tech Industry
The Software & Information Industry Association released “best practices for the safeguarding of student-information privacy and security for providers of school services.” The recommendations focus on limiting the use of personally identifiable student information to “educational and related purposes” and improving policies related to transparency, contracting, security, and data-breach notification.

Privacy Advocates
The nonprofit Common Sense Media hosted a “School Privacy Zone” summit in Washington attended by dozens of advocates, ed-tech leaders, and government officials, including U.S. Secretary of Education Arne Duncan. The group recently conducted polling research on U.S. voters’ attitudes about student-data privacy and is promoting a set of “fundamental principles” related to the issue.

“I’ve never felt that industry self-regulations were sufficient to protect the interests of kids and families,” said Mr. Steyer, whose organization is known for evaluating media and educational technology intended for use by children. “We want the best [private] actors to step forward, but we also need legislation and regulation and advocacy. It’s the combination that works.”

For its part, the federal government will seek “vigorous self-policing by commercial players” handling sensitive data about children, Secretary Duncan said, but it is “not going to wait for industry or rely on promises” to protect that information. The federal guidance is nonbinding and contains no new regulations; instead, it offers interpretations of existing laws and encourages “best practices” by schools and districts.

The 14-page document highlights the challenges of securing students’ data in the rapidly evolving digital education landscape. The Education Department’s short answer—"it depends"—to two frequently asked questions by school officials about how federal statutes apply to the sharing of sensitive student information with third-party vendors left some privacy advocates unsatisfied.

“The guidance really underscores the fact that student-privacy rights are under attack,” said Khaliah Barnes, a lawyer for the nonprofit Electronic Privacy Information Center, based in Washington.

Representatives from the software industry, meanwhile, commended the department’s guidance.

Crafting Protective Measures

In his keynote address at the summit, Mr. Duncan touted the “extraordinary learning opportunities” associated with new digital learning tools and the vast amounts of information they generate. He cited examples of schools’ use of technology and data to personalize student learning, free up teachers’ time for high-value instructional activities, and engage parents.

But the secretary also stressed that “school systems owe families the highest standard of security and privacy,” and he sharply criticized some common industry practices, including “take-it-or-leave-it” contracts with districts that allow companies to unilaterally and without notice change their privacy-protection practices.

“It is in your best interest to police yourselves before others do,” Mr. Duncan said in a direct message to ed-tech vendors.

Many policymakers, advocates, and even industry officials say a baseline standard should be that third-party vendors use student information only for educational purposes.

The new federal guidance, however, makes clear that defining “educational purposes” in the digital age is a complicated endeavor, and that student-privacy statutes now on the books are straining to meet the challenges presented by “big data” and ubiquitous digital learning tools.

Take, for example, the “metadata” collected on students via digital devices and online learning programs, which can include keystroke information, the time and place at which a device is being used, and more.

Under some circumstances, such metadata are not protected under the Family Educational Rights and Privacy Act, or FERPA, a 40-year-old law intended to protect children’s educational records from disclosure. According to the new guidelines, it may thus sometimes be permissible for vendors to use such information for data-mining and other noneducational purposes.

The circumstances under which students’ personally identifiable information may be used by third-party vendors can also be murky. As a result, the Education Department suggests that “schools and districts will typically need to evaluate the use of online educational services on a case-by-case basis to determine if FERPA-protected information is implicated.”

Some privacy advocates, though, criticize the department as having weakened FERPA by regulatory changes made in recent years.

“In the process of encouraging a market in data-mining software and the outsourcing of education into private hands, [the department] seems willing to sacrifice our children’s privacy,” said Leonie Haimson, the executive director of the New York City-based nonprofit Class Size Matters and a frequent critic of industry involvement in student data-sharing initiatives.

Outlining Best Practices

Dozens of bills addressing data privacy have been proposed in a number of states in recent months, and at the federal level, Sen. Markey said last week that he would seek “new, updated rules” to protect sensitive student information that is transferred to private companies.

The focus of the planned federal legislation, Mr. Markey said in a statement, would be prohibiting the use of such data for targeted marketing to children, ensuring parents’ rights to access information about their children that is held by private companies, and creating other new safeguards.

