Too many people think educators have it easy during the summer. They think July is when teachers take their annual “mini-sabbatical,” and administrators wander empty schoolhouse hallways whistling and listening to the happy echoes. Hah!
In some ways, there is even more work to do in July … such as catching up with the paperwork and latest rules and other pronouncements from the federal government. As more and more schools connect to the internet and weave the web into their curricula, more of the summer questions and worries focus on the internet, and the use of computers in schools to connect to the bottomless ocean of information, knowledge, and (on occasion) wisdom that lives there.
One of the most serious concerns about the web has been the potential for abuse and exploitation of children. The FBI has determined that the internet is probably the greatest source for abusers of information about children. That shouldn’t come as a surprise, as this is the Information Age, and the internet is all about information. After all, that’s the reason schools are hooked up to the web (isn’t it?).
As public attention has been focused on the under-age information problem, Congress stepped in and enacted the Children’s Online Privacy Protection Act of 1998 (“COPPA”). After months of drafts and comments and normal bureaucratic diddling around, the Federal Trade Commission’s implementing regulations became a reality in April. So, one of the tasks for this summer is to determine, “What do I have to do to make sure my school is ‘clean with COPPA?'”
First, some good news for high school administrators. COPPA only applies to students who are 13 years old or younger. If you have a 13-year old in your high school, you should ask them to tell you about COPPA (or anything else you need to know, for that matter). Seriously, the big question I am hearing from administrators and school board members is, “Will my school be liable under COPPA if students provide personal information online using school computers?”
The simple answer is no. The law and regulations are part of the federal trade regulation statutes (which don’t apply to state government or nonprofit entities). The law is aimed at internet “operators” who have web sites or use online data-gathering as a means to make money. Children 13 and under, if you hadn’t noticed, spend huge amounts of money.
Briefly, COPPA requires internet operators who want to collect personal and identifying information about youthful users to inform parents of the types of information gathered and how the data will be used or disclosed to others. After giving notice, the web site operators must obtain permission from parents to gather the information about their kids.
Neither the law nor the rules allow schools simply to give the parental permission in loco parentis. So, the potential problems (for both operators and schools) arise when the schools get stuck in the middle. The FTC, in the formal notes to its regulations, took the operators off the hook:
“…the Commission notes that the Rule does not preclude schools from acting as intermediaries between operators and parents in the notice and consent process, or from serving as the parents’ agent in the process. For example, many schools already seek parental consent for in-school internet access at the beginning of the school year. Thus, where an operator is authorized by a school to collect personal information from children, after providing notice to the school of the operator’s collection, use, and disclosure practices, the operator can presume that the school’s authorization is based on the school’s having obtained the parent’s consent.”
While the FTC has kept its promise to provide guidance to the education community (check out http://www.ftc.gov/ bcp/conline/edcams/kidzprivacy/resources.htm for a copy of the law and rules and some helpful guidelines), the ease with which the burden of compliance has drifted onto the shoulders of educators is disturbing. Even if the law itself does not apply to schools, you know there are lawyers out there who will find a way to sue you if you drop the ball while trying to be helpful.
Of course, one way to avoid all web-based problems is simply not to allow individual access to the internet for elementary and intermediate-level students. If that seems too Draconian in the current “gotta-get-wired” atmosphere, consider simply not allowing access to web sites that collect personal information about students. Narrowing the use of the web to educational activities that do not include web site-sponsored eMail, chat rooms, and other more social activities is also an alternative.
Finally, if you really must be Y2K connected-to-the-max, generate a specific list of web sites that collect personal data, check them out and get their disclosures, include the web site data-gathering details in your internet parental permission form (you do get written permission from parents to let their children go online, don’t you?), and make sure that, for every student who logs on to the web, you have a consent form on file.