Recently PTAC (Privacy Technical Assistance Center, U.S. Department of Education) released a new publication, Protecting Student Privacy While Using Online Educational Services: Requirements and Best Practices. You can get the full publication here.
FERPA (the Family Educational Rights and Privacy Act) protects personally identifiable information (PII) from student records from unauthorized disclosure. But with new technologies and services, those guidelines have a lot of exceptions and nuances; this new report aims to clear up confusion and provide updated guidelines in the face of new tools. The report shares advice and information to help schools protect student privacy while using software, apps, and web-based tools.
Lightspeed Systems solutions (including My Big Campus, Mobile Manager, and our Web Filter) are such technologies, classified by PTAC as Online Educational Services. We stay on top of these issues, and the new report doesn’t require any changes in our policies. We are, and always will be, committed to protecting student privacy and data and complying with all regulations when schools use our solutions.
Because of the variety of services and the wide range of district needs and circumstances, the report offers “It depends” as the answer to both “Is student information used in Online Educational Services protected by FERPA” and “What does FERPA require if PII from students’ education records is disclosed to a provider.” That answer, “it depends,” requires districts to have policies in place and overall knowledge of services being used in order to make an informed decision about which way the “it depends” goes.
Some good advice provided in the report includes:
Be aware of which online educational services are currently used in your district
Have policies and procedures to evaluate and approve online educational services
While it is necessary to collect some information to effectively provide our learning solutions, we go to great ends to protect students and to treat their data with care:
- We only collect the information we need to perform services
- We protect that data through authenticated communications, encryption, and database storage with several layers of protection
- We do not sell that data to any third-parties
- We do not market other solutions to students
- We use the data only for the stated purposes of delivering a learning management solution
We hear from many schools that there is little oversight into what apps and programs teachers are using in their classrooms. While nobody wants to hinder learning with bureaucratic procedures, some education and oversight is necessary. We’d suggest that teachers be informed of the regulations of FERPA and these guidelines — and be advised of best practices in protecting student data (Do you know who created that app? Do you trust them? What are they doing with the information provided? Is that information necessary to perform the services?). And we also recommend that any services that require the transmission of student data be evaluated on a district level for their adherence to privacy laws and best practices.
A similar regulation, COPPA (Children’s Online Privacy Protection Act) applies to the online collection of data about children under 13. This regulation is one of the reasons our Mobile Manager solution doesn’t provide location services. (You can learn more about COPPA here.
We’re happy to discuss in detail how any of our solutions uses and protects student data.
We also provide resources, including parent notification letters, to help schools comply with FERPA requirements. Those materials can be found in our My Big Campus Orientation Center.
Don’t forget to grab the full copy of the report here. And let us know if you have any questions or comments.