California Forum

Schools must protect kids’ privacy

Technology, used wisely, has the potential to transform America’s schools and prepare graduates who are ready to compete in the rapidly evolving digital world.

All students deserve connected classrooms and easy access to engaging educational resources, but they also deserve learning environments that respect and protect their privacy.

When students use educational apps and websites, and school administrators use online sites and cloud services, massive amounts of traceable and sensitive data about students are created – information that goes far beyond individual names and grades.

Personal details like home addresses, attendance records, ethnicity, religious affiliation, health records, behavior and disciplinary records – even cafeteria selections and whether students ride the bus to school – are collected and stored, too often without enough security to keep this sensitive information out of the hands of those who would exploit it.

While reported incidents of students’ data being sold to or accessed by third-party interests are less frequent, say, than reports of NSA surveillance of everyday Americans, or credit card security breaches at major retailers, student data is at risk for abuse.

Research from the Center on Law and Information Privacy at Fordham University recently revealed that few safeguards exist to protect student data and that districts “frequently fall short of federal privacy standards and of community expectations for children’s privacy.”

Across this country, district policies around protecting student data are inconsistent and woefully inadequate. Privacy standards differ from district to district and state to state and there are almost no overarching national procedures for districts to follow.

Federal and state law puts the onus of protecting student personal information squarely on schools and school districts, but this is an issue that goes far beyond the classroom.

Today, three federal laws apply to how students’ data is treated in schools: the Family Educational Rights and Privacy Act (FERPA), which is an outdated law from the mid-1970s that barely speaks to today’s technology in schools; the Protection of Pupil Rights Amendment; and the Children’s Online Privacy and Protection Act (COPPA), which is an exceedingly important law that offers protections for children in the online world, but only for children under 13 years of age.

Speaking at Common Sense Media’s recent School Privacy Zone summit in Washington, U.S. Secretary of Education Arne Duncan asserted that privacy rules are “the seat belt of this generation,” and that “protecting our students’ information is more than a legal requirement; it is a moral imperative.”

The Department of Education has offered new guidance for schools on how to manage student data and comply with FERPA, but there are gaps in protection under these laws and much more to be done at the state level and by federal policymakers, schools, districts, and industry itself.

All stakeholders need clear rules of the road to ensure that student information is not exploited for commercial purposes. That’s why Common Sense Media has called for the creation of best practices based on three fundamental principles:

• Students’ personal information should be used for educational purposes only.

• Students’ personal information or online activity should never be used for targeted advertising.

• Schools and educational-technology providers must follow appropriate data security, retention and destruction policies.

These key principles are incorporated into legislation, SB 1177, by Senate President Pro Tem Darrell Steinberg. The Student Online Personal Information Protection Act is timely and important legislation that would move industry beyond exhortations that it can self-regulate to respect and protect student privacy.

The bill would close loopholes in existing California laws that allow Internet companies to mine and exploit students’ data for profit.

Parents care deeply about this issue. Common Sense Media’s recent privacy poll conducted by Benenson Strategy Group revealed enormous national concern and overwhelming bipartisan support for greater protections of our children’s data.

By approving this legislation, California lawmakers would add their voices to a national dialogue about the kinds of technology used by our schools and districts, the kinds of student information that are collected, and the benefits and risks to collecting such data.

They would direct industry – so much of it in Silicon Valley – to respect and protect student privacy, under the guidance of a law that makes sure that they do. By supporting this bill, legislators and Gov. Jerry Brown would guarantee opportunities for students to learn and grow in environments where sensitive and personal information is safe and secure.