EdTech

Expert Guide to Online Student Data Protection

The breach of a student’s data privacy is not a recent concern, but one that is only now starting to gain attention due to the consequences of a public lack of concern. It is time to understand this issue, and treat it

The breach of a student’s data privacy is not a recent concern, but one that is only now starting to gain attention due to the consequences of a public lack of concern. It is time to understand this issue and treat it

As we continue to leverage educational technology in the classroom, today’s students are using laptops, smartphones, and tablets on a daily basis to do homework, tests, research, and class projects.

We tackled the issue of safety in a recent blog, Six Uber-Guides for Teaching Kids How to be Better -and Safer- Digital Citizens. The next concern for most school districts is a question of privacy, as we look to understand how our students’ data is being used and protected amidst the growth of educational technology in today’s schools.

FERPA & Student Data Privacy Laws

Intro to FERPA

Schools and school districts are generally prohibited from sharing student information with student parties, without written parental consent. This protection is guaranteed in the Family Educational Rights and Privacy Act (FERPA), a federal law protecting the privacy of student education records. FERPA applies to all schools that receive funds under an applicable program of the U.S. Department of Education. 

How FERPA Relates to Online Student Privacy

As online education becomes a more prominent aspect in the lives of students, FERPA is increasingly essential. FERPA covers a number of activities and resources relating to online student privacy when personally identifiable information is used to access online activity, including mobile apps, web-based tools and software. Whether the sources are provided by the school district or a third party, privacy laws remain the same in regards to student privacy and personally identifiable information. 

Within FERPA law, education records linked to any student must be safeguarded from unauthorized disclosure. A third party cannot use student information for any reason outside the exceptions made between the service and the school district. At the same time, parents can provide permission to disclose personally identifiable information to online service providers to gain access to specific online education services, activities, and resources. Keep in mind that services and social media accessed outside of the school’s parameters for personal use may not be covered by FERPA.

Additional Laws that Impact Student Data Privacy

The Protection of Pupil Rights Amendment (PPRA) was established to limit the ways in which online providers are able to use collected or received student information. Much of data collection is related to marketing purposes. PPRA requires school districts to notify parents directly when activities involve the gathering of data, disclosure of personally identifiable information, or the use of students’ personal information for marketing purposes or for the intent to sell student data and information. Parents are to be offered the option to opt out of such data collection and data sharing. 

The Privacy Technical Assistance Center was created to provide parents and students with a comprehensive guide and greater access to online privacy laws due to the fact that FERPA has limitations regarding online student data privacy. While FERPA covers personally identifiable information, it may not prohibit services from gathering additional data without using direct or indirect identifiable markers, such as watching videos that do not require login details. 

Schools and classrooms have become increasingly connected — with core curriculum now structured to leverage the digital devices and services that have been provided to students. Parents, students, teachers, and administrators are quite reasonably concerned about how technology impacts student privacy.

How to Keep Your School District Safe From Cyberattacks and Privacy Violations

Online education is not without risk. Cyber attacks and privacy violations are on the rise each day. The following are a few tips to help protect student privacy rights and online education activity from cyber breaches and violations and to minimize risk and exposure: 

  • Cybersecurity training for faculty, parents and students
  • Utilize firewalls and strong password practices
  • Restrict access to information and files
  • Monitor networks and systems frequently
  • Track remote school devices
  • Backup all critical data
  • Prepare for threats
  • Have a response and recovery plan
  • More cybersecurity training and education

EFF on Student Privacy 

Understanding and using technology is fundamental to education in the 21st century, and as a result, the EFF notes that school districts around the country are using cloud-based educational platforms and assigning laptops and tablets to students.

Many of these devices present a serious risk to student privacy, collecting far more information on kids than is necessary. Read the EFF Student Privacy Overview for more perspective on the EFF campaign to educate parents and administrators about these risks to student privacy. The page also provides a full legal analysis that dives deeper into the protection and rights of students: Legal Overview: Key Laws Relevant to the Protection of Student Data.

Several case studies are available from the EFF, created from an effort to learn more about parents’ experiences with student privacy across the country. The EFF notes that student privacy is about more than data collection and legal protections; it is about real students and their families.

Student Privacy Tips for Parents and Kids

By now you’re no doubt concerned about student privacy, so what can you do? Are you worried about the privacy implications of a cloud-based education platform in your child’s school? Begin with the EFF’s Tips for Parents Concerned About Student Privacy. You’ll learn how to configure the privacy settings on your child’s devices, and how to enhance the privacy of web browsers on those devices. 

The EFF also encourages parents to ask questions to ascertain your district’s or school’s current policies and practices, noting the specific questions that can help you understand how students are protected within your own school and district. And for those looking to take action on what they learn, the EFF offers advice for engaging your school administrators, parent/teacher organization, and local school board. There is also a handy, print-friendly PDF handout summarizing the tips.

For those who want to learn even more, the EFF expands upon these tips in two additional articles:

As a final resource, the EFF produced an extensive Student Privacy Report with recommendations for several stakeholder groups, Spying on Students: School-Issued Devices and Student Privacy. Given that the integration of technology in education affects their data personally, the report advocates that it is vital that students are especially attentive to what’s being integrated into their curriculum–and offers recommendations for students to act to preserve their personal data privacy. 

The EFF report includes recommendations for parents, students, and school staff to take effective action to advocate for and raise awareness about student privacy. Meaningful improvements in student data protection will require changes in state and federal law, in school and district priorities, and in ed-tech company policies and practices.

Takeaways

The concept of privacy is more present than ever, but student privacy is something that we may have never considered before. It is a surfacing problem, and both parents and schools are slowly understanding its impact.

If those involved continue to ignore the sensibility of this matter, the educational system will face a shock-lesson in the coming years, taught by the impact that their lack of awareness and privacy defenses will generate.

To keep your school district safe, use Prey as part of your cybersecurity strategy. Start a free trial today. 

About the author

Nicolas Poggi

Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.