Common Questions Flashcards
Why does student privacy matter?
Schools have always had to find that the tricky balance between ensuring student autonomy and dignity (both of which are necessary for learning) and surveilling and monitoring students (both of which are necessary to keep students safe and assess what they’ve learned). New technology and cheap data storage have certainly altered the educational landscape, but the underlying tension between privacy and monitoring in schools has not changed. Student and child privacy laws at the federal level work to address this tension by ensuring that
information about a student is used fairly information about a student is used only for its intended purpose and not for unwanted or unanticipated purposes students are not coerced into divulging personal information students are not exposed to deceptive messages
In recent years, as more and more information is created and shared digitally, and data breaches and identity theft have become a bigger concern, state laws have been passed to regulate what information schools can collect and share online and what website and online application operators can do with it.
What federal laws govern student privacy?
FERPA: The primary federal law that protects student privacy is the Family Educational Rights and Privacy Act (FERPA), which was passed in 1974. The main goals of FERPA are to ensure that information about a student is used fairly by providing annual notice to parents about their rights toward student data, namely
the right to inspect and review records maintained by the school the right to seek to amend records they believe are misleading, inaccurate, or otherwise in violation of a student’s privacy the right to consent disclose records to other individuals the right to file complaints with the Department of Education if they believe their rights under FERPA have been violated
Furthermore, FERPA ensures that information about a student is only used for its intended purpose by requiring that disclosures of student data only occur with written consent. FERPA includes several exceptions to this rule that allow the school to share information without consent in specific cases that benefit students, provided that certain guardrails are in place.
PPRA: The Protection of Pupils Rights Amendment (PPRA) is a law that ensures that students are not coerced into divulging certain personal information. This is done by giving annual notice to parents of surveys the school will be giving and giving parents the right to inspect and review the materials. Depending on the funding source of the survey, parents will be given the ability to either opt in to participation or opt out.
COPPA: The Children’s Online Privacy Protection Act (COPPA) is a law that regulates websites and online applications that collect information from children to ensure that they are not following deceptive practices. In general, these operators are required to provide notice and gather verifiable parental consent before collecting information from a child. Under the law, schools are allowed to provide consent in the place of a parent, provided that the website or online application only uses the information collected for educational purposes.
IDEA: The Individuals with Disabilities Education Act (IDEA) ensures that students with disabilities are given an appropriate education that is tailored for their needs. Since this requires collecting very sensitive personal information, the law specifies some additional privacy protections to ensure that this information is not used for other purposes.
CIPA: The Children’s Internet Protection Act (CIPA) is a law that provides federal funding to schools that monitor and filter internet content and requires that schools teach students about digital citizenship and staying safe online. Though it is not directly a privacy law, it hits on many aspects of privacy since schools will have to determine the appropriate amount of monitoring and filtering as well as cover protecting personal privacy as part of the digital citizenship curriculum.
NSLA: The National School Lunch Act (NSLA) is a law that governs school lunch programs, and it includes provisions related to protecting financial data submitted as part of free and reduced lunch applications. Aside from being able to share a student’s eligibility status for free or reduced lunch in limited cases and for auditing the management of the program, the information from these applications can only be shared with parental consent.
What is PPRA?
PPRA: The Protection of Pupils Rights Amendment (PPRA) is a law that ensures that students are not coerced into divulging certain personal information. This is done by giving annual notice to parents of surveys the school will be giving and giving parents the right to inspect and review the materials. Depending on the funding source of the survey, parents will be given the ability to either opt in to participation or opt out.
What is COPPA?
COPPA: The Children’s Online Privacy Protection Act (COPPA) is a law that regulates websites and online applications that collect information from children to ensure that they are not following deceptive practices. In general, these operators are required to provide notice and gather verifiable parental consent before collecting information from a child. Under the law, schools are allowed to provide consent in the place of a parent, provided that the website or online application only uses the information collected for educational purposes.
What is IDEA?
IDEA: The Individuals with Disabilities Education Act (IDEA) ensures that students with disabilities are given an appropriate education that is tailored for their needs. Since this requires collecting very sensitive personal information, the law specifies some additional privacy protections to ensure that this information is not used for other purposes.
What is CIPA?
CIPA: The Children’s Internet Protection Act (CIPA) is a law that provides federal funding to schools that monitor and filter internet content and requires that schools teach students about digital citizenship and staying safe online. Though it is not directly a privacy law, it hits on many aspects of privacy since schools will have to determine the appropriate amount of monitoring and filtering as well as cover protecting personal privacy as part of the digital citizenship curriculum.
What is NSLA?