Hoping to get out ahead of the rising regulatory tide, the Software & Information Industry Association, a trade group based in Washington, released its own recommendations.

“We’re concerned about [the possibility] of legislation that might capture very appropriate uses of student information,” said Mark Schneiderman, the group’s senior director of education policy. “Our intention is to create a ‘trust framework,’ and at the same time make sure we’re not cutting off our nose to spite our face.”

While the SIIA focused on best practices for industry, the Education Department focused in its new guidance on supporting smarter, more effective practices by schools and districts.

Among the federal recommendations for school systems are conducting an inventory of all online educational services now in use; developing policies to evaluate and approve proposed online educational services, including no-cost software and apps that require only click-through consent; and pursuing written contracts with all new data vendors.

But while such approaches are welcome, they might not be enough to keep up with rising parental concerns about the privacy and security of their children’s data, said Joel R. Reidenberg, a Fordham University law professor who recently published a scathing review of districts’ current contracts with cloud-computing service providers.

“I don’t think it’s a reasonable expectation that districts are in a position to police vendors and really take control of their data,” Mr. Reidenberg said. “But it’s great that [the department] finally got something out.”

Related Tags:

A version of this article appeared in the March 05, 2014 edition of Education Week as U.S. Outlines Data-Privacy Guidelines

Events

College & Workforce Readiness K-12 Essentials Forum Career and Technical Education Takes Its Next Big Step
Join this free virtual event to hear creative approaches to modernize CTE programs and navigate the shift away from a near-exclusive focus on "college preparedness."

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Federal The Principal Pipeline Could Contract Under New Federal Borrowing Caps
A new analysis finds that new student loan limits would hit prospective administrators hardest.
4 min read
Commencement Ceremony 25353687159009
Graduates of Maryland's Towson University celebrate their commencement during a ceremony on Dec. 17, 2025. A new analysis finds that educators studying to become administrators could be hit hardest by new federal caps on student borrowing for graduate students.
Robyn Stevens Brody/Sipa via AP Images
Federal See What's in Trump Commission's Religious Freedom Agenda for Schools
Panel recommends federal guidance on parents' opt-out rights, Ten Commandments displays, and other features.
8 min read
West Bloomfield team members huddle as defensive line coach Justin Ibe leads a team prayer before the game against Eisenhower, Friday, Oct. 21, 2022, in West Bloomfield, Mich.
West Bloomfield team members huddle as defensive line coach Justin Ibe leads a team prayer before a game Oct. 21, 2022, in West Bloomfield, Mich. A federal religious liberty commission recently called for "know your rights" posters to inform public school students of their rights to prayer and religious expression.
Carlos Osorio/AP
Federal Changes to Student Loans Took Effect July 1. Here's What to Know
The changes mean the end of some payment plans and new limits for graduate loans.
5 min read
People demonstrate in Lafayette Park across from the White House in Washington, June 30, 2023, after a sharply divided Supreme Court has ruled that the Biden administration overstepped its authority in trying to cancel or reduce student loan debts for millions of Americans.
People demonstrate in Lafayette Park across from the White House in Washington on June 30, 2023, after the Supreme Court ruled the Biden administration overstepped its authority in trying to cancel or reduce student loan debts. A range of student loan changes took effect July 1.
Andrew Harnik/AP
Federal Ed. Dept. Leaves Most K-12 Fields Off Expanded List of 'Professional' Degrees
Whether a degree is considered "professional" now determines how much graduate students can borrow.
4 min read
Graduates of the University of Texas Rio Grande Valley attend their commencement ceremony at the schools parking lot on Friday, May 7, 2021, in Edinburg, Texas. Graduate degrees, once touted as the new bachelor’s degrees, are becoming less crucial to get jobs. Today, more college graduates than ever hold advanced degrees, and graduate programs are the only area of higher education that saw enrollment increases during the worst of the pandemic.
Graduates of the University of Texas Rio Grande Valley attend their commencement ceremony in Edinburg, Texas, on May 7, 2021. The Trump administration has expanded its list of graduate degrees it considers "professional" for purposes of determining how much students can borrow to fund their studies.
Delcia Lopez/The Monitor via AP