In today's data-driven world, protecting student data is a foundational requirement of all school districts and the people working in them. Student data privacy obligations and good information security practices are critical to mitigating data breach risks and reaping the benefits of a data-driven instructional program that promotes student success. So what is Student Data and what are the laws that govern and enforce student data policies?
First, as CoSN (Consortium for School Networking) defines it, student data is:
“any student information that is protected under applicable federal or state privacy
law, including information that identifies, relates to, describes, could reasonably
be associated with or could reasonably be linked, directly or indirectly, with an
individual student. Student Data is also referred to as personally identifiable
student data or student personal information.” (Siegl & Leichty, 2023)
You may have heard of HIPAA (Health Insurance Portability & Accountability Act, 1996) as it pertains to Health Information protection. HIPPA is a federal law that is enacted and enforced by the Department of Health and Human Services (DHHS). Student Data, on the other hand, is governed by the following Acts and is enforced by the U.S. Department of Education: FERPA (Family Educational Rights and Privacy Act, 1974), COPPA (Children’s Online Privacy Protection Act, 1998), and PPRA (The Protection of Pupil Rights Amendment, 1978). Each of these laws is to be enforced in conjunction with each other’s requirements and state law restrictions. Each of these Student Data information usage rights needs to be considered as a whole and for each use case in order to fully understand their application to a situation.
Each of these student information Acts has considerable verbiage and tenets that make up their implementation and practical enforcement policies. Over the next few months of #bsd220tech Newsletter posts, I will focus on a particular law for that month and highlight some of the main points that I believe teachers should know in order to do their part in protecting student data privacy.
This month’s article focuses on the PPRA (Protection of Pupil Rights Amendment), originally established in 1978. I started with this law because it is less familiar than some of the other laws, it was enacted prior to the Internet's public usage, but it is still enforced and holds true in today's Digital Age. In general, PPRA applies to sensitive information that is collected directly from the student by the school district. PPRA requires school districts to obtain written consent from parents or students over the age of 18 before administering a survey, analysis, or evaluation in which the student is required to disclose any of the following sensitive information (Siegl & Leichty, 2023):
- Political affiliations or beliefs of the student or the student’s parent
- Mental and psychological problems of the student or student’s family
- Sexual behaviors or attitudes
- Illegal, anti-social, self-incriminating, or demeaning behavior
- Critical appraisals of individuals that have a close family relationship with the student
- Legally privileged or analogous relationships, such as conversations with doctors, lawyers, or clergy
- Religious practices, affiliations, or beliefs of the student or the student’s parent
- Income (other than information required by law to determine eligibility for financial aid)
While this information may seem dated, common sense, or obvious, a more modern approach to this law also considers questions that come from social-emotional learning curricula and early intervention programs designed to help identify and support students who may be at risk. These particular programs often touch upon PPRA-sensitive data criteria and should be examined under that lens prior to potentially violating student privacy.
A major requirement of school districts under PPRA is that they must notify parents at least once at the beginning of the school year of the date(s) when the surveys may be conducted; disclose their right to opt their child out of participating; and state their right to request for review any instructional materials used in conjunction with any survey that involves subject matter noted above and those used as part of the educational curriculum. During our Online Registration process for all students, Barrington 220 asks parents/guardians for their permission for these criteria every year.
Also under PPRA guidelines, school districts that participate in any of the following activities must notify parents and students aged 18 and over:
Activity | Minimally Required Notice |
Where lawful, with consideration for not just the PPRA but also state laws, the collection of Student Data directly from students to use for marketing or to sell to another party. | Notify parents and students 18 and older |
Any survey that asks students to provide sensitive information as defined in the PPRA. | Request permission from parents prior to providing such surveys to students. |
Any invasive, non-emergency physical examination or screening that is required as a condition of a student’s school attendance, administered by the school and scheduled by the school in advance, not necessary to protect the immediate health and safety of the student or of other students, and not required or permitted by state law. | Notify parents and students 18 and older of times and dates when you plan to perform any of these activities. |
(Siegl & Leichty, 2023)
While these guidelines for implementing PPRA were developed prior to public use of the Internet, they still need to be applied to uses relating to electronic information and the “Age of the App.”
For more information on the PPRA as it applies to online contexts, see What is the Protection of Pupil Rights Amendment? and Protecting Student Privacy While Using Online Educational Services: Requirements and Best Practices.
Next month’s blog post will tackle FERPA and its many caveats for teachers and school personnel.
Reference:
Siegl, J., & Leichty, R. (2023). Student Data Privacy Toolkit Part 1. CoSN. Retrieved April 5, 2023, from www.cosn.org/tools-and-resources/resource/student-data-privacy-toolkit-1/
No comments:
Post a Comment