Common Questions Flashcards

1
Q

Why does student privacy matter?

A

Schools have always had to find that the tricky balance between ensuring student autonomy and dignity (both of which are necessary for learning) and surveilling and monitoring students (both of which are necessary to keep students safe and assess what they’ve learned). New technology and cheap data storage have certainly altered the educational landscape, but the underlying tension between privacy and monitoring in schools has not changed. Student and child privacy laws at the federal level work to address this tension by ensuring that

information about a student is used fairly
information about a student is used only for its intended purpose and not for unwanted or unanticipated purposes
students are not coerced into divulging personal information
students are not exposed to deceptive messages

In recent years, as more and more information is created and shared digitally, and data breaches and identity theft have become a bigger concern, state laws have been passed to regulate what information schools can collect and share online and what website and online application operators can do with it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What federal laws govern student privacy?

A

FERPA: The primary federal law that protects student privacy is the Family Educational Rights and Privacy Act (FERPA), which was passed in 1974. The main goals of FERPA are to ensure that information about a student is used fairly by providing annual notice to parents about their rights toward student data, namely

the right to inspect and review records maintained by the school
the right to seek to amend records they believe are misleading, inaccurate, or otherwise in violation of a student’s privacy
the right to consent disclose records to other individuals
the right to file complaints with the Department of Education if they believe their rights under FERPA have been violated

Furthermore, FERPA ensures that information about a student is only used for its intended purpose by requiring that disclosures of student data only occur with written consent. FERPA includes several exceptions to this rule that allow the school to share information without consent in specific cases that benefit students, provided that certain guardrails are in place.

PPRA: The Protection of Pupils Rights Amendment (PPRA) is a law that ensures that students are not coerced into divulging certain personal information. This is done by giving annual notice to parents of surveys the school will be giving and giving parents the right to inspect and review the materials. Depending on the funding source of the survey, parents will be given the ability to either opt in to participation or opt out.

COPPA: The Children’s Online Privacy Protection Act (COPPA) is a law that regulates websites and online applications that collect information from children to ensure that they are not following deceptive practices. In general, these operators are required to provide notice and gather verifiable parental consent before collecting information from a child. Under the law, schools are allowed to provide consent in the place of a parent, provided that the website or online application only uses the information collected for educational purposes.

IDEA: The Individuals with Disabilities Education Act (IDEA) ensures that students with disabilities are given an appropriate education that is tailored for their needs. Since this requires collecting very sensitive personal information, the law specifies some additional privacy protections to ensure that this information is not used for other purposes.

CIPA: The Children’s Internet Protection Act (CIPA) is a law that provides federal funding to schools that monitor and filter internet content and requires that schools teach students about digital citizenship and staying safe online. Though it is not directly a privacy law, it hits on many aspects of privacy since schools will have to determine the appropriate amount of monitoring and filtering as well as cover protecting personal privacy as part of the digital citizenship curriculum.

NSLA: The National School Lunch Act (NSLA) is a law that governs school lunch programs, and it includes provisions related to protecting financial data submitted as part of free and reduced lunch applications. Aside from being able to share a student’s eligibility status for free or reduced lunch in limited cases and for auditing the management of the program, the information from these applications can only be shared with parental consent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is PPRA?

A

PPRA: The Protection of Pupils Rights Amendment (PPRA) is a law that ensures that students are not coerced into divulging certain personal information. This is done by giving annual notice to parents of surveys the school will be giving and giving parents the right to inspect and review the materials. Depending on the funding source of the survey, parents will be given the ability to either opt in to participation or opt out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is COPPA?

A

COPPA: The Children’s Online Privacy Protection Act (COPPA) is a law that regulates websites and online applications that collect information from children to ensure that they are not following deceptive practices. In general, these operators are required to provide notice and gather verifiable parental consent before collecting information from a child. Under the law, schools are allowed to provide consent in the place of a parent, provided that the website or online application only uses the information collected for educational purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is IDEA?

A

IDEA: The Individuals with Disabilities Education Act (IDEA) ensures that students with disabilities are given an appropriate education that is tailored for their needs. Since this requires collecting very sensitive personal information, the law specifies some additional privacy protections to ensure that this information is not used for other purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is CIPA?

A

CIPA: The Children’s Internet Protection Act (CIPA) is a law that provides federal funding to schools that monitor and filter internet content and requires that schools teach students about digital citizenship and staying safe online. Though it is not directly a privacy law, it hits on many aspects of privacy since schools will have to determine the appropriate amount of monitoring and filtering as well as cover protecting personal privacy as part of the digital citizenship curriculum.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is NSLA?