NSLA: The National School Lunch Act (NSLA) is a law that governs school lunch programs, and it includes provisions related to protecting financial data submitted as part of free and reduced lunch applications. Aside from being able to share a student’s eligibility status for free or reduced lunch in limited cases and for auditing the management of the program, the information from these applications can only be shared with parental consent.
What do state student privacy laws cover?
Between 2013 and 2018, 40 states passed 125 laws that relate to student privacy. In general, these have coincided with states moving to online statewide testing (which has increased the quantity of data created and shared) and as states have built integrated data systems that combine data from multiple state agencies. Some common goals of these laws are
building upon FERPA and PPRA by further restricting what student data a school can collect or share with others providing further requirements and guardrails related to student data shared with websites, online services, and applications designating a chief privacy officer and other individuals at the local level responsible for ensuring compliance with privacy laws requiring more transparency about what data schools collect and what it is used for requiring that schools and vendors meet certain data security standards requiring notification to parents in the event of a data security breach
What privacy rights do parents and students have?
Under FERPA, parents and eligible students are given four rights, namely
the right to inspect and review records maintained by the school the right to seek to amend records they believe are misleading, inaccurate, or otherwise in violation of a student’s privacy the right to consent disclose records to other individuals the right to file complaints with the Department of Education if they believe their rights under FERPA have been violated
State laws may provide parents with additional rights, such as the right to sue an educational website for damages after a data breach.
Do private schools have to follow these laws?
Schools that receive funding from a program administered by the US Department of Education generally have to comply with federal student privacy laws even if they receive most of their other funding from private sources. For example, many private college and universities still have to follow laws like FERPA since they receive funds via the Federal Student Aid program.
How can students choose to protect themselves online?
Know when you are public. When sharing information on forums or social media, check whether your post will be private or public. When you share information publicly, it is available for other to copy, share, or retain without your explicit permission. Make sure that when you are sharing information online, you understand that you may be sharing personal or sensitive information and that you have the choice on whether publicly posting or keeping such information private.
Use privacy settings. When sharing information on certain sites or devices, such as a smart phone, you may have the option to choose how your data is collected or shared. For example, certain apps on your phone may track your location, which may be helpful in telling your parents where you are in an emergency, but may not be helpful when the app you are using is a video game that does not need your location to function. Remember that there are usually settings available to you to customize your privacy. If a website, social media site, or app does not give you privacy setting options, you may want to consider not using that site or app if you want to protect your information.
Delete data. When you find yourself no longer using a site or app, you can choose to delete your account or data. Usually you are able to delete your account while logged in through settings or you can email the appropriate contact listed on the website or app and ask for deletion.
Browse securely. When you browse the web, you may find that some websites are secure and others are not. One easy way of knowing whether you are on a secure site is making sure that the URL at the top of your browser includes the text “https://”, rather than “http://” at the beginning of the URL text. Seeing the text “https://” means that the website secures the exchange of information on the site so when you share information, it is safer.
Update your passwords regularly. If you have accounts on websites or apps, make sure to use a password that is difficult to guess, such as including allowable numbers and symbols, and does not include any personal information. Additionally, try to change your password on your accounts on a regular basis, such as every three to six months or every year. This makes it more difficult for hackers to get into your account and know your personal information.
Only communicate online with people you know offline. You may find that you will receive emails, messages, or follows from people you are not sure you know or from people who promise you something you want if you give them some information about yourself. Be careful with these types of communications. Often, these messages could be what is called “phishing,” where someone you don’t know is trying to trick you into giving them personal information in order to use it in a way you would not consent to. The easiest way to avoid this is to only communicate online with people you have already met offline and to report or delete any emails or messages from people you do not know.
Clear your browser history and cookies. While terms like “browser history” and “cookies” might seem technically complicated, it is fairly easy to understand why it is important to clear them and how. When you browse the internet, websites may collect information about you by tracking what other websites you visit or what information you input into text boxes. While this could be useful to you by having your browser remember your passwords for quick and easy log-ins, websites may be tracking more than what you think by using cookies. If you want to protect your information, you may want to use your browser settings to clear your history and your cookies every so often. This may result in you having to type out your log-in information when signing back into websites you have an account with.
Go incognito. Most browsers allow you to use a “private window,” which means that your browser will not keep data about your browser history or cookies. This makes it more difficult for websites to track you and your information.
Ask a trusted adult. Especially if you are 13 years old or younger, it may be very helpful to speak to an adult you trust about your online use. Usually you can speak to your parents, a teacher, or a relative who may understand how to protect your privacy online or will have access to resources that can help both of you understand.
