The tug-of-war over student data privacy continues.
Friday, the U.S. Department of Education released new, non-binding guidance containing suggestions for schools and districts to better inform parents about how their children’s sensitive educational data is being used.
Some privacy advocates, however, were less than enthusiastic. In its response, for example, the Washington-based Electronic Privacy Information Center called attention to recently released documents the advocacy group maintains show evidence of the department’s inadequate responses to student privacy complaints.
Among other things, the department’s new guidance suggests that schools and districts:
- Publish an inventory of all data collected about students;
- Post online all contracts that require the sharing of student information with third-party vendors;
- Provide parents with a list of all online software and apps that are approved for classroom use, and
- Be more “thoughtful and careful” in responding to parental inquiries and concerns.
“It is important that schools and districts communicate what student information they collect, why they collect it, how they use it, and to whom they disclose it,” according to the document, titled “Transparency Best Practices for Schools and Districts” and released by the department’s Privacy Technical Assistance Center.
“The department encourages schools and districts to take a proactive approach in communicating with parents, as greater understanding of the schools’ and districts’ data privacy policies and practices will help alleviate confusion and misunderstandings about students’ data use.”
Such efforts at transparency are important, said EPIC lawyer Khaliah Barnes.
But an equal emphasis on accountability is also needed, she said.
“The department routinely is not investigating possible [Family Educational Rights and Privacy Act] violations,” Barnes maintained, referencing hundreds of documents recently obtained by EPIC following a federal Freedom of Information Act request. The documents, which cover correspondence between schools and districts and the department related to FERPA complaints made since 2009, are still being released, Barnes said.
Barnes also said the new federal transparency guidelines “fall short” in not suggesting that districts notify parents of breaches or unauthorized release of student information.
The new federal guidance also comes just days after a newly formed coalition of activists and parents called for congressional hearings and legislative action to better protect students’ sensitive information.
The department’s recommendations do not go far enough in encouraging stronger notification and consent protocols for parents, said Leonie Haimson, the co-chair of the Parent Coalition for Student Privacy.
“The [department] advises school officials to inform parents when their children’s personal data is being shared with third parties—but does not require it, and doesn’t even recommend that parents should be asked for consent to decide for themselves if this sharing is either necessary or advisable,” Haimson wrote in an email.
In response to the criticism, department press secretary Dorie Nolt offered a statement.
Education Secretary Arne Duncan “has said that protecting our students’ information is more than a legal requirement—it’s a moral imperative—at a time when cutting-edge learning tools are creating extraordinary opportunities for students across the country,” Nolt wrote in an email. “The Department is committed to enforcing federal privacy laws that protect students and families while also providing guidance and best practices to school systems and educators facing rapidly changing technology in the classroom.”
As student data privacy has exploded into a front-burner issue over the past year, a number of guides, toolkits, best practices, and other documents for schools and districts have been released. (See Education Week‘s complete coverage of educational data and privacy issues.)
The new federal guidance recommends that schools and districts go beyond the minimum required by law to explain why they collect various pieces of information and to explain policies around such as issues as data retention and access to personally identifiable information.
The department’s Family Policy Compliance Office, or FPCO, also created a new website with information about the federal laws it administers, including the Family Educational Rights and Privacy Act, or FERPA.
In its release, the department touted the site as featuring “an online ‘community of practice’ for school officials to share best practices, information, templates, and other resources.”
Barnes of EPIC, however, argued that the department still has much work to do.
“I think FPCO itself could be more transparent by staying current in posting the results of completed investigations and the specific guidance they have given,” she said.
A version of this news article first appeared in the Digital Education blog.