A

NSLA: The National School Lunch Act (NSLA) is a law that governs school lunch programs, and it includes provisions related to protecting financial data submitted as part of free and reduced lunch applications. Aside from being able to share a student’s eligibility status for free or reduced lunch in limited cases and for auditing the management of the program, the information from these applications can only be shared with parental consent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What do state student privacy laws cover?

A

Between 2013 and 2018, 40 states passed 125 laws that relate to student privacy. In general, these have coincided with states moving to online statewide testing (which has increased the quantity of data created and shared) and as states have built integrated data systems that combine data from multiple state agencies. Some common goals of these laws are

building upon FERPA and PPRA by further restricting what student data a school can collect or share with others
providing further requirements and guardrails related to student data shared with websites, online services, and applications
designating a chief privacy officer and other individuals at the local level responsible for ensuring compliance with privacy laws
requiring more transparency about what data schools collect and what it is used for
requiring that schools and vendors meet certain data security standards
requiring notification to parents in the event of a data security breach
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What privacy rights do parents and students have?

A

Under FERPA, parents and eligible students are given four rights, namely

the right to inspect and review records maintained by the school
the right to seek to amend records they believe are misleading, inaccurate, or otherwise in violation of a student’s privacy
the right to consent disclose records to other individuals
the right to file complaints with the Department of Education if they believe their rights under FERPA have been violated

State laws may provide parents with additional rights, such as the right to sue an educational website for damages after a data breach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Do private schools have to follow these laws?

A

Schools that receive funding from a program administered by the US Department of Education generally have to comply with federal student privacy laws even if they receive most of their other funding from private sources. For example, many private college and universities still have to follow laws like FERPA since they receive funds via the Federal Student Aid program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How can students choose to protect themselves online?

A

Know when you are public. When sharing information on forums or social media, check whether your post will be private or public. When you share information publicly, it is available for other to copy, share, or retain without your explicit permission. Make sure that when you are sharing information online, you understand that you may be sharing personal or sensitive information and that you have the choice on whether publicly posting or keeping such information private.
Use privacy settings. When sharing information on certain sites or devices, such as a smart phone, you may have the option to choose how your data is collected or shared. For example, certain apps on your phone may track your location, which may be helpful in telling your parents where you are in an emergency, but may not be helpful when the app you are using is a video game that does not need your location to function. Remember that there are usually settings available to you to customize your privacy. If a website, social media site, or app does not give you privacy setting options, you may want to consider not using that site or app if you want to protect your information.
Delete data. When you find yourself no longer using a site or app, you can choose to delete your account or data. Usually you are able to delete your account while logged in through settings or you can email the appropriate contact listed on the website or app and ask for deletion.
Browse securely. When you browse the web, you may find that some websites are secure and others are not. One easy way of knowing whether you are on a secure site is making sure that the URL at the top of your browser includes the text “https://”, rather than “http://” at the beginning of the URL text. Seeing the text “https://” means that the website secures the exchange of information on the site so when you share information, it is safer.
Update your passwords regularly. If you have accounts on websites or apps, make sure to use a password that is difficult to guess, such as including allowable numbers and symbols, and does not include any personal information. Additionally, try to change your password on your accounts on a regular basis, such as every three to six months or every year. This makes it more difficult for hackers to get into your account and know your personal information.
Only communicate online with people you know offline. You may find that you will receive emails, messages, or follows from people you are not sure you know or from people who promise you something you want if you give them some information about yourself. Be careful with these types of communications. Often, these messages could be what is called “phishing,” where someone you don’t know is trying to trick you into giving them personal information in order to use it in a way you would not consent to. The easiest way to avoid this is to only communicate online with people you have already met offline and to report or delete any emails or messages from people you do not know.
Clear your browser history and cookies. While terms like “browser history” and “cookies” might seem technically complicated, it is fairly easy to understand why it is important to clear them and how. When you browse the internet, websites may collect information about you by tracking what other websites you visit or what information you input into text boxes. While this could be useful to you by having your browser remember your passwords for quick and easy log-ins, websites may be tracking more than what you think by using cookies. If you want to protect your information, you may want to use your browser settings to clear your history and your cookies every so often. This may result in you having to type out your log-in information when signing back into websites you have an account with.
Go incognito. Most browsers allow you to use a “private window,” which means that your browser will not keep data about your browser history or cookies. This makes it more difficult for websites to track you and your information.
Ask a trusted adult. Especially if you are 13 years old or younger, it may be very helpful to speak to an adult you trust about your online use. Usually you can speak to your parents, a teacher, or a relative who may understand how to protect your privacy online or will have access to resources that can help both of you understand.
Install antivirus software on your devices. Antivirus software helps protect your computer or other devices against attacks from hackers who may use computer viruses or other malware to gather your personal information and track your online behavior. You may want to discuss antivirus software options with a trusted adult before installing the software. There are various types of antivirus software, including ones that require payment and ones that are free. One thing to be careful about is to make sure that you are downloading a validated and well-known antivirus software, because some antivirus software you may find for free online are actually viruses themselves.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How do I keep my child safe online when they’re not at school?

