Data privacy is a major buzzphrase these days, but many might be surprised to learn about the many obstacles faced by schools when they try to protect student/family privacy. School data breaches are not uncommon and school data security has had a hard time remaining relevant and modern. In an era when the average consumer is becoming more and more protective of their data, schools need to reexamine and strengthen their privacy practices to ensure the safety of students and families.
A primer on data privacy for children
When the Internet first became publicly popular in the late 90s, the Federal Trade Commission realized there was a problem with the collection of personal data from children who were online. This led to the development of a number of privacy laws, but unfortunately, many of those laws were poorly developed to begin with and are now sorely outdated and ineffective. As such, many state and local legislatures have taken it upon themselves to create policies around how to protect children on the internet, and more specifically, how schools are responsible for protecting the personal data of their students.
What schools are left with now is a complex web of legal requirements, complicated further by the ever-evolving world of the internet and technology, all hinging on the core expectation of student/family privacy protection. Keeping student data safe is not always easy, but it’s also not optional.
The biggest challenges in protecting student/family privacy
There are two primary challenges faced by schools when it comes to protecting student/family privacy: understanding and navigating the complex legal requirements and expectations around student privacy, and applying this understanding to the use of third party applications.
School legal requirements around student/family privacy
In addition to the pre-Internet privacy laws, such as FERPA, HIPAA, and PPRA, there was a scramble to create new laws in the face of the massive and intimidating arrival of the World Wide Web. These laws include, primarily, the Children’s Online Privacy Protection Act (COPPA) and the Children’s Internet Protection Act (CIPA).
Sometimes, poorly designed legal red tape can complicate or limit a school’s ability to provide proper care and education to their students. One example is in Louisiana, where privacy laws prevented schools from sharing information with aid organizations about which students qualified for free and reduced lunch during the pandemic – ultimately limiting food access for those children.
Plus, the rapid, exponential expansion of the internet as a tool – from a bulky home computer being a rarity to students suddenly having computers in their pockets – has caused constant changes and updates to
“Keeping student data safe is not always easy, but it’s also not optional.”
these laws, making it extremely burdensome for schools to stay above board and in compliance. Alas, such compliance is still a necessity – and schools need to step up to the plate.
The challenge with third-party providers
It’s a smart move for schools to outsource some of their data management to third-party providers. These ed-tech companies can simplify and streamline the organization and navigation of thousands of pieces of student data, allowing teachers, school administrators, and staff to attend to the important work of educating children.
Unfortunately, it can be hard for schools to find a reliable provider who operates in compliance with best practices for student data privacy. And if a third-party provider that is contracted by a school or district experiences a school data breach, the school is held responsible for placing their families and children at risk. This makes the vetting and selection of all third-party providers an especially important process for schools.
School administrators are guided by the Family Educational Rights and Privacy Act (FERPA), which affords parents certain rights regarding their children's education records. But it doesn't protect families from all those mobile apps that are routinely downloaded by children and parent alike. In the following article, privacy author Tina Birdsong addresses mobile apps that schools and families routinely use, and underscores some very timely safe family tips including the seven common behaviors that put family privacy at risk.
The consequences of failure: avoiding a school data breach
It’s likely that many of us have become somewhat desensitized to the idea of protecting our data. While we recognize, conceptually, that data privacy is important, we may also think: That’ll never happen to me. That’ll never happen at my school. But the truth is, it can happen to anyone.
When a district or school fails to meet its responsibility for school data security, the outcome is called a school data breach. In 2020, the education sector was the third most affected sector when it came to data breaches. Only the healthcare and technology sectors faced more threats to their data security. This is a frightening statistic, as such breaches can have major consequences on the health and safety of students. One example is when this Cincinnati school accidentally released the bussing information for thousands of students. In the wrong hands, this data could have enabled a kidnapping – a very severe example of the consequences possible when schools don’t properly prioritize student/family privacy.
If your school experiences a breach, there are steps you can take to protect your student and family data. Read more in this guide provided by the US Department of Education.
Schools districts and third-party providers feel the pressure to ensure family data privacy
It is ultimately the responsibility of school and district administrators to not only ensure that their community is in compliance with the legal requirements for student/family privacy, but that any third-party providers they use are doing the same. Fortunately, there are certifications that can help administrators choose more qualified services. This is a relatively new and complex task that lands in the laps of already-busy professionals, but the consequences of ignoring student/family privacy are serious. Stay up to date on school data security in order to avoid a breach and keep your families and students safe.
Emma Castleberry is an education writer and contributor to the Campus Suite Academy blog. You can reach her at firstname.lastname@example.org.