Find your next job fast at the Jan. 28 Virtual Career Fair. Register now.
Privacy & Security

School Reopenings Bring Wave of COVID-19 Student-Data-Privacy Concerns

By Benjamin Herold — August 11, 2020 6 min read
corona data privacy IMG

Whether it happens in-person or remote, this year’s back-to-school season is bringing with it a host of new data privacy concerns.

Chief among them: How to safely and legally store and share videos of classroom lessons featuring students, and what to do with all the new sensitive health information being collected by schools now administering health surveys, doing daily temperature checks, and tracing the contacts of students and staff who have contracted or been exposed to the coronavirus.

“Reopening plans must balance protecting health and protecting student privacy and educational rights,” said Amelia Vance, the director of youth and education privacy at the Future of Privacy Forum, which earlier this month released a new “Student Privacy and Virtual Learning Guide” along with the National Center on Learning Disabilities.

“It is a difficult—but incredibly important—balance,” Vance said. “Schools and districts should have clear plans in place for how they will collect, use, and store health data to ensure it is not ultimately used to limit educational access or opportunities for vulnerable students.”

Remote Learning Drives Ed-Tech Expansion

With the coronavirus pandemic still ravaging the country and sowing uncertainty in schools, 9 in 10 district leaders say they plan to incorporate some level of remote instruction into their reopening plans, according to the most recent survey of K-12 professionals administered by the Education Week Research Center in late July.

See Also: Massive Shift to Remote Learning Prompts Big Data Privacy Concerns

That means an abundance of platforms, software programs, and apps will be a regular part of students’ education. With this new reality comes fresh concerns about how all that technology will be collecting, storing, and using students’ personal information. Parents who wish to opt out of such technology usage, already limited in their options before the pandemic, will now be even more constrained.

To minimize the potential risk and build trust, Vance said, schools should consider establishing and sharing a set of limited and vetted ed-tech products they intend to use during remote learning.

That list shouldn’t include social media. Despite the appeal of reaching students on the platforms they regularly use in their personal lives, teachers and administrators should avoid delivering instruction on platforms such as Instagram Live, TikTok, and YouTube.

“Many social media tools were developed for general audiences, not students, and are therefore unlikely to be compliant with student privacy laws and best practices,” according to a blog post from the Future of Privacy Forum this spring.

And what about providing teletherapy services to students with special needs or disabilities?

Avoid “public-facing” platforms like Facebook Live, the new virtual learning guide advises, and, if possible, use platforms that your school district has a contract with. The federal department of Health and Human Services has offered greater flexibility around using commercial services that are not public-facing, such as Zoom, Facebook Messenger, and FaceTime.

Tips for Data Safe Videoconferencing

How are schools managing the broader shift to video-based instruction?

Eighty-two percent of district leaders expect teachers to pre-record video lessons and make them available for students to watch on demand, according to the most recent EdWeek Research Center survey. And when it comes to live videoconferencing, 8 in 10 principals and district leaders have approved their schools to use Zoom or Zoom for Education and Google Hangouts. Smaller numbers have approved use of Microsoft Teams, GoToMeeting, Skype, and other platforms.

A student’s mere participation in such videoconferencing likely does not trigger the Family Educational Rights and Privacy Act, or FERPA, the nation’s primary student data-privacy law. That likely changes, however, the moment “a student’s image, name, or voice is recorded and stored by the school,” according to the new NCLD and Future of Privacy Forum guide.

To make sure schools are protecting students’ privacy during videoconferences, the Consortium for School Networking, a professional association for school-technology leaders, developed an online guide.

Whenever possible, avoid recording classroom discussions with students, the group advises. Create guidelines that ensure any videos involving students are secure both in transit and while being stored. Make sure only necessary personnel can access the videos and set a schedule for deleting all videos after a set period of time.

Also critically important, said CoSN CEO Keith Krueger, is to avoid any “practices that might result in the videos being publicly available.” That means no open Google Drive links, posts to private YouTube accounts, or emailed files.

