Blog: The Educated Reporter

Protecting Student Data: Even Experts Are Just ‘Figuring It Out’

Protecting Student Data: Even Experts Are Just ‘Figuring It Out’

The last decade’s increasing reliance on data-driven education tools has policy leaders scrambling to safeguard personal information as Americans increasingly become concerned about their children’s digital footprints.

Chief among the challenges lawmakers face is juggling the extraordinary growth of an industry and the personal safety of students.

“With bigger goals for personalized learning, I’d argue that privacy is the new safety,” Keith Krueger, CEO of the Consortium for School Networking, said during a panel discussion at the Education Writers Association’s 68th National Seminar. “It’ll evolve and change, but it’s the lens in which technology will be viewed in the next few years. Why do we even need this data? Why are we collecting it?”

As schools introduce devices into classrooms to enhance learning, and as technology has made it easier to collect thousands of data points per child, student data privacy has politicians facing tough questions and school officials scratching their heads. Parental concerns over how much of their children’s lives are being monitored have already sunk one major player in data storage and collection: When student data nonprofit inBloom folded last spring, confidence in the education sector’s information security notably took a nosedive. But inBloom is just one of many services that promised to offer greater clarity on student performance, and many of those companies are gathering steam. Add to that a motley of academic games and free apps that rely on student information, and the education data landscape seems vast and largely untamed.

 “It’s about intellectual freedom for students to be able to explore in the classroom without worrying that anything typed will cripple students’ intellectual curiosity,” Khaliah Barnes, director of the Electronic Privacy Information Center Student Privacy Project, told the EWA audience in Chicago.

Even with uncertainty that comes with ed-tech’s developing practice, data collection and analysis presents a major opportunity to improve and personalize the learning experience, Krueger said. It allows students to move at a faster pace and for educators to provide and act on informed feedback. [EWA held a webinar on the role data collection plays in improving student learning.]

But the success of technology and information storage hinges on the rules governing their use. President Barack Obama proposed a new Student Digital Privacy Act in January t sought to bar companies from selling sensitive student data and from using that information for targeted marketing. Reps. Luke Messer (R-IN) and Jared Polis (D-CO) introduced the bill last month.

“It’s quite a strong bill, but it still remains to be seen where it will go,” said Paige Kowalski, vice president of policy and advocacy for the Data Quality Campaign. “We have to have a serious conversation about training and resources, and we don’t know what the consequences of penalty would look like yet, or if jail time is involved.”

That lack of clarity and the sentiment that things “remain to be seen” appears to be the common theme across student data privacy. Information tools are being introduced because there’s potential for them to radically improve education, but the legal questions and contracting are what put student privacy at stake, and “we’re still trying to figure that out,” said Education Week reporter Benjamin Herold, who moderated the session.

“Parents and lawmakers need help contextualizing why we’re having a privacy conversation,” Kowalski said. “This isn’t about being pro-test or anti-test, it’s about information we’re collecting in districts so we can better understand how to effectively allocate resources and how to move kids forward to make them college and career ready.”

Major questions the panelists said need to be addressed include:

  • Should certain student information be collected at all? How much should we regulate collection of data?
  • How do we ensure security to prevent hacking?
  • What is happening to the information that is being collected?
  • Is the data going toward secondary uses beyond its primary intent of collection?
  • Who is the primary holder of the information? Can that information be shared?
  • Who are the specific entities being regulated in proposed legislation? Are the districts and schools or tech industry liable?
  • What are the processes for holding entities accountable?
  • How can new student data privacy laws identify who is in charge and who has access to the collected information?
  • How are districts and vendors going to be transparent with parents about the processes?
  • How long will the collected data be kept?
  • How will the regulations be enforced? Can parents or students take a responsible entity to court?

The list goes on. And two reasons stand out for why the questions seem endless: evolution of norms in society and technology, and ambiguous familiarity with the Family Educational Rights and Privacy Act, the federal law of the land that protects student privacy.

FERPA was developed in 1974 when current devices and information sharing channels didn’t exist, so the regulations became outdated as technology evolved. Lawmakers must now seek to create forward-looking policies that can be flexible as the tech world develops, panelists said. [See EWA’s primer on FERPA.]

“I don’t think any parent knows the word FERPA, or what it is or what it does,” Kowalski said. “I’ve gotten more calls in the last 10 years about what FERPA is than anything else. I’ve spent time with people who spend their whole lives [working with FERPA] and even they disagree with what it is. The person coming around asking questions about FERPA is also probably the person making [student data privacy] decisions.”