NSBA issues guide for schools on data privacy
(Va.) Making consistent strides toward bringing modern technology to the classroom isn’t a simple task, and neither is adjusting to obstacles that come with it, such as protecting students’ online privacy.
But school districts considering data protection policies can look to guidance recently released by the National School Boards Association for a brief overview of existing laws, as well as information about online technologies and suggestions for merging student access with security.
“The advantages of Cloud-based platforms and learning tools are obvious – ease, convenience, 24/7 accessibility, less staff time maintaining on-site servers, individualized learning, and compliance with testing requirements,” reads the 10-page report, “Data in the Cloud: A Legal and Policy Guide for School Boards on Student Data Privacy in the Cloud Computing Era.”
“But along with these benefits come serious challenges, particularly the potential for loss of privacy that accompanies the transfer of personal student information to the Cloud,” authors note. “Concerns about data privacy are real and must be addressed by public school districts, which reflect the values and norms of their communities.”
This guidance comes as both federal and state officials seek regulations that allow districts to maintain control of private student information even as they expand the use of multi-media and open-source technologies in their classrooms.
School leaders, says the NSBA, must be proactive in efforts to guard the personal information of their pupils and able to articulate their district’s policies, practices and commitment to protecting student privacy.
“Teachers and administrators must understand the necessity of taking steps to ensure that cloud services deployed throughout a district’s offices and classrooms comply with all applicable laws and district policies,” the association’s white paper says. “And the school district community – including parents – should be consulted and educated about the district’s use of the Cloud.”
From districtwide email systems to educational applications accessed via classroom computer, every connection to the Internet is a potential source of student data, report writers said.
“More difficult student data privacy issues arise with the universe of applications available to individual staff and students through a simple Internet connection, often to a device that can fit in a pocket,” reads Data in the Cloud. “These applications create separate ‘doors’ to district data that it may not be able to control in every case.”
Despite all the concerns about student data privacy, however, the NSBA report urges districts not to avoid taking advantage of modern technology to educate students and makes recommendations for doing so safely.
Among the suggestions:
• Identify an individual district-wide Chief Privacy Officer (CPO), or a group of individuals with district-wide responsibility for privacy.
• Conduct a district-wide privacy assessment and online services audit, preferably by an independent third party. By determining what services are currently in use, and to what extent student data is used and protected within those services, your district will have the basis for determining what policy or practice changes are necessary.
• Establish a safety committee or data governance team that includes the school or district’s Chief Privacy Officer. This team engages with the school community regarding proposed and existing use of Internet-based educational services that may use student information, recommends policies and best practices, and serves as the liaison between the school district and the community on privacy issues. This team also could serve as the review board to approve adoption of specific apps and services.
• Regularly review and update relevant district policies and incident response plans, in consultation with your state school boards association and school attorney. Consider including the following in your district’s policy:
- Clear guidelines or procedures for evaluation and adoption of Cloud services, which include requiring a written contract; and
- Statements regarding whether or when the district may allow the use of student data for service-provider uses outside of the contracted service.
• Consistently, clearly, and regularly communicate with students, parents, and the community about privacy rights and district policies and practices with respect to student data privacy. Include in an annual notice to parents the types of information transferred to Cloud service providers.
There are a number of additional resources mentioned in the guidance to help local educational agencies identify best practices for protecting student privacy.
Senate panel moves bill to restore multilingual K-12 classrooms
(Calif.) A bill that would repeal the core tenets of a 15-year-old ban on the use of bilingual education in the state’s K-12 school system cleared its first legislative hurdle Wednesday – passing out of the Senate Education Committee, where it was lauded as being both necessary and overdue.
