A report published last week ranking states on how well they protect student privacy has been criticized for not being a comprehensive account of state policies, but its author said the report is “exactly what we want it to be.”
The State Student Privacy Report Card — published by the Parent Coalition for Student Privacy and the Network for Public Education — says its grades provide a snapshot of states’ progress on student data privacy legislation to inform parents, student advocates and legislators.
The report assigns a letter grade and GPA to reflect each state’s progress on student privacy and data protection legislation. Not a single state received an “A,” which according to the report’s author is because “no state sufficiently protects student privacy in our estimation to the degree necessary.” The highest grade went to Colorado, where the report’s author resides, which received a “B” for its student privacy protections.
Rachel Stickland, a student privacy advocate and author of the report, told EdScoop that student data privacy is an increasingly important issue, and the goal of the project was to “let parents and advocates and even legislature know that there is still a lot of work to be done.”
However, the Future of Privacy Forum, a Washington D.C.-based think tank, says the scores are misleading. “A lot of the states that were given the ‘F’ grades actually did not deserve them,” said Amelia Vance, FPF’s director of education privacy and policy counsel. She added that some of the states the report claims have no laws relating to student data privacy actually do, while other states were credited with more laws than actually exist.
“South Carolina really does have a law, I promise,” Vance said.
South Carolina passed House Bill 3893 in 2014, which states that the State Department of Education, with respect to use and governance of student data, must ensure preservation and protection of privacy rights, and the confidentiality and security of collected data. The report card however, gives South Carolina an ‘F’ because states found without student privacy laws were automatically failed and the study neglected to include South Carolina’s law in its analysis.
According to the report, grades were assigned based on the analysis of 99 laws passed between 2013 and 2018 that specifically addressed student privacy and data security protections. However, according to FPF, there have been 161 laws mentioning student privacy passed since 2013. Vance said the report leaves state privacy regulations out of its analysis — which, although not laws, are legally binding.
Each state received a GPA based on assessments of each law based on seven weighted categories:
- Parties covered and regulated (10%)
- Transparency (15%)
- Parental and student rights (20%)
- Limitations on commercial use of data (20%)
- Data security requirements (15%)
- Oversight, enforcement and penalties for violation (15%)
- Other provisions (5%)
Although there are no current plans to release a new report card as states update their privacy laws, Stickland said that in a future version, “including focus on state regs would be ideal.”
“While we would have loved to have gotten down into the state regulation and district policies … because of constraints, we are not able to take on a project that big,” Stickland said, disputing the critiques from FPF. “Our organization represents the parent perspective and the advocate perspective, [and FPF] represents the industry perspective so it didn’t surprise me at all that they did not praise our report.”
Stickland said that industry groups can call the report “alarmist,” but that parents are increasingly concerned with data privacy. “Education is not as regulated as parents would think it is,” she said.
However, Vance argued, education is more regulated than the report card suggests. Vance said she was especially vexed by this report’s shortcomings because FPF maintains a list of all 113 student privacy laws states have passed.
Despite any criticisms, Stickland said, “I think our report does exactly what we want it to. Our concern is that student data is still really vulnerable and that state laws need to be improved.”