Federal lawmakers are intent on updating an education privacy law that hasn’t been overhauled in more than 40 years – but they are unsure about how to go about it.
The House Committee on Education and the Workforce held a hearing Tuesday with state technology leaders, education researchers, parent groups and advocates, to gather information about how schools are protecting student data and the vulnerabilities that still exist. Legislators specifically addressed the Family Educational Rights and Privacy Act, which was established in 1974 and revised in 2012 to protect kids’ emails and other means of online identification.
“Student privacy protections are woefully outdated,” said the committee chairman, Rep. John Kline, R-Minn. “Long before online learning tools and cloud-based computing systems were the norm, Congress passed the Family Educational Rights and Privacy Act. But that was 1974. A lot has changed since then.”
Just last year, a House subcommittee held a similar hearing about whether the existing law applies to most schools anymore. Advocates have argued that an update of the law is long overdue as products from technology and software companies increasingly find their way into classrooms and pick up kids’ data.
A technology official testified Tuesday that Georgia has seen positive outcomes of statewide efforts to collect and use data. Schools and districts collect student data, and the state then aggregates the information into a digital database called the Statewide Longitudinal Data System (SLDS).
If teachers want to learn about their students’ academic backgrounds and performance, they don’t need to dig through reams of papers, since they have the information “at the touch of a button,” said Robert Swiggum, the deputy superintendent of technology services for Georgia’s Department of Education.
Since SLDS was launched in 2006, the high school graduation rate in the state increased to 78 percent in 2015 from about 50 percent in 2009, Swiggum said.
Databases like SLDS can improve classroom efficiency, but parents don’t always fully understand how the data dumps work. Rachael Stickland, co-chair of the Parent Coalition for Student Privacy in Colorado, said that parents should have the right to know why certain data on their children is collected, who it is shared with, what security protections are in place, and when the information gets destroyed.
“I think FERPA should require schools to tell parents how information is being used, and, certainly, at any point possible, the ability to have consent to opt out,” Stickland said in the hearing.
“The term ‘education records’ gives parents a very false sense of assurance,” Stickland said, adding that parents often don’t know that sensitive information, like medical stats, disability records and criminal histories, is included.
Another law, the Education Sciences Reform Act, is also due for reauthorization. Lawmakers debated researchers’ roles in protecting students’ privacy when using their data for research purposes.
Dr. Jane Hannaway, a fellow at the American Institutes for Research, explained that when states give data sets to researchers, all the data are “de-identified” so that researchers are not able to figure out which specific individuals the data describes.
Many of the representatives agreed that research in education is necessary to improve practices in classrooms. But they stressed that educational research should take student data privacy into consideration.
“We’re certainly not here debating the value of educational research,” said Rep. Suzanne Bonamici, D-Ore. “But at the same time, we’re very concerned about…the sensitivity of the data.”
“With technology changing faster than policy, we really need to have a way to get the balance so that we safeguard privacy and make sure that we get the research that we need,” Bonamici added.