Ed. Dept. Makes Protecting Student Data a High Priority

By Benjamin Herold — March 04, 2014 6 min read
  • Save to favorites
  • Print

Seeking to help schools protect students’ privacy without inhibiting the use of digital technologies in the classroom, the U.S. Department of Education released new guidance last week on the proper use, storage, and security of the massive amounts of data being generated by new, online educational resources.

“This can’t be a choice between privacy and progress,” Secretary of Education Arne Duncan told a gathering of privacy advocates and ed-tech leaders who gathered for a “summit” on the hot-button issue.

The guidance comes amid a flurry of activity around student-data privacy. Also in recent weeks, a leading technology trade group issued its own recommendations for protecting such data; major state legislation was proposed in California; U.S. Sen. Edward J. Markey, D-Mass., announced that he will soon introduce a federal bill; and the San Francisco-based nonprofit Common Sense Media hosted the high-profile “School Privacy Zone” summit here.

James P. Steyer, the CEO of Common Sense Media, said the confluence of efforts is a good sign.

A Flurry of Recommendations

February was a busy month for a wide cross-section of groups interested in student-data privacy:

Federal Government
The U.S. Department of Education released new guidance to help schools and districts interpret major student-privacy laws and implement best practices. Sen. Edward J. Markey, D-Mass., announced that he will soon introduce new legislation on the issue.

State Government
California state Sen. Darrell Steinberg, a Democrat, sponsored a new bill that, among other goals, would prohibit providers of online educational services from using or disclosing student data for commercial purposes, such as marketing. Bills in Kansas and a number of other states are also under consideration.

Ed-Tech Industry
The Software & Information Industry Association released “best practices for the safeguarding of student-information privacy and security for providers of school services.” The recommendations focus on limiting the use of personally identifiable student information to “educational and related purposes” and improving policies related to transparency, contracting, security, and data-breach notification.

Privacy Advocates
The nonprofit Common Sense Media hosted a “School Privacy Zone” summit in Washington attended by dozens of advocates, ed-tech leaders, and government officials, including U.S. Secretary of Education Arne Duncan. The group recently conducted polling research on U.S. voters’ attitudes about student-data privacy and is promoting a set of “fundamental principles” related to the issue.

“I’ve never felt that industry self-regulations were sufficient to protect the interests of kids and families,” said Mr. Steyer, whose organization is known for evaluating media and educational technology intended for use by children. “We want the best [private] actors to step forward, but we also need legislation and regulation and advocacy. It’s the combination that works.”

For its part, the federal government will seek “vigorous self-policing by commercial players” handling sensitive data about children, Secretary Duncan said, but it is “not going to wait for industry or rely on promises” to protect that information. The federal guidance is nonbinding and contains no new regulations; instead, it offers interpretations of existing laws and encourages “best practices” by schools and districts.

The 14-page document highlights the challenges of securing students’ data in the rapidly evolving digital education landscape. The Education Department’s short answer—"it depends"—to two frequently asked questions by school officials about how federal statutes apply to the sharing of sensitive student information with third-party vendors left some privacy advocates unsatisfied.

“The guidance really underscores the fact that student-privacy rights are under attack,” said Khaliah Barnes, a lawyer for the nonprofit Electronic Privacy Information Center, based in Washington.

Representatives from the software industry, meanwhile, commended the department’s guidance.

Crafting Protective Measures

In his keynote address at the summit, Mr. Duncan touted the “extraordinary learning opportunities” associated with new digital learning tools and the vast amounts of information they generate. He cited examples of schools’ use of technology and data to personalize student learning, free up teachers’ time for high-value instructional activities, and engage parents.

But the secretary also stressed that “school systems owe families the highest standard of security and privacy,” and he sharply criticized some common industry practices, including “take-it-or-leave-it” contracts with districts that allow companies to unilaterally and without notice change their privacy-protection practices.

“It is in your best interest to police yourselves before others do,” Mr. Duncan said in a direct message to ed-tech vendors.

Many policymakers, advocates, and even industry officials say a baseline standard should be that third-party vendors use student information only for educational purposes.

The new federal guidance, however, makes clear that defining “educational purposes” in the digital age is a complicated endeavor, and that student-privacy statutes now on the books are straining to meet the challenges presented by “big data” and ubiquitous digital learning tools.

Take, for example, the “metadata” collected on students via digital devices and online learning programs, which can include keystroke information, the time and place at which a device is being used, and more.

Under some circumstances, such metadata are not protected under the Family Educational Rights and Privacy Act, or FERPA, a 40-year-old law intended to protect children’s educational records from disclosure. According to the new guidelines, it may thus sometimes be permissible for vendors to use such information for data-mining and other noneducational purposes.

