Privacy & Security

School Reopenings Bring Wave of COVID-19 Student-Data-Privacy Concerns

By Benjamin Herold — August 11, 2020 6 min read
BRIC ARCHIVE
  • Save to favorites
  • Print

Whether it happens in-person or remote, this year’s back-to-school season is bringing with it a host of new data privacy concerns.

Chief among them: How to safely and legally store and share videos of classroom lessons featuring students, and what to do with all the new sensitive health information being collected by schools now administering health surveys, doing daily temperature checks, and tracing the contacts of students and staff who have contracted or been exposed to the coronavirus.

“Reopening plans must balance protecting health and protecting student privacy and educational rights,” said Amelia Vance, the director of youth and education privacy at the Future of Privacy Forum, which earlier this month released a new “Student Privacy and Virtual Learning Guide” along with the National Center on Learning Disabilities.

“It is a difficult—but incredibly important—balance,” Vance said. “Schools and districts should have clear plans in place for how they will collect, use, and store health data to ensure it is not ultimately used to limit educational access or opportunities for vulnerable students.”

Remote Learning Drives Ed-Tech Expansion

With the coronavirus pandemic still ravaging the country and sowing uncertainty in schools, 9 in 10 district leaders say they plan to incorporate some level of remote instruction into their reopening plans, according to the most recent survey of K-12 professionals administered by the Education Week Research Center in late July.

See Also: Massive Shift to Remote Learning Prompts Big Data Privacy Concerns

That means an abundance of platforms, software programs, and apps will be a regular part of students’ education. With this new reality comes fresh concerns about how all that technology will be collecting, storing, and using students’ personal information. Parents who wish to opt out of such technology usage, already limited in their options before the pandemic, will now be even more constrained.

To minimize the potential risk and build trust, Vance said, schools should consider establishing and sharing a set of limited and vetted ed-tech products they intend to use during remote learning.

That list shouldn’t include social media. Despite the appeal of reaching students on the platforms they regularly use in their personal lives, teachers and administrators should avoid delivering instruction on platforms such as Instagram Live, TikTok, and YouTube.

“Many social media tools were developed for general audiences, not students, and are therefore unlikely to be compliant with student privacy laws and best practices,” according to a blog post from the Future of Privacy Forum this spring.

And what about providing teletherapy services to students with special needs or disabilities?

Avoid “public-facing” platforms like Facebook Live, the new virtual learning guide advises, and, if possible, use platforms that your school district has a contract with. The federal department of Health and Human Services has offered greater flexibility around using commercial services that are not public-facing, such as Zoom, Facebook Messenger, and FaceTime.

Tips for Data Safe Videoconferencing

How are schools managing the broader shift to video-based instruction?

Eighty-two percent of district leaders expect teachers to pre-record video lessons and make them available for students to watch on demand, according to the most recent EdWeek Research Center survey. And when it comes to live videoconferencing, 8 in 10 principals and district leaders have approved their schools to use Zoom or Zoom for Education and Google Hangouts. Smaller numbers have approved use of Microsoft Teams, GoToMeeting, Skype, and other platforms.

A student’s mere participation in such videoconferencing likely does not trigger the Family Educational Rights and Privacy Act, or FERPA, the nation’s primary student data-privacy law. That likely changes, however, the moment “a student’s image, name, or voice is recorded and stored by the school,” according to the new NCLD and Future of Privacy Forum guide.

To make sure schools are protecting students’ privacy during videoconferences, the Consortium for School Networking, a professional association for school-technology leaders, developed an online guide.

Whenever possible, avoid recording classroom discussions with students, the group advises. Create guidelines that ensure any videos involving students are secure both in transit and while being stored. Make sure only necessary personnel can access the videos and set a schedule for deleting all videos after a set period of time.

Also critically important, said CoSN CEO Keith Krueger, is to avoid any “practices that might result in the videos being publicly available.” That means no open Google Drive links, posts to private YouTube accounts, or emailed files.

One strategy used by many school districts trying to take such concerns into account: Using learning management systems that are specifically designed for K-12 schools and have built-in tools for meeting with students, such as Canvas.

