Pa. bills would protect student privacy

By Rich Lord, Pittsburgh Post-Gazette
October 19th, 2015

Privacy legislation would require more communication between districts, parents

student-privacyThe homework assignments, essays, musings and instant messages today’s students are tapping into educational websites and applications would be subject to new data privacy standards under legislation introduced today in Harrisburg.

State Rep. Dan Miller, D-Mt. Lebanon, and Tedd Nesbit, R-Grove City, have introduced two bills that would stop short of outlawing controversial data practices, but would require that districts inform parents if they use technology that doesn’t meet the standards, and allow students to opt out.

Mr. Miller said that research shows “data from students’ work being used to advertise to children and being sold into profiles for other purposes that go beyond” the educational function.

“I want to see us utilize more technology,” in schools, said Mr. Nesbit. “But at the same time, we’re putting personal data out there, and people should be aware of it. … Russians and Chinese are trying to hack our schools.”

The legislation would set standards under which education technology vendors should not tap student information to target them with advertising; amass profiles of students for non-educational purposes; or sell or share student information outside of narrow circumstances. Vendors would be told to secure student data and delete it all upon the district’s request.

If a school wanted to use an app or website that didn’t meet those specifications, it would have to inform parents and give them the opportunity to opt out.

Mr. Nesbit said that would, in effect, strongly discourage districts from using products that don’t meet the standards. “School districts are usually very cautious,” he said. “They are probably going to go with ones that meet the security requirements.”

Districts, meanwhile, would be allowed to continue the increasingly prevalent practice of hiring cloud computing firms to handle student data. But they would have to ensure that the data remains the property of the district, that the vendor doesn’t use it for purposes not outlined in the contract, and that students can review and correct their information.

School district contracts with those vendors would oblige the companies to disclose any data breach in which student records are compromised.

Mr. Miller said the legislation has more than 20 co-sponsors, including Education Committee Chairman Stan Saylor and House Majority Whip Bryan Cutler.

“I believe that it should get that sort of expedited review, given the topic and given how quickly this technology world continues to advance,” said Mr. Miller.

Introduction follows the Pittsburgh Post-Gazette’s publication in August of results of a review, five months in the making, of data practices of 31 Pennsylvania school systems and 143 education technology vendors.

Nearly two-thirds of the districts could show no process for vetting the privacy policies of education technology vendors. Only eight systems could show that they were training teachers to protect student data.

Most of the vendors had no provision for deleting unneeded student data or protecting it in a corporate acquisition or bankruptcy sale, and only a tiny minority pledged to notify schools in the event of a data breach.

The Post-Gazette also published online summaries of the education technology vendors’ data policies, many of which were vague.

“I pay for my kids’ school lunches online,” said Rep. Nesbit. “You’re giving information, kids’ names, date of birth, what they like to eat, and you don’t know where that information is going to go.”

©2015 the Pittsburgh Post-Gazette. Visit the Pittsburgh Post-Gazette at Distributed by Tribune Content Agency, LLC.