Student Data Privacy Is the Newest Hot Topic on the Hill

As the use of digital technology rises in schools, so does the concern about the security of student data. Numerous state bills have been introduced and passed in the past few years, but now Congress is starting to examine a federal response and NASSP has been at the table for these discussions. Our objective is aligned to the position statement approved by the Board of Directors in February 2015: to ensure the protection of student privacy and appropriate use of student data to improve teaching and learning in the classroom.

On April 29, Reps. Luke Messer (R-IN) and Jared Polis (D-CO) introduced the Student Digital Privacy and Parental Rights Act (H.R. 2092), which mandates what education technology vendors can and cannot do with student data. The bill would require operators to disclose publicly and directly to K–12 schools the types of information being collected and how that information will be used. Operators would have to establish and maintain strong security procedures to prevent data breaches and notification policies in the event of a data breach. Operators would also be prohibited from allowing targeted advertising or selling a student’s information to a third party.

NASSP participated in a number of meetings and conference calls with staff for Reps. Polis and Messer as they drafted the bill and is pleased that they considered our input in the final version. We joined 10 other national education organizations in sending a letter of endorsement for H.R. 2092 because it “strikes a good balance between protecting student privacy and promoting personalized learning informed by data and powered by educational technology.” We are also pleased that the bill would not place an undue burden on schools, principals, or teachers and give them confidence about the digital tools used in the classroom.

Sen. Richard Blumenthal (D-CT) has also announced that he is working on draft legislation related to student data privacy. Similar to the Student Digital Privacy and Parental Rights Act, the bill would focus on the data collected by education technology vendors, but there will be some differences from the House bill. According to Politico, the bill will give parents more control over their child’s data, add early childhood education, and include “strong enforcement tools and robust regulatory language.”

Also of interest to school leaders, House Education and the Workforce Committee Chairman John Kline (R-MN) and Ranking Member Bobby Scott (D-CA) released a discussion draft for reauthorization of the Family Educational Rights and Privacy Act (FERPA). NASSP and other national education organizations met with committee staff last week and will likely work together to draft comments on the proposal. At first glance, we are very concerned that the discussion draft is silent on the need to build educator capacity. NASSP recommends that states and districts should provide teachers and principals with specialized training on student data privacy issues that will help them comply with FERPA and other state laws or regulations.

Earlier this week, NASSP joined 17 other national organizations in releasing The Federal Role in Safeguarding Student Data. The document outlines three potential areas for federal action on this issue:

  1. Ensure that federal laws provide a strong foundation to protect student information in a constantly changing and increasingly digital school environment.
  2. Ensure that the federal government coordinates across agencies to provide clarity to those on the ground as to how privacy laws work together.
  3. Support state and local capacity to safeguard data.

NASSP will continue to work closely with our coalition of national education organizations as these proposals move forward. Be sure to visit the Principal’s Policy Blog for regular updates.

1 Comment

  • Ken Oertling says:

    In Louisiana, measures outlined by Acts 837 and 677 (2014) are appropriate starting points of consideration when attempting to resolve the question of appropriate procedures to protect student personally identifiable information yet more needs to be done. With its implementation, many school districts have not had the support or training to appropriately handle the changes that must occur under the current versions of the Acts, and they are currently being revised. Although states have begun enacting their own regulatory frameworks for student records and data, the federal government should consider making appropriate changes to FERPA (2008) or creating a new federal framework and legislation to protect student personally identifiable information. Regardless of either, parents, students, and school officials should be used to help develop these policies or policy changes.
    This legislation should include parameters that each school system must comply with. As mentioned by Krueger and Moore (2015), all staff involved with selecting and adopting online services and the handling of any student data should follow standard procedures and provided regular training on privacy laws. Legislation should also include additional measures to ensure student data collected by third-parties can only be used for educational purposes and destroyed within a certain time frame after use. All contracts should include standard language that reflects the appropriate legislation. Schools should be required to inform parents of any and all web based or contractual student data services they have. School systems should also ensure a designated supervisor’s sole responsibility is to ensure all schools are in compliance with said legislation and provide appropriate yearly training to head school officials as well as implementation of appropriate district level protection procedures. Any legislation passed should include a provision to review legislation yearly, ensuring all measures are suitable for current technologies. Finally, anyone found in violation of these measures should be given appropriate sanctions or consequences.

Leave a Comment

Your email address will not be published.