FERPA: The Family Educational Rights and Privacy Act (FERPA, 1974) regulates the release of personally identifiable information and education records, including parental rights regarding notification of the release of records, as well as the right to review, inspect and amend such records. COPPA: The Children’s Online Privacy Protection Act (COPPA, 2000) pertains to websites and online services that seek to collect information about or from students under 13 years of age. It specifies language that should be in the privacy policy of the service, as well as when the service must have parental consent to collect the information. PPRA: The Protecting Pupil Rights Amendment (PPRA, 1978) establishes requirements related to parental notification and opt-out option when collecting sensitive information from students that may be used for marketing purposes. HIPPA: The Health Insurance Portability and Accountability Act (HIPPA, 1996) contains privacy and security provisions that relate to the transmission of health records. HIPAA has a fairly limited application in schools, as most student health-related information is stored in the students’ education records, which is covered by FERPA. In addition to these four laws, many states have recently passed student privacy laws. About 120 such laws were proposed in 2014. Thirteen states have new student privacy laws as a result. Many more laws will be proposed in 2015 and some are likely to be enacted, causing even more confusion on the part of school leaders. California was the first state to pass comprehensive student data privacy legislation related to commercial use of data. President Obama’s proposed law, the Student Digital Privacy Act, which was modeled largely on the California law, known as SOPIPA (Student Online Personal Information Protection Act).
In March 2014, CoSN (Consortium for School Networking) published the “Protecting Privacy in Connected Learning” toolkit to help school system leaders with the many intricate issues related to compliance with FERPA and COPPA when using an online service provider. The toolkit was developed with the assistance of the Harvard University Cyberlaw Clinic and the Berkman Center for Internet and Society. In the past year a number of items have been added to the toolkit, including PPRA and HIPPA guides, among others. It can be downloaded free-of-charge at cosn.org/privacy. What Types of Data Are the Laws Intended to Protect? There are primarily two types of data that most privacy laws are intended to protect. The first is data collected by the school. The second is data collected by online service providers. School systems need data such as demographics, contact information, attendance, grades, health issues, accommodations and assessments. The vast majority of these data stay in the school system, but the state education agency and certain
Federal programs may need a small amount. The infographic, titled “Who Uses Student Data?” published in June 2014 by the Data Quality Campaign (www.dataqualitycampaign. org), shows the types of data collected and how it may be used at each level. One concern some have with this is the fear of “big brother.” They see education as a purely local matter and therefore don’t want other agencies having access to the data. The other concern with school-collected data comes when schools start moving data to online, cloud services. Many districts are choosing to have, for example, the student information system vendor operate the application in the cloud. Now all of that student data may no longer be under the direct control of the school and thus raises FERPA concerns. Data collected by online service providers and the commercial use of data is the second big area of concern. Online service providers (e.g., websites, mobile apps, cloud or software as a service) collect data for various reasons. A common concern with this is that the service will track a student online and then target advertising to the student or use data
B Y O D one : one identity. managed. OmnID gives schools
· A simplified admin portal to manage
network and information access, levels and individualized security settings
· Single sign-on to give students
and staff easy access and decrease the administrative burden
· Improved management
and storage of digital assets
· A future-proofed solution to
support BYOD with less risk
OmnID ID Management is the easiest thing you’ll do all day!
To simplify your BYOD and 1:1 initiatives, visit www.wiseidentity.com or call 612-209-5557
www.seenmagazine.us
SouthEast Education Network
Spring 2015
17