skip to main content

Data Privacy, Safety & Security

INTRODUCTION:

INTRODUCTION:

This article is intended as a resource to promote the safe and responsible use of data, both in the classroom and in our business practices. As data has become digitized and moved from the paper in a file cabinet to being stored in the cloud, there are new challenges to ensure this data is protected and is accessible only to those who need access. This article provides information about data privacy and safety, including state and federal regulations that govern data privacy; assistance in understanding our individual role with data; tips to improve our personal habits; tips to aid teacher compliance when selecting classroom applications; and other resources that support data privacy protection.

Even with the best network security measures in place, it’s the human element that puts data at the greatest risk. Each August, as students and teachers return to the classroom, is a good time to remind ourselves to practice safe digital habits and to reflect upon areas we can improve our personal practices to protect student data and the network. It's important to know and understand our role as a data steward: proprietor, custodian or user, and to exhibit strong practices. Are you unsure what data can be shared and the best way to share it? It's always best to err on the side of caution, so don't share until you know you can share the data in the safest way possible.

Here are two strong practices you can put in place immediately:
 
  • Before leaving your workspace, make sure your computer is locked; and
  • Do not place passwords written on sticky notes under your keyboard or on your monitor.
 
Can you identify other safe practices?
Passwords

Passwords

passwordpractices
Phishing

Phishing

Phishing
There are several laws that dictate how schools and teachers handle student data.

FEDERAL
There are several laws that dictate how schools and teachers handle student data.

FERPA :: The Family Educational Rights and Privacy Act The Family Educational Rights and Privacy Act (“FERPA”) (20 U.S.C. § 1232g; 34 C.F.R. Part 99) is a Federal law that protects the privacy of student education records. The law applies to all entities that receive funds under an applicable program of the U.S. Department of Education. FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are “eligible students.” Parents or eligible students have the right to inspect and review the student’s education records maintained by the school. Parents or eligible students also have the right to request that a school correct records which they believe to be inaccurate or misleading.

COPPA :: The Children's Online Privacy Protection Act
The Children’s Online Privacy Protection Act (“COPPA”) is a federal law governed by the Federal Trade Commission (“FTC”) that controls what information may be collected from children under the age of 13 by companies operating websites and mobile applications. (15 U.S.C. § 6501, et seq.) COPPA requires companies to post a clear privacy policy on their website or mobile application, provide notice to parents, and obtain parental consent before collecting personal information from children under the age of 13. Under COPPA, school districts1 are authorized to provide consent on behalf of parents and may approve a student’s use of an educational program. An LEA’s ability to consent on a parent’s behalf is strictly limited to the educational context. That is, an LEA may only consent on the parent’s behalf if the personal information collected is used strictly for educational purposes and not for any commercial purpose. Additionally, the FTC recommends that an LEA provide notice on its website identifying all of the websites and applications for which the LEA has provided consent on a student’s behalf.

CIPA :: The Children's Internet Protection Act
The Children’s Internet Protection Act (“CIPA”) is a federal law enacted to address concerns regarding children’s access to obscene or harmful content over the Internet. CIPA imposes requirements on LEAs that receive discounts for Internet access or internal connections through the federal E-rate program. In order to receive E-rate funding, LEAs must certify that they have in place an Internet safety policy that includes certain technology protection measures.
CALIFORNIA

CALIFORNIA

SOPIPA :: Student Online Personal Information Protection Act (SB 1177) 
Student Online Personal Information Protection Act (“SOPIPA”) (California Business & Professions Code § 22584) California Business and Professions Code section 22584, also known as the Student Online Personal Information Protection Act (“SOPIPA”), takes effect on January 1, 2016 and sets forth privacy laws for operators of websites, online services, and applications that are marketed and used for K-12 school purposes, even if those operators do not contract with educational agencies. While primary responsibility for compliance with SOPIPA lies with website operators, LEAs should proceed with reasonable due diligence when evaluating technology service providers, especially providers based outside of California, to ensure their policies and procedures comply with SOPIPA.

AB 1584 :: California Student Privacy Protection
Technology services agreements entered into, amended, or renewed by a California LEA on or after January 1, 2015 must follow specific requirements. These requirements apply to contracts for services that utilize electronic technology, including cloud-based services, for the digital storage, management and retrieval of pupil records, as well as educational software that authorizes a third-party provider to access, store and use pupil records. 

Collection of Student Information from Social Media :: California Education Code § 49073.6
California Education Code section 49073.6 requires that LEAs considering “a program to gather or maintain in its records any pupil information obtained from social media” first notify pupils and their parents or guardians about the proposed program, and then provide an opportunity for public comment at a regularly scheduled public meeting before adopting the program. “Social media” means an electronic service or account, or electronic content, including, but not limited to, videos, still photographs, blogs, video blogs, podcasts, instant messages, email, text messages, online services or accounts, or Internet website profiles or locations. For purposes of this law, “social media” does not mean an electronic service or account used exclusively for educational purposes or primarily to facilitate the creation of school-sponsored publications, such as a yearbook or pupil newspaper, under the direction or control of a school, teacher, or yearbook adviser.