Student Data Privacy

As students, schools, and districts move more and more of their work online, ensuring data privacy has become a key issue. According to Steve Smith, Cambridge Public Schools addressed this issue before many other districts, and remains ahead of the curve in this regard, in part because families and the community had high expectations that they do so.

Steve is CPS Chief Information Officer and I recently had the occasion to meet and chat with him about his work in CPS and elsewhere. He came to lead CPS Information, Communications, and Technology Systems team seven years ago, which had been established some years before. He's passionate about helping all schools (not just CPS) become digitally and technologically savvy and he has worked in collaboration with districts and states to develop common standards for both expectations and best practices that ensure student data privacy.

Steve is also DESE's liaison to the National Center for Education Statistics (NCES), the primary federal entity for collecting and analyzing data related to education in the US and other nations. During the course of our meeting, Steve introduced me to some of the work he is leading and these are some of the links he shared as we discussed student data privacy:

• Massachusetts Privacy Alliance (MSPA): The Alliance is a collaboration of school districts in the Commonwealth that share common concerns around student data privacy. There are currently about 40 districts in the Alliance. Their first outcome is the adoption and implementation of a common Student Data Privacy Agreement to be used by all member schools when implementing any online application.

• Cambridge Public Schools have made their vendor contracts/agreements open and transparent, not only to Cambridge families, but to the public at large, via the Cambridge Public Portal to Online Applications.

• Read the CPS White Paper on Balancing Innovation with Privacy HERE. The paper includes a list of relevant federal and state laws, CPS data systems, online "cloud services", CPS Web 2.0 procedures and case studies, and more.

• Access 4 Learning Student Privacy Consortium is a unique, non-profit community of schools, districts, local authorities, states, US and International Ministries of Education, software vendors, and consultants who collectively address all aspects of learning information management and access to support learning.

• The Consortium for School Networking (CoSN) is the premier professional association for district technology leaders, including AASA, ASBO International, and ASCD. CoSN initiated the Trusted Learning Environment (TLE), a seal program that requires schools to have implemented student data privacy protections meeting a set of high standards around five core practice areas. Schools that demonstrate that they have met the Program's requirements are able to display the TLE Seal, signifying their commitment to student data privacy.

• Common Sense Media Privacy work addresses parent concerns in the ever-evolving digital technology space.

• iKeepSafe focuses on healthy digital environments for educators, students, and families.

Additional resources I have come across (I invite you to please share your resources in the Comments section at the bottom of this post):

• Commissioner's Update of May 20 included discussion on Safeguarding Student Data

• The Berkman Center for Internet and Society at Harvard University's School of Law is a research center that engages in a wide spectrum of 'Net issues

• From Amelia Vance at NASBE (who introduced me to Steve): Policy Making on Education Data Privacy: Lessons Learned

• Speaking of NASBE, they dedicated their May issue of the Standard to The Power of Data

Check your knowledge of these terms and acronyms*:

• SEAs: State Education Agencies

• LEAs: Local Education Agencies

• SBEs: State Boards of Education

• Big Data**: the term used to describe data sets so large they can only be analyzed by computers

• Small Data**: a term coined by Martin Lindstrom; it is data that is small enough for human comprehension in a volume and format that is accessible, informative, and actionable

• Analytics: the term used to describe how data is collected, analyzed, and used

• PI: Personal Information

• PII: Personally Identifiable Information

• FERPA: Family Educational Rights and Privacy Act (of 1974) is a federal law designed to protect the privacy of student "educational records"; it established the rights of students to inspect and review their "educational records". It's outmoded for modern schools because they no longer have "educational records", they have "student data"

• PPRA: Protection of Pupil Rights Amendment (of 1978) is a federal law that affords certain rights to parents of minor students with regard to surveys that ask questions of a personal nature

• COPPA: Children's Online Privacy Protection Act (of 1998) is a federal law designed to protect the privacy of children under the age of 13

• SOPIPA: Student Online Personal Information Protection Act (effective January 1, 2016), is a California law and the first state law to comprehensively address student privacy

• PTAC: Privacy Technical Assistance Center at the US/ED provides guidance and best practices

- - -

* Many of these terms and acronyms were discussed last October at NASBE's pre-conference session on Student Data Privacy

** h/t to Tracy and Margaret, who attended MASBO's Annual Institute on the Cape earlier this month and shared this article on big and small data