The recent legislation, Student Online Personal Information Protection Act (SOPIPA), which aims at restricting the use of student data by third party vendors, raises a complex set of issues. SOPIPA was only enacted in 20 states. It is unclear what the consequences of non-compliance will be; that is, does responsibility for non-compliance fall on the school site, employees, or the district? SOPIPA seems far from clear on this point. Furthermore, SOPIPA does not appear to be attached to school funding such as LCFF or in all district LCAPs. Some of this might be due to the lack of awareness among district leaders of SOPIPA or uncertainty on how to respond. In addition, laws in place to compliment SOPIPA — such as the older law, FERPA (Family Educational Rights and Privacy Act) — are not adequately equipped to deal with the abundance of digital educational student data that exists today. What is required to address many of these issues are amendments to FERPA, a review of COPPA (Children’s Online Privacy Protection Act), and additional legislation requiring parent consent of all data sharing that includes identifiable student data to draw an unambiguous line in terms of data allowed or not allowed. Some of the requirements under COPPA that apply to children under the age of 13 might be extended to students until the age of 17.
As an educator in the digital age of cloud-based educational services, I am often frustrated that I am unable to embrace the free and easy to use tools that Google Apps for Education offers, or other cool educational software services because of fear of student privacy violations or non-compliance with district policies and procedures. However, as a leader in educational technology, I am interested in developing solutions that meet everyone’s needs—the solution includes awareness, responsible use, and adherence to laws such as SOPIPA.
Given the complexity of the above issues, steps that will need to be put in place in my school district require communication and transparency to all stakeholders. First, notification of recent SOPIPA requirements and FERPA guidelines for schools and districts for how to interpret and apply the law in this new digital age; second, district school-wide trainings for teachers, students, non-certificated school employees, and other stakeholders; third, revision of parent notification and consent forms to include children over the age of 13 to reduce potential SOPIPA violations, as COPPA is better defined. Finally, if a district does decide to embrace Google Apps for Education, Microsoft Office products, or other cloud-based educational services, a careful agreement needs to be worked out in advance to limit or eliminate SOPIPA, FERPA, COPPA, or CIPA (Children’s Internet Protection Act) violations. For example, Google’s alleged practices of intercepting and data mining of student emails.
Until such time that amendments are made to FERPA or additional bills are enacted that reduce the ambiguity in student educational data privacy laws and likelihood of accidental violations of student-data privacy, schools sites and districts need to focus on awareness and be proactive in terms of potential student-data privacy and security violations.
References:
Benjamin Herold (September 30, 2014). “‘Landmark’ Student-Data-Privacy Law Enacted in California” and “Google Under Fire for Data-Mining Student Email Messages”. (March 14, 2014). Education Week (Digital Education Week’s Blogs). March 8, 2015. Retrieved from http://blogs.edweek.org/edweek/DigitalEducation/2014/09/_landmark_student-data-privacy.html and http://www.edweek.org/ew/articles/2014/03/13/26google.h33.html#
Ujifusa, Andrew (April 15, 2014). “State Lawmakers Ramp Up Attention to Data Privacy.” Education Week (Digital Education Week’s Blogs). March 8, 2015. Retrieved from http://www.edweek.org/ew/articles/2014/04/16/28data.h33.html?qs=ujifusa+data+privacy#
As an educator in the digital age of cloud-based educational services, I am often frustrated that I am unable to embrace the free and easy to use tools that Google Apps for Education offers, or other cool educational software services because of fear of student privacy violations or non-compliance with district policies and procedures. However, as a leader in educational technology, I am interested in developing solutions that meet everyone’s needs—the solution includes awareness, responsible use, and adherence to laws such as SOPIPA.
Given the complexity of the above issues, steps that will need to be put in place in my school district require communication and transparency to all stakeholders. First, notification of recent SOPIPA requirements and FERPA guidelines for schools and districts for how to interpret and apply the law in this new digital age; second, district school-wide trainings for teachers, students, non-certificated school employees, and other stakeholders; third, revision of parent notification and consent forms to include children over the age of 13 to reduce potential SOPIPA violations, as COPPA is better defined. Finally, if a district does decide to embrace Google Apps for Education, Microsoft Office products, or other cloud-based educational services, a careful agreement needs to be worked out in advance to limit or eliminate SOPIPA, FERPA, COPPA, or CIPA (Children’s Internet Protection Act) violations. For example, Google’s alleged practices of intercepting and data mining of student emails.
Until such time that amendments are made to FERPA or additional bills are enacted that reduce the ambiguity in student educational data privacy laws and likelihood of accidental violations of student-data privacy, schools sites and districts need to focus on awareness and be proactive in terms of potential student-data privacy and security violations.
References:
Benjamin Herold (September 30, 2014). “‘Landmark’ Student-Data-Privacy Law Enacted in California” and “Google Under Fire for Data-Mining Student Email Messages”. (March 14, 2014). Education Week (Digital Education Week’s Blogs). March 8, 2015. Retrieved from http://blogs.edweek.org/edweek/DigitalEducation/2014/09/_landmark_student-data-privacy.html and http://www.edweek.org/ew/articles/2014/03/13/26google.h33.html#
Ujifusa, Andrew (April 15, 2014). “State Lawmakers Ramp Up Attention to Data Privacy.” Education Week (Digital Education Week’s Blogs). March 8, 2015. Retrieved from http://www.edweek.org/ew/articles/2014/04/16/28data.h33.html?qs=ujifusa+data+privacy#