A

Children use various educational programs and e-games for both learning and fun. There are other rules that apply to children who access educational or non-educational web programs through personal computers, and through mobile apps on tablets and smartphones. Parents should be aware that data that is collected about their student, that is not a part of their educational record at school does not fall under the protection of FERPA.

GreatSchools has this video about keeping children safe online. The Federal Trade Commission, the government agency that enforces the Children’s Online Privacy Protection Act (COPPA), offers tips to parents about how to protect their children’s privacy online. Additionally, kidSAFE provides a quick one-pager on COPPA. More detailed information is available through the Center for Digital Democracy their COPPA parent guide, “The New Children’s Online Privacy Rules: What Parents Need to Know.” Moms with Apps has also provided a nice breakdown of 5 Things Moms Need to Know about Apps.

Some other resources for parents include the following:

StaySafeOnline provides a number of key resources to help parents teach their children about good digital citizenship.
6 Reasons Why Parents Should Care About Kids and Online Privacy
Common Sense Media’s Privacy and Internet Safety Webpage
Family Online Safety Institute’s (FOSI) Good Digital Parenting Webpage
FPF report on “Kids & The Connected Home: Privacy in the Age of Connected Dolls, Talking Dinosaurs, and Battling Robots.”
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What if I want to use an educational app or tool and I don’t know if my school district has vetted it?

A

Be familiar with your school’s policy or process for selecting new educational tools, if one exists. If an app or service you want to use is not on the “approved” list, ask for it to be vetted and ask how long the vetting process takes. If the process is lengthy, you will want to redesign your lesson or project plan. Once the app is approved, you can certainly use it later. The list may also contain similar alternative apps you can use in the meantime.

If no such vetting process exists in your school, the checklist at the bottom of this section can help you quickly evaluate whether your students’ information will be protected.

You can also look to sources like Common Sense Media or iKeepSafe to see if they have “rated” or “badged” an edtech product for privacy. You can also check the database of the Student Data Privacy Consortium to see which apps are being used by other districts. Note that none of these sites replace getting the app you want to use vetted by your school, they are just signals of which apps are more privacy friendly – make sure you check with them!

Some tools have already been vetted

If your school or district has an approved list of ed tech products, services, websites, or apps, check that the service you use is included and ensure you are aware of any requirements or privacy options. When schools and districts decide to adopt certain technology tools, they should evaluate those tools to ensure they meet data privacy requirements. Some examples include:

Workflow and collaboration tools where students and teachers draft work together, give feedback, and communicate throughout the learning process.
Learning Management Systems (LMS) where teachers post instructions, assignments, and links to resources for students and parents to access.
Online gradebooks where teachers post grades and students and parents can access them using a username and password.
Communication tools for emails or newsletters.

or

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What about companies that provide online tools to schools?

A

Schools are allowed to rely on technology companies to provide products and services, but have the responsibility to ensure that those vendors have appropriate protections in place for student data. The school must ensure that it retains direct control over the information the company collects, uses, and maintains. Schools are responsible for seeing that companies working with the school directly only use student information for authorized educational purposes. These companies have access to this data under the “school official” exception, for the limited purpose of using student information for educational purposes only.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What should I do if a student suggests an unvetted education app to use for a project?

A

As a teacher, you cannot officially endorse use of an outside product, but you can explain to the student the considerations they should take into account, including recommending the student let their parents know too. It’s quite common for students to find education apps on their own to use for projects, and educators should encourage students to be creative and take their suggestions seriously. This is a teachable moment—a great opportunity to talk with the student about data privacy and review that digital citizenship curriculum.

Here are some examples of questions you could use to start the conversation with your student:

Did you have to make an account in order to start using that app? If so, did you have to provide personal information (email, name, age, etc.)?
Does the app require parental permission? Who has access to your email and other information now that you’ve created that account?
Does the app developer share your information with others? (It’s in their privacy policy.)
Does the app collect additional information such as location or contacts?

