Why K-12 Data-Privacy Training Needs to Improve
For most districts, data-privacy training duties fall heavily on technology chiefs.
Though efforts to safeguard the privacy of student data are expanding across the country, education experts are lamenting the lack of training opportunities for educators who need it for true protection, those experts say.
"When you look at the vast number of bills this year and last year, and the fact that so many of them delineate roles and responsibilities for districts and educators across the board without any nod to training, it's unclear how they will be implemented with any fidelity," said Paige Kowalski, the vice president of policy and advocacy for the Data Quality Campaign, a Washington-based organization that advocates effective use of student data. "We haven't seen implementation yet, so we don't know what the unintended consequences are going to be and how quickly we'll be able to remedy those."
The push to restrict the growing $8.38 billion education technology industry from using personal information collected through educational sites, apps, and cloud services resulted in the introduction of 182 data-privacy bills in 46 states in 2015 alone, according to the Data Quality Campaign. Fifteen of those states passed 28 laws.
California's landmark Student Online Personal Information Protection Act, which will take effect in January and has been a catalyst for the recent boom nationwide, has the most comprehensive standards for student-data privacy so far: prohibiting companies that operate school services from selling or disclosing personal information or from generating profiles of students for marketing purposes, among a host of other protections.
Yet even as more bills at both the state and federal level raise awareness of the need to better protect and secure student data, attention to training is still limited. Experts say greater emphasis should be placed on educating the educators, especially given the privacy threats that can come from using online homework portals, digital grade books, or student email programs.
"You can pass however detailed security and privacy requirements you want, but unless you also incorporate the need for the training and time and money that will take, it's not going to work on the ground," said Amelia Vance, the director of education data and technology for the National Association of State Boards of Education.
Expectations for Schools
To help administrators and teachers translate complex legalese into more coherent terms, the California Educational Technology Professional Association last month released a data-privacy guide with information on most federal and state student-privacy-related laws. The organization held workshops this past summer for
Northern California school districts in conjunction with the California education department and the U.S. Department of Education's Privacy Technical Assistance Center.
"It's at more of an awareness level right now, making sure teachers know it's also their responsibility to uphold the law," said the association's president, Peter W. Skibitzki.
In a survey of more than 1,000 teachers and administrators nationwide released in June, global learning company Houghton Mifflin Harcourt found that 58 percent were either "very" or "somewhat" concerned about student-data privacy.
Teachers in the 19,000-student Cupertino Union school system in Cupertino, Calif., can refer to a list of websites, apps, and other tools vetted and approved by district officials to limit confusion. "We want teachers to spend their time focused on students learning and the integration of technology into instruction, not on combing through privacy policies and terms of service," said Amy Wong, the district's director of instructional technology. "So we kept training minimal."
But with new ed-tech tools popping up all the time, and with privacy policies and terms of service frequently changing, keeping that list current can be a challenge, acknowledged Wong. She notes that state legislation only goes so far by targeting educational websites alone. "We want students to be using real-world, authentic tools, so we still need to be cautious about which ones we are using and how they are handling student data," she said.
Whatever training takes place, it should be "bite-sized" and available in different formats, such as providing regular tips to teachers on data security and digital footprints, said Bob Moore, the privacy-initiatives lead for the Washington-based Consortium for School Networking, a professional association for school district technology leaders.
CoSN is working with 28 school systems from around the country to devise "sets of practices" that districts could implement to protect the privacy and security of student data and earn a Trusted Learning Environment Seal to recognize their achievements, said Moore.
"No one has really defined what schools should be doing," Moore continued. "Every conversation has been about compliance with laws."
Ramping Up Awareness
Even in West Virginia—which passed a Student Data Accessibility, Transparency and Accountability Act in March 2014—awareness about managing student data and privacy has ramped up significantly, according to the state's data-governance manager, Georgia Hughes-Webb. She and colleagues offer districts on-site training and create Web-based resources to explain student-data-related policies and procedures. This past summer, they hosted sessions on student-data privacy and governance at several state conferences for teachers and staff, and facilitated sessions at national events to share their privacy efforts with peers in other states.
Hughes-Webb also reviews vendor contracts with district officials, seeking assurances they fully understand the agreements they are about to sign. "It's always a fine line to walk between providing access to tools that can help students and making sure data is locked down," she said.
At a training session last school year in West Virginia's Putnam County, librarian and English teacher Ronda Moncada learned ways information can be inadvertently shared, such as when a teacher publicly praises a student without providing a name but offers other identifiable details. The lesson has stayed with her.
"When you hear about how those real-world examples can play out, it makes you realize how just even innocent things can be violations if you're not being mindful," said Moncada, who works at the 1,200-student Hurricane High School in Hurricane. "Privacy in general is such a different beast from what it used to be. Training gives us the confidence that we're doing the right thing."
For most districts around the country, data-privacy-protection duties fall heavily on technology coordinators like Ian Byerrum with the 560-student Ackerman Charter district in Auburn, Calif. Byerrum typically orchestrates basic-training sessions at the start of the school year for administrators and teachers dealing with special education and other student issues that involve "dealing with more sensitive information."
This fall, he is organizing small-group workshops for an expanded target audience, which will take more time to prepare.
Vol. 35, Issue 09, Page s8Published in Print: October 21, 2015, as Data-Privacy Training Lags Behind in K-12