It was created by the Parent Coalition for Student Privacy in collaboration with the Campaign for a Commercial-Free Childhood, and it offers guidance on what privacy rights federal law provides to children, what to look for in school vendors’ privacy policies and tips on how to advocate for schools and districts to adopt best practices to properly secure students’ personal information.
The nonprofit parent coalition was founded in July 2014 by Leonie Haimson of New York and Rachael Stickland of Colorado, parent advocates who successfully led the battle to stop nine states from disclosing their personal student data to inBloom. It was designed to be a massive student database, with the goal of more easily sharing this information with for-profit data-mining vendors and other third parties without parent notification or consent.
Here’s a post by Haimson and Stickland about student privacy and the toolkit.
By Leonie Haimson and Rachael Stickland
Several years ago, we were among the parents who were horrified to learn about inBloom, the $100 million corporation created to collect, store, systematize and share the personal information of millions of public school students with vendors and other third parties, with the goal of making education more “efficient” – all without parent knowledge or consent.
Parents and education advocates throughout the nation protested. Because of this opposition, every state and district pulled out, and by April 2014, inBloom closed its doors. Yet the controversy alerted parents as to how few legal safeguards existed to protect their children’s highly sensitive data, and how schools and districts were already engaged in routinely sharing it, with little thought of the potential harm this could create.
Despite a clear desire among many parents to protect their children’s sensitive data, few resources exist to help them navigate the confusing patchwork of laws and regulations that govern student privacy. Most guidance is aimed at schools and districts, not parents, and what has been produced is often filled with legal and technical jargon. To compound the problem, most widely available student privacy resources are often written by organizations funded or supported by the growing ed-tech industry and who advocate for increased data sharing rather than reducing it.
In fact, millions of student data points are currently soaked up every day by schools or their vendors and shared with third parties, including for-profit companies, government agencies, and researchers, without parental knowledge, and with few or uncertain security protections. The personal data collected from children may include students’ names, email addresses, grades, test scores, disability status and health records, suspension and discipline data, country of birth, family background, and more. Other digital data collected may include internet search history, videos watched, survey questions, lunch items purchased, heart rate and other biometric information measured during gym class, and even classroom behavior, such as being off-task or speaking out of turn.
This information, whether collected by schools directly or by contractors supplying online learning platforms, classroom applications and websites, are often merged together and analyzed via algorithms to profile a student’s skills, strengths, abilities and interests, and to predict future outcomes. How this sensitive data may be used, with whom it can be shared, and how it can be protected are questions on many parents’ minds. Finding answers can be hard; schools often find themselves caught in the middle.
On one hand, schools are expected to integrate technology in the classroom to prepare students for the 21st Century and to outsource educational and operational services to private companies – in theory, to keep costs down. Now electronic data is flowing from students from the moment they board the school bus in the morning until they complete their homework online at night and the result is that they are generating far more digital information about themselves than schools are equipped to handle or protect.
On the other hand, federal laws created to protect children’s privacy are difficult to interpret and haven’t kept pace with the times. Most notably, the Family Education Rights and Privacy Act or FERPA, was enacted in 1974 — long before schools entered the digital age. In the past, FERPA was modestly effective at guarding children’s sensitive information when students’ paper records were handled by school employees only and stored in a filing cabinet in the principal’s office. Now students’ records are entered into computers, tablets and smartphones, and stored in the “cloud,” often with very few restrictions on who can access the data and for what purposes.
Understanding these complicated issues — what student data is, how it’s used, with whom it’s being shared and how to protect it — leaves many parents’ heads spinning. Well-intentioned principals and teachers often don’t know the answers or how to help.
Our toolkit, available on the PSCP website, offers clear guidance about what student privacy rights exist under federal laws and what steps parents can take to ensure these laws are enforced, suggests questions they can ask to learn more about their schools’ data policies, and recommends best practices that parents can urge their school and district officials adopt, all with the goal of protecting and securing this data. We also suggest tips that parents can use at home and sample opt out forms to minimize the risk that their children’s privacy will be breached or abused.
Parents can download the Parent Toolkit for Student Privacy now at https://www.studentprivacymatters.org/toolkit. We are also co-sponsoring a webinar on May 23, 2017 EST to learn how to effectively use the toolkit’s resources. Click here for more information or to sign up.