New guide takes a deep look at protecting student data privacy

Increased data use has the potential to enhance and expand educational opportunities, but it can also put sensitive student information at risk. To address the concern, the Future of Privacy Forum recently published “The Policymaker’s Guide to Student Data Privacy.”

With data proliferating in school settings — from enrollment numbers to test scores to health and disciplinary records — the FPF finds that effective policies enacted at the local, state and federal levels can mitigate dangerous and costly data collection and privacy risks.

“A loss of autonomy, a stifling of creativity due to feeling surveilled, or even the public revelation of highly sensitive information …. are just some potential consequences of technology misuse, poor data security policies or insufficient privacy controls,” the FPF reports. The sensitive information could range from student academic records to disability status and other personal details.

Nationwide, legislators have passed nearly 120 laws meant to protect student privacy since 2014, including six in California. Not all have had their desired impact. “Despite the best of intentions, some efforts to protect student privacy hamstring students, teachers, and schools with unintended consequences,” said Amelia Vance, director of education privacy at FPF. “Having people on the ground — students, parents, teachers, administrators and ed tech companies — involved in the policymaking process can keep well-intentioned laws from limiting important uses of data and technology in the classroom.”

The organization’s new guide largely answers the following questions:

  • How is student data used?
  • Which federal laws already address student and child privacy?
  • Do general privacy laws address student data?
  • What are common state-level approaches to regulating student data?
  • What are potential issues to consider when drafting student privacy legislation?
  • Which stakeholders should policymakers consult when considering measures to protect student data?
  • Which resources can policymakers use to further evaluate and create student data privacy legislation?

The National School Boards Association, National Association of State Boards of Education and School Superintendents Association were among organizations that served on the resource’s advisory council.

Further resources for board members:

  • CSBA sample board policies on student data and privacy available through Gamut Online. Policies include BP/AR 5022 – Student and Family Privacy Rights; BP/AR 5125 – Student Records; BP/AR/E 5125.1 – Release of Directory Information; BP 5145.13 – Response to Immigration Enforcement and BP 1340 – Access to District Records
  • CSBA blog post, “Report: Cybersecurity incidents, risks growing across the country”
  • NSBA report on legal issues related to protecting student data and suggested best practices, “Data in the Cloud”