The State of K12 Student Data Privacy in the Cloud
Has anything changed since the rise and fall on InBloom in 2013? For those of you that do not recall, InBloom was the Gates funded project to create a national operational data store of K12 student data to address student movement and interoperability. Sounds like a good idea right? The project failed and spawned the growing attention to student data privacy concerns in schools across the U.S. The answer to the question; a lot has changed, yet a lot still remains the same.
Since 2013, a great deal of attention has been given to student privacy in our schools. Many state laws have been passed and new non-profit organizations have appeared to assist schools. Still many schools are not aware of the privacy risks that may be taking place in their classrooms.
The explosion of EdTech apps over the last ten years or so has created many risk areas. For years educators were encouraged to attend conferences and experiment with new innovative online tools to support teaching and learning. Many of these applications were free. All employed with good intentions. Unfortunately, we are now finding out that many of these applications may not have been built with privacy in mind, or the data collected is purposefully being leveraged for other uses. As a result, violations of FERPA may be occurring in many schools.
Schools in the U.S. are bound by FERPA to protect student level data and only share with parental consent or under other very specific exceptions. Using online providers to support teaching and learning may fall under one of these exceptions; “The School Official Exception”, but only when specific criteria are met and the provider is under the control of the school/ district. Meeting these requirements may include annual notices to parents, executing data privacy agreements with all online providers and thoroughly vetting all applications that are in use.
School districts that are aware of these requirements often find the burden to vet all applications overwhelming. It is quite common for schools to be using hundreds or even thousands of online applications with their students that have not been vetted for privacy. Backtracking and getting a handle on these can feel like an insurmountable task. The good news is that there are many resources available for district leaders to help jump start a privacy program. District staff should recognize that they are not alone in this work.
- Student Data Privacy Consortium’s (SDPC) tools for vetting applications and contracting with providers
- Future of Privacy Forum’s website entitled “FERPA Sherpa” that has great guidance for school staff
- U.S. Department of Education’s Privacy Technical Assistance Center (PTAC) offers on line and in person trainings
These are just a few of the great resources available to school staff to address privacy issues at the district level.If your district is one of the many districts that have not yet addressed student data privacy at the classroom level, now is the time you will want to get started. It is better to be proactive than to wait until you have to respond to an unpleasant incident. Reach out to other districts that have tackled this issue and utilize the resources listed in this article. We all have a responsibility to protect the privacy of our students.