Continuing the Obama Administration’s pledge to safeguard student data privacy, the Department of Education’s Privacy Technical Assistance Center has released model terms of service guidance. Directed at educators and administrators, the model terms are designed to help schools identify which online educational services and apps have strong privacy and data security policies to protect students.
The document includes:
- A checklist for evaluating Terms of Service Agreements to ensure that the app or program will handle data in a safe and secure manner.
- Warning signs and potential illegal practices to look out for when using these applications.
- Recommendations and best practices for what you or your organization can do to protect yourself and your data.
For example, the document shares a sample definition for data in an agreement and why certain language should not be included.
- Good example: “Data include all Personally Identifiable Information (PII) and other non-public information. Data include, but are not limited to, student data, metadata, and user content.”
- Provisions that cannot or should not be included in TOS: Beware of provisions that limit the definition of protected data: “Data only include user information knowingly provided in the course of using (this service).”
- Explanation: The definition of data should include a broad range of information to which providers may have access in order to ensure as much information as possible is protected in the agreement. Beware of provisions that narrowly define the “Data,” “Student Information,” or “Personally Identifiable Information” that will be protected.
Input and suggestions on the document may be made to PrivacyTA@ed.gov.
A breakout session at the PreK-12 Learning Group 2015 Content in Context will examine student data privacy for learning resource developers.