With rising concern over student privacy ushered in by the increasing use of technology in schools—from apps in the classrooms, cloud services for storage, and other digital products that collect students’ personal information—the National Association of Secondary School Principals released today a set of recommendations to help safeguard student privacy.
The recommendations, which are aimed at federal, state and local school policymakers, were developed by a working group of principals. They are meant to strike a balance between the need to protect student privacy along with the recognition that the demands on schools nowadays require the widespread and effective use of data to improve teaching, learning, and staff development.
According to the NASSP, student data should be used solely to inform “education policy, practice, and research and to deliver educational services to students.”
The group said the 1974 Family Educational Rights and Privacy Act—the federal student-privacy law known as FERPA—has not evolved fast enough to catch up with the challenges inherent in using so much technology in schools.
Concerns include keeping prying eyes out of student data about discipline, special needs, and children’s mental health statuses and ensuring that the data are not used for commercial purposes.
Those misgivings proved to be warranted when tech giant Google acknowledged that it had scanned the contents of millions of emails from students who used the company’s Apps for Education tool suite for schools. A lawsuit challenging the practice, known as data-mining, is now wending its way through federal court in Northern California. The company has said that it has since halted the practice.
“NASSP encourages the many benefits of using technology in education, as technology-enhanced instruction can empower students to lead their own learning, connect them with countless resources, and allow them to collaborate across time and space,” Amanda Karhuse, the group’s advocacy director, said of the recommendations. “But we also have an obligation to safeguard the sensitive data that is a byproduct of those activities.”
At the federal level, the organization recommends: policies that balance the need for privacy and the need to improve instruction; tougher encryption standards; funding to states to address student-data privacy issues; and a limit to “nonconsensual” access to personally-identifiable student data.
At the state level, it recommends: statewide security plans; policies that cover the storage, collection and access to student data; and guidance to districts on how to deal with the data, including their destruction.
At the district level, it recommends: policies that address what data can be collected, how they will be stored and the responsibility of each party in the event that a breach occurs; clear policies that deal with destruction and deletion of data; a privacy officer who will be responsible for monitoring compliance with federal, state and district policies; posting an online list of all the apps that are used by the district; and training and educating teachers and principals on state and district laws and policies.
The full list of guidelines and recommendations can be found on the NASSP’s website, here.
The public will have 60 days to comment on the recommendations. They will be subject to a vote at the NASSP’s annual conference in San Diego in February.
A version of this news article first appeared in the District Dossier blog.