One strategy used by many school districts trying to take such concerns into account: Using learning management systems that are specifically designed for K-12 schools and have built-in tools for meeting with students, such as Canvas.

Protecting Sensitive Health Data

Another new concern for schools is all the sensitive health data on students now being collected.

In late July, 3 in 5 district leaders told the EdWeek Research Center they planned to do daily temperature checks of students and staff. Ninety-two percent said they’d require sick students to stay home, and 79 percent said they’d require students who were exposed to the virus to do the same. A handful were also planning to administer their own COVID tests.

“The complexity of this work across students and employees can’t be overstated,” said Krueger of CoSN. “In addition to state reporting requirements and privacy laws, schools also need to consider anti-discrimination laws, labor laws, and more.”

As important as ever, he advised, schools should avoid rushing a technology solution into place just to create the appearance of action. Strong privacy and security measures—including legal reviews for compliance with state and federal law, plans to minimize the data that are actually stored, limiting access to those data, and ensuring that “robust physical, technical, and administrative controls” are in place—are essential.

One tangible example of data minimization that Krueger described: A record stating that a given student will be attending classes remotely for two weeks is far less invasive, sensitive, and susceptible to misuse than a record indicating that student had a high temperature and exhibited other coronavirus symptoms and therefore is being forced into quarantine for two weeks.

Be careful of the proliferation of symptom-tracking apps now marketing themselves to schools, said Vance of the Future of Privacy Forum. Many have privacy policies that indicate compliance with HIPAA, the federal health-privacy law, but do not mention FERPA, which is the law most likely to actually apply to use in schools.

There are also important considerations around equity and anti-discrimination to consider, many of which are discussed in detail in a series of issue briefs created by the forum. Trust is essential, said Vance, so parents and students feel comfortable honestly reporting their symptoms, without worry that such information might be used to exclude them from certain classes or educational opportunities down the road.

To that end, experts across the board stressed a common point: In a time of high anxiety and tremendous uncertainty, as back-to-school season is certain to be, transparency is critical.

“If there was ever a time to over-communicate with parents about your [privacy] plans,” Krueger said, “this is it.”

Events

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
School & District Management Webinar
How to Make Learning More Interactive From Anywhere
Join experts from Samsung and Boxlight to learn how to make learning more interactive from anywhere.
Content provided by Samsung
Teaching Live Online Discussion A Seat at the Table With Education Week: How Educators Can Respond to a Post-Truth Era
How do educators break through the noise of disinformation to teach lessons grounded in objective truth? Join to find out.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
School & District Management Webinar
The 4 Biggest Challenges of MTSS During Remote Learning: How Districts Are Adapting
Leaders share ways they have overcome the biggest obstacles of adapting a MTSS or RTI framework in a hybrid or remote learning environment.
Content provided by Panorama Education

EdWeek Top School Jobs

Superintendent, Dublin Unified School District
Dublin, California (US)
Hazard, Young, Attea & Associates
Superintendent, Dublin Unified School District
Dublin, California (US)
Hazard, Young, Attea & Associates
ASSISTANT SUPERINTENDENT, HUMAN RESOURCES
Larkspur, California
Tamalpais Union High School District
Special Education Teachers
Lancaster, PA, US
Lancaster Lebanon IU 13

Read Next

Privacy & Security Sponsor How Public K-12s Can Defend Against Today’s Cyber Threats
The Multi-State Information Sharing and Analysis Center is the focal point for cyber threat prevention, protection, response, and recovery.
1 min read
Privacy & Security Spotlight Spotlight on Cybersecurity 2020
In this Spotlight, learn how educators are combatting cyberattacks and more.
Privacy & Security Schools Aren't Doing Enough to Protect Their Networks, Top Cybersecurity Official Warns
The nation's top cybersecurity official urged schools to take advantage of free federal resources for safeguarding their networks.
3 min read
Images shows a symbolic lock on a technical background.
iStock/Getty
Privacy & Security COVID-19 and Cybersecurity: 'Catastrophic Attack on Our Technology Systems'
Two large school districts have been rattled in the last week by incidents related to internet security and privacy.
7 min read
hacked IMG
Getty