Federal Lawmakers Probe Contracts, Laws on Student Data Privacy

By Benjamin Herold — June 25, 2014 4 min read
  • Save to favorites
  • Print

The hot-button issue of student data privacy reached the halls of Congress Wednesday, with U.S. House subcommittees focused on education and homeland security issues holding a joint hearing that yielded more thoughtful questions than major news.

Education Week, which has covered issues of data privacy and educational data use extensively over the past year, was part of the social media coverage and discussion surrounding the hearing, which featured faces and arguments largely familiar to those who have been following the issue.

For example, Joel Reidenberg, a law professor at Princeton University and Fordham University in New York, attacked the “appalling number” of districts whose contracts with cloud-based vendors handling student information have weak or non-existent requirements related to data security and privacy— a particular problem, he said, given the expansive scope of the data to which third-party vendors now have access.

And the Washington-based Software & Information Industry Association, which counts roughly 800 members in the software and digital content industry, highlighted the benefits that educational technology and student data have brought to schools, including early-warning systems to help prevent students from dropping out, personalized learning strategies targeted to individual student needs, and more.

Mark MacCarthy, the association’s vice president for public policy, reiterated the group’s stance that existing federal laws provide “a strong framework that restricts use of student information to educational purposes.”

One relatively under-the-radar effort that garnered considerable attention at the hearing was recently passed data-privacy legislation in Idaho. Like other state bills also based on model legislation from the American Legislative Exchange Counsel, an Arlington, Va.-based legislative-advocacy group, the Idaho legislation calls for better data-governance practices and more transparency, in the form of public data inventories. But it also goes further, including model contracting requirements and outlining specific penalties for data-privacy violations. The legislation was praised by MacCarthy, Reidenberg, and Representative Todd Rokita, a Republican from Indiana who chairs the education and workforce committee’s subcommittee on early childhood, elementary, and secondary education.

Otherwise, though, the hearing was mostly a substantive back-and-forth on the questions that policymakers, educational data proponents, and privacy advocates have been turning over for months.

Does Congress need to update federal laws—especially the Family Educational Rights and Privacy Act, or FERPA—in order to better define what comprises students’ “educational record” in the age of big data, “learner profiles,” and cloud-service providers?

When it comes to holding third-party vendors accountable for securing students’ data and protecting their privacy, what is the appropriate balance between better contracting practices, new legislation, improved regulations, and industry-self policing?

And how big a problem is the misuse of student data, anyway?

One common note, struck to varying degrees by just about all of the elected officials and experts present, was on the value of educational data for modern learning. That was the main theme of panelist Thomas Murray, the state and district digital learning director for the Alliance for Education, description that also released Wednesday a new report on the subject, titled “Capacity Enablers and Barriers for Learning Analytics: Implications for Policy and Practice.

In February, the U.S. Department of Education issued new guidance for schools and districts on how to apply FERPA and other federal privacy laws. In May, Senators Edward Markey, a Democrat from Massachusetts, and Orrin Hatch, a Republican from Utah, released a draft bill that would overhaul FERPA. And a new report from Whiteboard Advisors, a Washington consulting group, found that 42 percent of so-called “education insiders” believe there will be federal data privacy legislation in the next 18 months.

But for the time being, anyway, most of the legislative action on the issue appears to be in the states, and Wednesday’s hearing didn’t provide any tangible signs that is likely to change imminently.

A version of this news article first appeared in the Digital Education blog.