Install antivirus software on your devices. Antivirus software helps protect your computer or other devices against attacks from hackers who may use computer viruses or other malware to gather your personal information and track your online behavior. You may want to discuss antivirus software options with a trusted adult before installing the software. There are various types of antivirus software, including ones that require payment and ones that are free. One thing to be careful about is to make sure that you are downloading a validated and well-known antivirus software, because some antivirus software you may find for free online are actually viruses themselves.
How do I keep my child safe online when they’re not at school?
Children use various educational programs and e-games for both learning and fun. There are other rules that apply to children who access educational or non-educational web programs through personal computers, and through mobile apps on tablets and smartphones. Parents should be aware that data that is collected about their student, that is not a part of their educational record at school does not fall under the protection of FERPA.
GreatSchools has this video about keeping children safe online. The Federal Trade Commission, the government agency that enforces the Children’s Online Privacy Protection Act (COPPA), offers tips to parents about how to protect their children’s privacy online. Additionally, kidSAFE provides a quick one-pager on COPPA. More detailed information is available through the Center for Digital Democracy their COPPA parent guide, “The New Children’s Online Privacy Rules: What Parents Need to Know.” Moms with Apps has also provided a nice breakdown of 5 Things Moms Need to Know about Apps.
Some other resources for parents include the following:
StaySafeOnline provides a number of key resources to help parents teach their children about good digital citizenship. 6 Reasons Why Parents Should Care About Kids and Online Privacy Common Sense Media’s Privacy and Internet Safety Webpage Family Online Safety Institute’s (FOSI) Good Digital Parenting Webpage FPF report on “Kids & The Connected Home: Privacy in the Age of Connected Dolls, Talking Dinosaurs, and Battling Robots.”
What if I want to use an educational app or tool and I don’t know if my school district has vetted it?
Be familiar with your school’s policy or process for selecting new educational tools, if one exists. If an app or service you want to use is not on the “approved” list, ask for it to be vetted and ask how long the vetting process takes. If the process is lengthy, you will want to redesign your lesson or project plan. Once the app is approved, you can certainly use it later. The list may also contain similar alternative apps you can use in the meantime.
If no such vetting process exists in your school, the checklist at the bottom of this section can help you quickly evaluate whether your students’ information will be protected.
You can also look to sources like Common Sense Media or iKeepSafe to see if they have “rated” or “badged” an edtech product for privacy. You can also check the database of the Student Data Privacy Consortium to see which apps are being used by other districts. Note that none of these sites replace getting the app you want to use vetted by your school, they are just signals of which apps are more privacy friendly – make sure you check with them!
Some tools have already been vetted
If your school or district has an approved list of ed tech products, services, websites, or apps, check that the service you use is included and ensure you are aware of any requirements or privacy options. When schools and districts decide to adopt certain technology tools, they should evaluate those tools to ensure they meet data privacy requirements. Some examples include:
Workflow and collaboration tools where students and teachers draft work together, give feedback, and communicate throughout the learning process. Learning Management Systems (LMS) where teachers post instructions, assignments, and links to resources for students and parents to access. Online gradebooks where teachers post grades and students and parents can access them using a username and password. Communication tools for emails or newsletters.
or
What about companies that provide online tools to schools?
Schools are allowed to rely on technology companies to provide products and services, but have the responsibility to ensure that those vendors have appropriate protections in place for student data. The school must ensure that it retains direct control over the information the company collects, uses, and maintains. Schools are responsible for seeing that companies working with the school directly only use student information for authorized educational purposes. These companies have access to this data under the “school official” exception, for the limited purpose of using student information for educational purposes only.
What should I do if a student suggests an unvetted education app to use for a project?
As a teacher, you cannot officially endorse use of an outside product, but you can explain to the student the considerations they should take into account, including recommending the student let their parents know too. It’s quite common for students to find education apps on their own to use for projects, and educators should encourage students to be creative and take their suggestions seriously. This is a teachable moment—a great opportunity to talk with the student about data privacy and review that digital citizenship curriculum.
Here are some examples of questions you could use to start the conversation with your student:
Did you have to make an account in order to start using that app? If so, did you have to provide personal information (email, name, age, etc.)? Does the app require parental permission? Who has access to your email and other information now that you’ve created that account? Does the app developer share your information with others? (It’s in their privacy policy.) Does the app collect additional information such as location or contacts?
In all likelihood, your student will not know the answers to some of these questions. That is OK, but it is important to explain to them that all of this information belongs to them. They should think about protecting it, and should be encouraged to discuss their choices at home with their parents as well.
Again, you can also suggest to them that they see if that tool is rated or badged on Common Sense Media, iKeepSafe, or in the database of the Student Data Privacy Consortium.