Protecting student data — especially in the age of cloud computing — is a laudable goal, but before Congress or state legislatures pass new laws or revise old ones, it’s important to make sure that innovation and creativity don’t become collateral damage.
There are a number of bills before Congress that would, essentially, update and strengthen the Family Educational Rights and Privacy Act (FERPA).
FERPA, which was first enacted in 1974, could not possibly have established a framework that took into account technology that would make it possible to collect vast amounts of data that can be easily collected, transmitted, stored and shared.
When FERPA became law, student data records were stored on paper in school filing cabinets, not on “cloud-based” servers operated by school districts and, in some cases, private companies. No one back then was talking about “monetizing” data, and the only way a thief could get access to student data would be to break into the school’s offices and pick the lock on the filing cabinet.
Whether student data is stored on school computers, district servers or commercial cloud-based services, one of the key provisions of almost all the proposed bills is to make sure that student data remain secure and under the control of parents until a child turns 18. For that to occur, the companies, organizations and agencies that store the data must have strong security procedures in place, along with robust privacy policies, to make sure that they are not improperly using or sharing the data.
Protect both privacy and creativity
Today, educators and students around the country are creatively using lots of tools and apps to enhance the learning process. Some of the better known ones include Evernote to document a history project, YouTube to share a student video, Dropbox to store and share files, blogging tools like Blogger, Tumblr or WordPress to publish student work or even Facebook, Twitter, Snapchat, Instagram or Ask.fm to enhance student collaboration.
And these are just a few of the well-established services. There are thousands more and new ones popping up all the time. Chances are that some of the most exciting and innovative tools that our kids will be using a year from now haven’t even been created yet. Somewhere, in a garage, basement, dorm or apartment, a young app developer is conjuring up the next great tool and — once it hits the app stores — kids will find creative ways to use it.
It’s important that these tools be able to flourish and find their way into classrooms. Kids will use them one way or the other, but it’s possible that new student privacy laws could prevent teachers from being able to use them or even allowing their students to use them for class assignments.
Of course, we also want to protect the privacy and security of student data. But we don’t want to destroy the ability for teachers to employ the very technologies to which students are flocking. In fact, we want teachers to know about, teach and use these technologies so that they can help students employ them safely and effectively.
Think of these apps the way you might think of sports. We all know that there are risks associated with playing baseball, basketball or any other sport, but we also know that wise coaches and parents can help young people minimize these risks. Do we want them playing these sports in the street, without any safety equipment, supervision or rules, or do we want them playing them with some adult guidance?
Timely vetting and stakeholder education
Yes, we need some type of vetting process to make sure that the developers of apps used in schools have adequate security and safety and that students are using apps from responsible companies, but we don’t want to make the process so slow and encumbered that — by the time an app is approved for classroom use — students have already gone on to the next great thing. The solution is teacher training and awareness along with staff, parent and student involvement and, when possible, consultation with the app developers themselves.
Rather than the federal or state government or even the school district telling teachers and students what they can and can’t use, we should be developing processes for quickly vetting apps to ensure compliance with some basic security and privacy policies.
The solution includes teacher training and awareness along with staff, parent and student involvement and, when possible, consultation with the app developers themselves. Rather than the federal or state government or even the school district telling teachers and students what they can and can’t use, we should be developing processes for quickly vetting apps to ensure compliance with some basic security and privacy policies.
App developers and service providers must also step up to the plate and, at the very least, follow in the footsteps of 150 companies by signing the Student Data Privacy Pledge and agree to not sell student information, not behaviorally target advertising, not change privacy policies without notice and choice and to use data for authorized education purposes only. Signers of the pledge also agree to enforce strict limits on data retention, support parental access to, and correction of errors in, their children’s information, provide comprehensive security standards and to be transparent about collection and use of data.
This post is adapted from one that appeared in the San Jose Mercury News
Take Student Notes to the Next Level (A teacher, Kerry Gallagher) describes tech tools used by her students
Bills and laws