Student privacy must be a priority for school districts. States and the U.S. Department of Education seek increased amounts of data on student performance from districts in exchange for funding and technology advocates campaign for twenty-first century learning environments. During this time of financial insecurity, access to Cloud Computing appears to be a boon for school districts. However, school administrators must be sure that their data collection systems and online learning environments comply with federal and state laws.
This article describes Cloud Computing systems in schools, the privacy issues that arise from their use and general information about applicable laws. Education law varies by state and by court jurisdiction. This article is for informational purposes and does not constitute legal advice. To seek legal advice, contact a qualified legal professional in your state.
Schools are transitioning to Cloud Computing systems to increase the efficiency of student records management and to bring student learning into the twenty-first century. This means that schools store students’ personal information on offsite servers enabling students, staff and state officials to access this information from any device with access to the Internet. This type of access is both convenient and intended to be cost effective.
However, privacy advocates raise concerns about public school districts trading student information in exchange for access to Cloud Computing systems. Some school districts are purchasing access to Cloud Computing systems while others are relying on the services of companies that profit by providing services to users in exchange for access to the user’s personal information for advertising purposes.
Privacy advocates are especially concerned about the sale or transfer of students’ personal information to advertisers and the public. A Cloud Computing provider may sell personal information to advertisers or charge advertisers for access to its advertising system. More specifically, some providers or advertisers may use the personal information to create targeted advertising. Privacy advocates argue that this sharing of information violates student privacy rights.
Notions of privacy are changing in today’s society. Laws covering online privacy are in a state of flux. It is important that school districts stay up to date with changes in these laws to avoid litigation and loss of funding.
Providers that serve school districts must ensure that their privacy policies comply with Federal Trade Commission (FTC) regulations including the Children’s Online Privacy Protection Act (COPPA). Their systems must also comply with the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA) and the Federal Communications Commission’s Children’s Internet Protection Act (CIPA), as well as state laws.
The Children’s Online Privacy Protection Act (COPPA) is intended to protect children from cybercrimes, including crimes by online predators, and to help parents shield their children under the age of thirteen from material that is inappropriate. COPPA regulates the management of websites that collect information from minors for commercial purposes. It applies to educational Cloud providers because they produce products for children. School districts should ensure that their provider complies with COPPA.
The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student education records. FERPA applies to all schools that receive funds under an applicable program of the U.S. Department of Education. New FERPA regulations provide guidance as to how schools should manage student records in digital information systems. More specifically, it provides guidance as to how they must manage records when they outsource record management to providers. The U.S. Department of Education has created a privacy technical assistance center to serve education agencies. Districts may seek assistance from center officials to ensure compliance with FERPA.
The Protection of Pupil Rights Amendment (PPRA) is intended to protect student privacy rights. Specifically, it requires school districts that receive funds from the Federal Government to develop policies covering the collection, disclosure, or use of personal information collected from students. Unless state education agencies have implemented policies regarding information collection, PPRA requires school districts to create policies in consultation with parents. The Department of Education Family Policy Compliance Office provides model notices for FERPA and PPRA on its website.
The Children’s Internet Protection Act (CIPA) is a federal law enacted by Congress to address concerns about access to offensive content on the Internet viewed on school and library devices. Under CIPA, schools and libraries are required to adopt and implement an Internet safety policy addressing unauthorized disclosure, use and dissemination of their students’ personal information.
Many states are enacting statutes governing privacy. For instance, California law prohibits schools from entering into a contract for electronic products or services that requires the dissemination of advertising to pupils, unless the governing board of the school district does all of the following: enters into the contract at a noticed public hearing of the governing board; makes a finding that the electronic product or service in question is or would be an integral component of the education of pupils and that the school district cannot afford to provide the electronic product or service unless it contracts to permit dissemination of advertising to pupils; provides regular written notice to the parents or guardians of pupils that the advertising will be used in the classroom or other learning centers and offers the parents the opportunity to request in writing that the pupil not be exposed to the program that contains the advertising. All California public schools must comply with this statute.
As laws covering the integration of technology into school systems change, it will be increasingly important that school officials are aware of the changes in applicable laws.
Edtechlaw.com is a blog designed to keep school district officials aware of the most recent developments in the law and policy governing educational technology. It is managed by Andrea Cascia, an education law attorney and technology teacher in San Diego, California.
Andrea has worked in the field of educational technology for more than ten years. She thouroughly investigates the legal and policy issues related to educational technology. She is dedicated to improving the use of educational technology in schools.
In addition to teaching technology classes, Andrea guest lectures at the University of San Diego School of Law and University of San Diego School of Education and Leadership Sciences. She provides students with information on the latest educational technology innovations and the legal and policy issues related to these innovations.
Andrea Cascia, firstname.lastname@example.org, is available to consult on legal and policy issues related to educational technology. Thus, this blog posting is an advertisement.