Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Feb. 26 --New guidance issued by the Department of Education's Privacy Technical Assistance Center aims to help school systems and teachers protect student privacy while using online educational services, the department said in a Feb. 26 statement announcing the release of the guidance.
Online educational services include computer software, mobile applications and Web-based programs provided by a third party to a school or district that students and their parents can use for school activities via the Internet, according the guidance.
In addition to explaining requirements under the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA), the guidance sets forth a list of suggested best practices that schools and school districts can use “to go beyond compliance,” the department said.
“As an education community, we have to do a far better job of helping teachers and administrators understand technology and data issues so that they can appropriately protect privacy while ensuring teachers and students have access to effective and safe tools,” Secretary of Education Arne Duncan said in the statement.
FERPA, at 20 U.S.C. § 1232g, protects personally identifiable information (PII) in education records from being disclosed without authorization, the guidance explained.
“Subject to exceptions, the general rule under FERPA is that a school or district cannot disclose PII from education records to a provider unless the school or district has first obtained written consent from the parents,” students 18 years of age or older and postsecondary students, the department said.
But FERPA does not protect certain data in certain situations, such as where student information has been de-identified or where the information constitutes “directory information,” information from student records that would not be considered an invasion of privacy if disclosed, the department said.
The PPRA, 20 U.S.C. § 1232h, generally requires school districts to notify parents of students whose personal information may be collected, used or disclosed for marketing purposes and to give those parents the opportunity to opt out of such activities.
“Regardless of whether FERPA or PPRA applies to a school's or district's proposed use of online educational services, the Department recommends that schools follow privacy, security and transparency best practices,” the guidance said.
The department recommended that schools and districts:
• maintain awareness of other applicable laws, such as the Children's Online Privacy Protection Act;
• remain aware of which online educational services the district is currently using;
• establish policies and procedures to both evaluate and approve new online educational services;
• use a written contract or a legal agreement with providers;
• take extra steps when accepting “click-wrap” licenses for consumer applications, which can be acquired simply by clicking “accept” to the application's terms of service; and
• be transparent with both parents and students about how student information is collected, shared, protected and used.
The department also recommended that contracts with providers include provisions on: security and data stewardship; information collection; data use, retention, disclosure and destruction; data access; contract modification, duration and termination; and indemnification and warranty.
Meanwhile, the Software & Information Industry Association (SIIA) Feb. 24 released a set of industry best practices for providers of school services to safeguard student privacy and secure student data.
Those best practices include: only collecting, using and sharing student PII for educational purposes; being transparent about what information is collected, used and shared; only collecting, using and sharing student PII with authorization from the educational institution or with student or parental consent; maintaining security policies and procedures to protect students' personal data; and notifying educational institutions about data breaches.
Full text of the Department of Education guidance, “Protecting Student Privacy While Using Online Educational Services: Requirements and Best Practices,” is available at http://op.bna.com/pl.nsf/r?Open=kjon-9gpndj.
The SIIA's suggested best practices are available at http://bit.ly/1msSMyR.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)