Over the last year, student data privacy conversations have been percolating across the nation, but now state legislatures are doing something about it.
California sent two bills to Gov. Jerry Brown last week that deal with two sides of the same coin. SB 1177 lays out privacy guidelines for operators of Internet websites, online services, online applications and mobile applications. Meanwhile, AB 1584 deals with contracts between local educational agencies and third-party technology vendors.
The reason for new legislation
These bills address a growing problem of mismanagement of student data. Federal student privacy legislation including FERPA and COPPA do address student data privacy, but educators, privacy advocates, legislators and industry members are split on whether that legislation does enough to protect privacy in the Digital Age we live in. While new federal legislation was introduced in late July, states have been stepping up to deal with the issue by introducing 110 bills in 36 states this year and signing 28 of them into law as of August 27, according to the Data Quality Campaign.
A balancing act
CUE Inc., a professional association of computer-using educators, said SB 1177 initially included language that would have limited the ability of students to take their cloud-based work with them when they graduated and share their work beyond school. It also would have prohibited third-party companies from suggesting relevant education products based on student performance data collected from their services.
The educator association quietly expressed concern about the unintentional negative effects of this language, and Steinberg’s office responded, largely addressing those concerns with the final wording.
What SB 1177 does
SB 1177 lays out a number of do’s and don’ts for operators of K-12 Internet websites, online services, online applications and mobile applications that apply broadly whether companies contract with schools or not:
- Do not target advertising on the site or another site based on information from K-12 users.
- Do not use information gathered through the service to build a profile about a K-12 student.
- Do not sell a student’s information.
- Do not disclose covered information unless it’s for legal, regulatory, judicial, safety or operational improvement reasons.
- Do protect student information through reasonable security procedures and practices.
- Do delete school- or district-controlled student information upon request from those entities.
- Do disclose student information when required by law, for legitimate research purposes and for K-12 purposes to education agencies.
Companies can use de-identified student data within their sites to improve educational products, demonstrate their effectiveness and improve their sites.
What AB 1584 does
AB 1584 dives into the details by spelling out what types of things local educational agencies should include in contracts with third-party digital record and educational software providers:
- Do establish that the local educational agency owns and controls student records.
- Do describe how students can keep control of their projects and other content created for school, along with a way to transfer their content to a personal account later.
- Do prohibit third parties from using student information for purposes outside of those named in the contract.
- Do describe how parents, legal guardians or students can review and correct personally identifiable information contained in their records.
- Do outline actions that third parties will take to make sure that student data is secure and confidential.
- Do describe procedures for notifying affected parents, legal guardians or eligible students when there is an unauthorized disclosure of student records.
- Do certify that student records will not be retained or available to the third party once the contract is over and lay out how that will be enforced.
- Do describe how local educational agencies and third parties will comply with the federal FERPA legislation.
- Do prohibit third parties from using personally identifiable information from student records to target advertising to students.
Along with these do’s, the bill says that contracts will be voided if they do not comply with the requirements laid out above after a reasonable amount of time and notice to do so.
Read the entire article by Tanya Roscorla on the Center for Digital Education at http://www.centerdigitaled.com/news/California-Protects-Student-Data-Privacy-with-Two-Bills.html