The circumstances under which students’ personally identifiable information may be used by third-party vendors can also be murky. As a result, the Education Department suggests that “schools and districts will typically need to evaluate the use of online educational services on a case-by-case basis to determine if FERPA-protected information is implicated.”

Some privacy advocates, though, criticize the department as having weakened FERPA by regulatory changes made in recent years.

“In the process of encouraging a market in data-mining software and the outsourcing of education into private hands, [the department] seems willing to sacrifice our children’s privacy,” said Leonie Haimson, the executive director of the New York City-based nonprofit Class Size Matters and a frequent critic of industry involvement in student data-sharing initiatives.

Outlining Best Practices

Dozens of bills addressing data privacy have been proposed in a number of states in recent months, and at the federal level, Sen. Markey said last week that he would seek “new, updated rules” to protect sensitive student information that is transferred to private companies.

The focus of the planned federal legislation, Mr. Markey said in a statement, would be prohibiting the use of such data for targeted marketing to children, ensuring parents’ rights to access information about their children that is held by private companies, and creating other new safeguards.

Hoping to get out ahead of the rising regulatory tide, the Software & Information Industry Association, a trade group based in Washington, released its own recommendations.

“We’re concerned about [the possibility] of legislation that might capture very appropriate uses of student information,” said Mark Schneiderman, the group’s senior director of education policy. “Our intention is to create a ‘trust framework,’ and at the same time make sure we’re not cutting off our nose to spite our face.”

While the SIIA focused on best practices for industry, the Education Department focused in its new guidance on supporting smarter, more effective practices by schools and districts.

Among the federal recommendations for school systems are conducting an inventory of all online educational services now in use; developing policies to evaluate and approve proposed online educational services, including no-cost software and apps that require only click-through consent; and pursuing written contracts with all new data vendors.

But while such approaches are welcome, they might not be enough to keep up with rising parental concerns about the privacy and security of their children’s data, said Joel R. Reidenberg, a Fordham University law professor who recently published a scathing review of districts’ current contracts with cloud-computing service providers.

“I don’t think it’s a reasonable expectation that districts are in a position to police vendors and really take control of their data,” Mr. Reidenberg said. “But it’s great that [the department] finally got something out.”

Related Tags:

A version of this article appeared in the March 05, 2014 edition of Education Week as U.S. Outlines Data-Privacy Guidelines


Teaching Webinar Examining the Evidence: What We’re Learning From the Field About Implementing High-Dosage Tutoring Programs
Tutoring programs have become a leading strategy to address COVID-19 learning loss. What evidence-based principles can district and school leaders draw on to design, implement, measure, and improve high-quality tutoring programs? And what are districts
Classroom Technology Webinar Building Better Blended Learning in K-12 Schools
The pandemic and the increasing use of technology in K-12 education it prompted has added renewed energy to the blended learning movement as most students are now learning in school buildings (and will likely continue

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Federal Top Federal Adviser on Puerto Rico's Schools Declares: 'We Have to Build Trust'
Chris Soto heads an Education Department team providing technical assistance and support for the U.S. territory's public schools.
4 min read
Martin G. Brumbaugh School kindergarten teacher Nydsy Santiago teaches her students under a gazebo at a municipal athletic park in Santa Isabel, Puerto Rico, on Feb. 4, 2021.
Martin G. Brumbaugh School kindergarten teacher Nydsy Santiago teaches her students under a gazebo at a municipal athletic park in Santa Isabel, Puerto Rico, on Feb. 4, 2021.
Carlos Giusti/AP
Federal Schools Could Count Nonbinary Students Under Biden Proposal
The Civil Rights Data Collection for this school year could also revive questions about inexperienced teachers and preschool discipline.
6 min read
Image of a form with male and female checkboxes.
Federal 'Parents' Bill of Rights' Underscores Furor Over Curriculum and Transparency in Schools
U.S. Sen. Josh Hawley's bill highlights how education issues like critical race theory will likely stay in the national political spotlight.
7 min read
Sen. Josh Hawley, R-Mo., speaks during a Senate Armed Services Committee hearing on the conclusion of military operations in Afghanistan and plans for future counterterrorism operations, Tuesday, Sept. 28, 2021, on Capitol Hill in Washington.
U.S. Sen. Josh Hawley, R-Mo., says "it's time to give control back to parents, not woke bureaucrats."
Patrick Semansky/AP
Federal Opinion It’s Not Just the NSBA That’s Out of Touch. There’s a Bigger Problem
Those who influence educational policy or practice would do well to care about what parents and the public actually want.
4 min read
Image shows a multi-tailed arrow hitting the bullseye of a target.
DigitalVision Vectors/Getty