With more than 300 bills related to student data privacy introduced in 49 states since last year, experts say it’s more important than ever for educators to understand how to protect kids’ personal information.
Should researchers be allowed to access student data? Are the various pieces of legislation interpreted correctly, or do they leave room for ambiguity? What rights do third-party providers have? These are some of the concerns that advocates and educators tried to address during a conversation on Thursday held by the Software & Information Industry Association, the School Superintendent’s Association and the National Association of State Boards of Education.
Amelia Vance, director of education data and technology in NASBE, suggested that states, districts and schools be on the same page when interpreting data policies. Stakeholders at every level should understand the following fundamental elements:
- The purpose of the law.
- Who is in charge of data privacy – schools or service providers.
- Statewide transparency plans and data security plans.
“It’s important to remember that what gets passed in the legislature is not the only thing that protects students’ information,” Vance said. “We’ve seen a ton of regulations and guidance and executive orders.”
SIIA touted its student privacy pledge, which has been signed by 240 companies since the guidance was rolled out in October 2014. Here are some tips for vendors:
- Vendors should not change privacy policies without notifying parents or students.
- Parents and teachers should understand the exact type of personal information that the companies collect.
- Students or parents should have the right to access and correct the information.
“Companies should have privacy policies that are really easy to follow … to understand what is going on there,” said Brendan Desetti, director of education policy of SIIA.
On the school level, firewalls are automatic safeguards for school information – but it they don’t go far enough in securing sensitive data, said Vincent Scheivert, chief information officer of Albemarle County Public Schools in central Virginia.
“My greatest concern is all the stuff sitting behind the firewalls,” Scheivert said, adding that guidelines and principles about student data privacy should be incorporated into teacher training programs. Here are some things schools should look out for:
- Before signing the contract with a vendor, test the software or app first to ensure teachers understand what the products do.
- Discuss and compare the privacy policies of different vendors.
- Establish a metric to measure the privacy policies of edtech products. Here is an example from Albemarle County Public Schools.
“We have 250 teachers who have the ability to make decisions, to do things in the right way or, potentially, wrong way without guidance,” Scheivert said. “What we focus on is how do we coach our staff, and how do we provide the capability to our staff to be able to make the best decision possible.”
Reach the reporter at firstname.lastname@example.org and follow her on Twitter @yizhuevy.