Data Privacy and Schools: Outlining the Conversation

Nov 14, 2013 6:30am

by Linnette Attai, iKeepSafe

iKeepSafe is pleased to present a new paper intended to spearhead conversation around the ever-growing challenges related to managing data privacy and security in schools.

In the world of digital and mobile product development for children, this has been the year of privacy. Federal Trade Commission scrutiny and new Children’s Online Privacy Protection Act (COPPA) regulations have put a spotlight on industry, and products are being examined and revamped to ensure that they are compliant. The concepts behind the law include minimization of data collected from children, parental consent and control over data that industry might want to collect, and transparency around data collection and handling practices. But what about data collected from and about children in schools?

A recent New York Times article posed some questions about how schools might use a new data management service from InBloom, a nonprofit that has developed a system to store student data in the cloud. According to the article, the InBloom system is intended to alleviate the burden of data storage and encryption for schools, while providing ease of access. InBloom doesn’t decide what data schools might upload to the system, or how schools might use that data, but they do offer schools some 400 data field options. As noted by Dr. Cynthia Stevenson, the superintendent of Jefferson County, CO in the article, “the district must develop policies to specify which data elements to upload…and the conditions under which they could be shared with vendors.”

More recently, Senator Edward J. Markey (D-MA) sent a letter to the Department of Education asking questions about the impact of increased collection and distribution of student data on children’s privacy, particularly in light of updated provisions to the Family Educational Rights and Privacy Act (FERPA) that now allow for sharing of data with certain third-parties. 

As with industry, the education community is being asked what guidelines are in place for schools and companies around student data, and what rights do parents have to control that information.

Schools do have some guidance in this area. Along with FERPA, COPPA, and provisions of the Children’s Internet Protection Act (CIPA) outline obligations and requirements around online privacy and safety measures for schools.

However, compliance with these laws can be challenging when schools are relying on outside vendors to run some business functions related to collection and management of student data. In addition, industry can’t act alone in creating fully compliant solutions until the client – in this case the education community – defines the required parameters.

On the heels of its white paper, Building a Successful BYOD Program: A New Paradigm for the Education Community, iKeepSafe has issued a new resource, Data Privacy and Schools: Outlining the Conversation. This paper is intended to frame the questions that education community stakeholders who are invested in bringing technology into the classroom and in collecting and handling student data might consider before taking advantage of what are sometimes sorely-needed data management solutions. The paper is a launching pad for dialogue, with the ultimate aim of easing the development of successful and compliant partnerships with third-party technology partners.

Some key questions include, “How can schools be equipped to assess privacy policies and practices of operators for the technology that might be used in the classroom?” and “How can schools be equipped to assess privacy policies and practices of vendors that might house and have access to student data?”  Stakeholders are also being asked to consider how they intend to handle data around behavioral incidents, and whether or not they might treat that differently than academic or attendance data. Questions are also posed around implications of uploading data from third-party applications to data management systems.

In addition, emphasis is placed on helping schools consider how they can better share reporting with parents to build a community of support between the school, student and parent, focused around the child’s academic success.

Regardless of industry, managing data collection and handling practices with an eye towards increasing consumer privacy, transparency and control is a complex endeavor. However, the spotlight has been on business for many years, and awareness of the issues is high. iKeepSafe hopes to bring that same level of awareness to the education community, and to facilitate the conversation that will support their stakeholders in developing models of data management for schools.

Next month, iKeepSafe continues the conversation by examining data security concerns and best practices.

Linnette Attai is the Compliance Advisor for iKeepSafe, and the founder of PlayWell, LLC, a consulting firm focused on guiding clients through compliance concerns related to media and marketing, including digital and mobile privacy and safety issues.  Linnette has over 20 years of experience in the compliance industry, with special expertise navigating regulatory and self-regulatory environments surrounding digital and mobile products, advertising, marketing and content intended for children and teens. She also speaks extensively on these issues to industry leaders, attorneys, and policy makers at conferences across the country.