Protecting Sensitive Health Data

Another new concern for schools is all the sensitive health data on students now being collected.

In late July, 3 in 5 district leaders told the EdWeek Research Center they planned to do daily temperature checks of students and staff. Ninety-two percent said they’d require sick students to stay home, and 79 percent said they’d require students who were exposed to the virus to do the same. A handful were also planning to administer their own COVID tests.

“The complexity of this work across students and employees can’t be overstated,” said Krueger of CoSN. “In addition to state reporting requirements and privacy laws, schools also need to consider anti-discrimination laws, labor laws, and more.”

As important as ever, he advised, schools should avoid rushing a technology solution into place just to create the appearance of action. Strong privacy and security measures—including legal reviews for compliance with state and federal law, plans to minimize the data that are actually stored, limiting access to those data, and ensuring that “robust physical, technical, and administrative controls” are in place—are essential.

One tangible example of data minimization that Krueger described: A record stating that a given student will be attending classes remotely for two weeks is far less invasive, sensitive, and susceptible to misuse than a record indicating that student had a high temperature and exhibited other coronavirus symptoms and therefore is being forced into quarantine for two weeks.

Be careful of the proliferation of symptom-tracking apps now marketing themselves to schools, said Vance of the Future of Privacy Forum. Many have privacy policies that indicate compliance with HIPAA, the federal health-privacy law, but do not mention FERPA, which is the law most likely to actually apply to use in schools.

There are also important considerations around equity and anti-discrimination to consider, many of which are discussed in detail in a series of issue briefs created by the forum. Trust is essential, said Vance, so parents and students feel comfortable honestly reporting their symptoms, without worry that such information might be used to exclude them from certain classes or educational opportunities down the road.

To that end, experts across the board stressed a common point: In a time of high anxiety and tremendous uncertainty, as back-to-school season is certain to be, transparency is critical.

“If there was ever a time to over-communicate with parents about your [privacy] plans,” Krueger said, “this is it.”

Events

Ed-Tech Policy Webinar Artificial Intelligence in Practice: Building a Roadmap for AI Use in Schools
AI in education: game-changer or classroom chaos? Join our webinar & learn how to navigate this evolving tech responsibly.
Education Webinar Developing and Executing Impactful Research Campaigns to Fuel Your Ed Marketing Strategy 
Develop impactful research campaigns to fuel your marketing. Join the EdWeek Research Center for a webinar with actionable take-aways for companies who sell to K-12 districts.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Privacy & Security Webinar
Navigating Cybersecurity: Securing District Documents and Data
Learn how K-12 districts are addressing the challenges of maintaining a secure tech environment, managing documents and data, automating critical processes, and doing it all with limited resources.
Content provided by Softdocs

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Privacy & Security A New Federal Taskforce Targets Cybersecurity in Schools
The “government coordinating council" aims to provide training, policies, and best practices.
3 min read
Illustration of computer and lock.
iStock / Getty Images Plus
Privacy & Security Q&A Why One Tech Leader Prioritizes Explaining Student Data Privacy to Teachers
Jun Kim, the director of technology for an Oklahoma school district, helped build a statewide database of vetted learning platforms.
3 min read
Jun Kim, Director of Technology for Moore Public Schools, poses for a portrait outside the Center for Technology on Dec. 13, 2023 in Moore, Okla.
Jun Kim, is the director of technology for the Moore school district in Moore, Okla., He has made securing student data a priority for the district and the state.
Brett Deering for Education Week
Privacy & Security A Massive Data Leak Exposed School Lockdown Plans. What Districts Need to Know
More than 4 million records held by school safety software company Raptor Technologies were left inadvertently exposed online.
5 min read
Concept image of security breach, system hacked alert with red broken padlock icon showing vulnerable access.
Nicolas Herrbach/iStock/Getty
Privacy & Security As Cyberattacks Mount, Lawmakers Double Their Efforts to Protect Schools
But the legislative push is not matched by funds to build better cyber defenses.
2 min read
Conceptual illustration of computer with a pixelated lock on screen.
Nanzeeba Ibnat/iStock/Getty Images Plus