In all likelihood, your student will not know the answers to some of these questions. That is OK, but it is important to explain to them that all of this information belongs to them. They should think about protecting it, and should be encouraged to discuss their choices at home with their parents as well.

Again, you can also suggest to them that they see if that tool is rated or badged on Common Sense Media, iKeepSafe, or in the database of the Student Data Privacy Consortium.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What if my students and/or I want to use or recommend a technology tool that was not specifically designed for education?

A

If you, the teacher, want to recommend an app that was not specifically designed for education, checking with your administration, complying with applicable school policies, and using the checklist in this guide just as you would for an education-specific app is still a best practice. It’s a common issue because there are many “consumer apps,” which are not designed for education, that students may wish to use for learning or to help them with their homework and projects. These may include research tools, note taking apps, collaboration tools or apps that allow users to make videos, record audio or create other media such as cartoons, images, and so on.

However, commercial products not designed and marketed for schools may not have the privacy policies and practices in place to ensure the protection of user data to the standards of laws that protect student information. Therefore, if not prohibited by school policy, these products should be carefully evaluated to see if their use will put student data at undesirable risk.

If a student approaches you and asks to use an app for your assignment that you’re not familiar with, it is a good idea to use the opportunity to talk to your student using the suggested questions above.
Again, harness that teachable moment.

17
Q

What are some of the questions that help you quickly evaluate whether an app, website, product, or service will protect students information?

A

Does the product collect Personally Identifiable Information? FERPA, the federal privacy law applies to “education records” only, but many state laws cover ALL student personal information.
Does the vendor commit not to further share student information other than as needed to provide the educational product or service? (such as third party cloud storage, or a subcontractor the vendor works with under contract.) The vendor should clearly promise never to sell data.
Does the vendor create a profile of students, other than for the educational purposes specified? Vendors are not allowed to create a student profile for any reason outside of the authorized educational purpose.
When you cancel the account or delete the app, will the vendor delete all the student data that has been provided or created?
Does the product show advertisements to student users? Ads are allowed, but many states ban ads targeted based on data about students or behavioral ads that are based on tracking a student across the web. TIP: Look for a triangle i symbol ( ) which is an industry label indicating that a site allows behaviorally targeted advertising. These are never acceptable for school use. This would be particularly important when evaluating non-education-specific sites or services.
Does the vendor allow parents to access data it holds about students or enable schools to access data so the school can provide the data to parents in compliance with FERPA?
Does the vendor promise that it provides appropriate security for the data it collects? TIP: A particularly secure product will specify that it uses encryption when it stores or transmits student information. Encrypting the data adds a critical layer of protection for student information and indicates a higher level of security.
Does the vendor claim that it can change its privacy policy without notice at any time? This is a red flag—current FTC rules require that companies provide notice to users when their privacy policies change in a significant or “material” way, and get new consent for collection and use of their data.
Does the vendor say that if the company is sold, all bets are off? The policy should state that any sale or merger will require the new company to adhere to the same protections.
Do reviews or articles about the product or vendor raise any red flags that cause you concern?

18
Q

How can apps and websites show their commitment to privacy?

A

Parents need to trust both schools and the service providers that work with schools. In an effort to ensure parents can be confident in how organizations use student data, the Future of Privacy Forum and the Software & Information Industry Association developed the Student Privacy Pledge in 2014. The Pledge is legally enforceable: by taking the Pledge, a company is making a public statement of their practices with respect to student data. Accountability comes from the Federal Trade Commission (FTC), which has the authority to bring civil enforcement actions against companies who do not adhere to their public statements of practices.

19
Q

What are parents main concerns when it comes to student privacy?

A

The Future of Privacy Forum surveyed parents in 2016 to better understand their views of technology use and student privacy. Overall, this survey showed the increasing prevalence of technology use by both parents and students, increasing levels of support by parents of the appropriate collection and use of data by schools, and continued strong belief in the possibilities of technology to improve their child’s educational opportunities. The goals for educators, advocates, and policymakers remain to communicate policies clearly; establish transparent practices; and work with parents as key partners in the educational system to achieve the best learning outcomes for our children. For more details, see this blog post.

20
Q

What should parents ask schools about privacy?

A

Here are the seven most important questions that parents should ask about student privacy during the school year.

