The expanded use of educational technology and student information for improving student learning has drawn attention to the issue of student privacy on the state and national policy agenda. The education community is having important discussions about the use of student data while also ensuring its privacy and security.
Many educational service providers, working with schools and universities, use student information to develop and deliver learning software, digital content, web services and related technologies and services that meet their teaching, learning and enterprise management needs. These range from adaptive learning to bus and classroom scheduling software, and from learning management systems to data systems. They are helping to personalize learning, support teachers and instruction, carry out various administrative operations, and improve school productivity and educational performance.
As student information is used to improve learning, schools and service providers have a shared responsibility to protect the privacy and security of student information.
One way they do this is by limiting the collection and uses of student information. Schools and their service providers collect and use student information only for legitimate educational purposes and have policies and procedures in place to prevent unauthorized use. This is not just a matter of good will. Schools are required to do this by the federal Family Educational Rights and Privacy Act (FERPA) and often by state laws as well. Service providers are also bound by contract and are subject to significant penalties including the possibility of being restricted from contracting with the school for up to five years for unauthorized disclosure of student information. There’s a market incentive for service providers as well: if they do not live up to their responsibilities, they will lose the confidence of their customers and lose business.
Privacy and security of student information is important to schools and service providers for another reason. They are essential parts of good information practices. For instance, if student information is inaccurate, out-of-date or incomplete, this renders the use of the information unreliable.
Educational service providers do not have an independent role in the school system. They cannot just use student information as they see fit. They work for educational institutions. They collect and use student information only with the explicit approval of the schools and other educational institutions that they work for. They use this information only for the purpose authorized by the educational institution.
Parents have an important role too. Federal law requires parental consent (for students under age 18) if schools want to share information with third parties for non-educational purposes. If schools, school districts, or state educational departments want to use student information beyond the narrowly defined educational purposes in Federal law, they have to get parental consent.
Some have called for parental consent for all uses of student information, even for core educational purposes. But this is unrealistic. Schools need to collect information from students to operate their institutions and to provide education to their students. They must share this information with third-party providers without whom they do not have the capacity to carry out many core functions. They cannot possibly do this if they have to provide an opt-out for all uses of student information. More importantly, a universal opt-out would also create an unfair imbalance by further widening the achievement gap — some students would have access to the best educational resources while those who opt out fall behind.
As our education system continues to transform itself, SIIA looks forward to continued work with educators, policy makers and providers to advance the innovative use of technology and data to drive student success, and the continued use of sound data management practices that protect student privacy.
Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow Mark on Twitter at @Mark_MacCarthy