Reports Call out Gaps in Student Privacy Laws

Two new reports from the National Association of State Boards of Education (NASBE) and the National Education Policy Center (NEPC) say that states need to provide stronger guidance on student privacy laws. While many states have proposed new legislation, the briefs argue that much of it leaves too much open to interpretation. In addition, the NEPC paper suggests that COPPA extend to 14 year-olds and more protections be offered to 15-18 year-olds.

Recommendations for effective student data policies from Regulating Student Data Privacy (NASBE)

  1. a statement of purpose that acknowledges the educational value of data and the importance of protecting it;
  2. a designation of who is responsible for implementing policies and answering stakeholder questions;
  3. a transparency plan that relays what data will be collected, by whom, for what purpose, when, and where it is housed;
  4. a provision that limits company use of data for noneducational purposes;
  5. a review of the state’s current resources, including staff and technical capacity;
  6. a set of statewide data security standards with administrative, physical, and technical safeguards; and
  7. a plan for ongoing training to ensure educators and administrators know how to use education data effectively and securely.

Read more from NASBE.

Policy recommendations from On the Block: Student Data and Privacy in the Digital Age (NEPC)

  • The Federal Trade Commission [should] extend the Children’s Online Privacy Protection Act (COPPA) protections to age 14, and strengthen the protections offered to adolescents ages 15-18.
  • FERPA should be strengthened, including allowing parents to sue on their own behalf.
  • National and state legislation should give parents more opportunities to correct errors and to opt-out of data collection.
  • LEAs and private vendors should be required to specify in advance the purpose for which any given piece of information is collected, to limit the use of that information to its original intended purpose, and to require that the data be destroyed after serving its specified purpose.
  • There should be specific sanctions on vendors for breaches of student privacy or data security.
  • We recommend that legislators developing statutory language and district leaders developing contracting policies review the comprehensive guidelines offered by the Electronic Privacy Information Center’s Student Privacy Bill of Rights before taking action.
  • We also recommend that policymakers develop policies that encompass not only the privacy of student educational records but also the wide variety of student data (including anonymized data) that may now be collected and shared. These policies should explicitly address the potential commercial use of any data collected.
  • Finally, we recommend that the burden of protecting student data be placed not only on schools but also on any private vendors with access to student data.

Read more at NEPC.

The 2015 Content in Context will feature a session on getting down to brass tacks with student data privacy.

Data & Privacy