Which websites, services, and apps will my child’s classroom use this year?
How does my school handle directory information?
What is my school’s approach to school safety, and what does it mean for my child’s privacy?
Does my child’s school administer surveys?
What are the rules for recording devices in my child’s school?
How is my child’s information secured?
How does the school train teachers and staff to protect student information?

For more detail about these questions, please see this blog post.

21
Q

How should schools communicate about privacy to parents?

A

As schools collect more data on students, it is critical for them to be transparent about their data practices to foster trust with parents. Schools benefit when they are able to most clearly and effectively communicate the following to parents and guardians, beginning with broader descriptions and over time moving toward the sharing of more granular information:

Legal requirements and restrictions
Governance and accountability
Types and uses of data
Privacy and security practices
Third-party data sharing
Parent access and rights

A multi-layered approach is most effective, matching the content format with the message scale, complexity and timeliness. Schools should utilize the following channels to communicate:

School websites and mobile applications
Notifications
Parent involvement
Technology dashboard
Tiered staff response
22
Q

How does data help schools?

A

Schools hold a variety of information on students, including name, address, names of parents or guardians, date of birth, grades, attendance, disciplinary records, eligibility for lunch programs, and special needs. Schools, including teachers and school officials, use this data not just for basic administrative needs such as knowing whether a student may have a peanut allergy, but they also use this data to assess how well students are progressing, how effective teachers are, and how well schools are doing in relation to each other. Student data, in aggregated (averaged out) form, can help states make better policy decisions and plan budgets according to how to more effectively educate students. This video from Data Quality Campaign explains more.

23
Q

Who can schools share student data with?

A

In general, schools may only share student data with written parental consent. There are a limited number of exceptions to this that can be found in FERPA. Some of the most commonly exceptions are

Directory information: this exception allows the sharing of information the school has deemed harmless and may make public. Yearbooks, playbills, and honor code rolls are all examples of ways schools use the directory information exception.
School official: this exception allows educators to share with other school employees who have a legitimate educational need for the information. It also allows the school to share with contractors and other parties, like volunteers, who are doing a job the school would otherwise use its own employees for.
Studies: this exception allows the school to share information with a researcher for the purpose of evaluating educational programs.
Audit/Evaluation: this exception allows student data to be shared to audit or evaluate a federal- or state-funded education program.

Other examples include sharing student data with another school after the student transfers or with relevant individuals in the case of a health or safety emergency.

24
Q

What can schools share with law enforcement?

A

Schools are generally restricted from sharing student information with outside parties without first obtaining written parental consent. There are a limited number of exceptions wherein a school may share student data with other individuals without prior consent. A few of the exceptions could be used to share with law enforcement in very limited cases. For example, a school may share with law enforcement if there is a legally issued court order or subpoena, but generally only if they first notify the parents of the subpoena so that they may attempt to seek protective action. They may also share with law enforcement in the case of a health or safety emergency.

School resource officers (SROs) are law enforcement officers assigned to work in the school for various purposes. As such, many are classified as school officials and may be given access to records for which they have a legitimate educational reason; however, just the same as teachers should not share information about students with others outside the school, SROs acting as school officials may not share information they obtain with other law enforcement officers outside the school.

More information about legal restrictions and best practices when disclosing to law enforcement can be found here.

25
Q

What kind of training do educators typically receive on privacy?

A

For most of FERPA’s existence, the majority of data shared by a school occurred at the administrative level, so teachers generally received little to no training on data privacy laws or policies. In recent years, with more and more educational technology entering the classroom, teachers have become one of the primary sharers of student data. Consequently, it is more important than ever for teachers to be trained on what their legal obligations are and what best practices they should follow when sharing and securing student data.

26
Q

What best practices should schools and states follow in developing privacy policies?

A

Data governance addresses the processes and systems governing data quality, collection, management, and protection; basically, data governance includes formal policies that address the whole life cycle of data.

Good governance assures accuracy, timeliness, usability, and security in data. Governance plans should define roles and responsibilities when it comes to data access, disclosure, and use; ensure data management and monitoring; and describe and set up parameters on how data is collected, accessed, and used.

There are many great resources that K-12 school officials can use to create or improve their state, district, or school data governance plan. We recommend:

Checklist for Developing School District Privacy Programs (PTAC)
Data Governance Checklist (PTAC)
Protecting Privacy in Connected Learning Toolkit for LEAs (CoSN)
CoSN Trusted Learning Environment (TLE) Seal (CoSN)
Roadmap to Safeguarding Student Data (DQC)
Policymaking on Student Privacy: Lessons Learned

Also, see this video from the US Department of Education, which goes over starting a district privacy program

27
Q

What does a strong password look like?

A

If your password consists of a dictionary word and a number (or worse still, appears on the list of most common passwords), then a hacker could easily crack your password in under a few seconds. The most recent guidelines from the National Institute for Standards and Technology (NIST) focuses on length of passwords over complexity. To increase the length of your passwords, consider using passphrases instead, which consist of a short sentence or several random words put together. This blog post provides more detail on choosing a strong passphrase.

Furthermore, you could stop creating and remembering passwords all together and use a password manager to do both.

28
Q

How should schools keep student data secure?

A

Securing data is a large part of ensuring student data protection. When storing student data, data should be stored following FERPA security principles. See more information below.

Without security, there can be no privacy. LEAs and SEAs have a responsibility to ensure that data is protected through adequate security. When contracting with educational technology vendors, school officials should make sure that these companies have privacy policies and practices that ensure data security.

Recommended Security Resources

Data Security Checklist (PTAC)
CoSN Cybersecurity Toolkit (CoSN)

See this video for more information about protecting security in the context of ed tech.

29
Q

Is it safe to use voice assistants in the classroom?

A

It is unclear how a lot of new technology fits within the existing privacy legal framework. Voice assistants, such as Google Home and Alexa, are no exception. In general, these tools are intended for home use and not for the classroom. With that said, we recommend that you do the following if you choose to use them in the classroom.

Check with your school or district first since they may have policies regarding their use
Educate yourself about your state and federal privacy laws using The Educator’s Guide to Student Data Privacy
Get parent permission first before using the assistant in the classroom
Once in the classroom, treat the voice assistant as if it were an outside classroom visitor
Learn how to use the device’s privacy settings and proactively manage them
Consider how and whether this device will enhance teaching and learning
30
Q

What are some of the issues that have come up in the last 3 years that make privacy policies challenging for school districts?

A

Acquisitions – many vendors that we had on the pledge have been acquired by other companies. thinking about that as clear in the privacy policy is important. Plagiarism in privacy policies. Red flag: is the privacy policy declaring they are a school official. ferpa – that is the district’s job. only the district can declare a vendor a school official. Often read a privacy policy that parental consent needs for students under age of 13 but company is willing to sign data governance addendum designating them as a school official. Ambiguity around length of time PII data can be stored. 72 hours to 1 week? Contradictions in policies where they want parental consent for under age of 13 kids and not willing to do certain things with data. Missing language from state laws around deidentifying student data.

31
Q

What is the deal with generative ai and privacy policies

A

data collecting, how we’re using it … limited scope adding new feature to product using data in a different way do your contracts even allow you to do that without creating scope for client. how are you protecting data. AI – looking at data like is there a possibility when we are using certain tech that we have data bleed from one org to another and it accidentally releases data that shouldn’t be release. provide analytics within scope that isn’t defined. comparative results… changing dramatically at systems level we’re true to agreements we sign with district for use and protection of data. data deletion

32
Q

What type of data does COPPA protect?

A

age, marital status, name, email, networth, car owner, voting habits, clicks, downloads, political party, average spending, homeowner, kids in house, astrological sign, purchases, internet searches, criminal records, usernames, screen names, geolocation information, photos, videos, audio files, address, telephone number, ssn

33
Q

how to obtain verifiable parental consent (vpn)

A

consent form signed by parent or legal guardian returned electronically; credit card, debit card, online payment, toll free number, government issued id, email plus, knowledge-based authentication, video conference with personnel trained in verification process

34
Q

what is the FTC’s 1999 COPPA rule statement of basis and purposes

A

schools are the parent’s agent. for example, many schools already seek parental consent for in-school internet access at the beginning of the school year. when operator authorized by school to collect pi from chidren after providing notice to the school of the operators collection use and disclosure practices, the operator can presume that the school’s authorization is based on the schools having obtained parental consent

35
Q

Why is the FTC policy statement from May 2022 important

A

In investigating potential coppa violations by edtech providers the ftc will focus on prohibition against mandatory collection, use prohibitions, retention prohibitions, security requirements

36
Q

what can vendors take from the action against edmodo

A

coppa direct notice even more important. written school level contract even more important. direct to teacher freemium model likely impacted and intermediary vpc process still undefined. ed tech companies can’t pass the COPPA compliance buck. this is the first ftc action alleging that its an unfair practice for a company to require schools and teachers to comply with coppa on its behalf without sufficient information. mixing ed tech and advetiseng is a red flag for school consent.