Data privacy: What school leaders should know

Now is the time for school leaders to wake up and review their data privacy policies and procedures

Every school system should think about data privacy now, Krueger says.

“Future Ready” column, January 2014 edition of eSchool News—2013 will be known as the year the American public began to focus on privacy. National security breaches pushed the issue to the front pages of papers nationwide, making it a top concern for K-12 educators, administrators, and policy makers—and sparking controversy in state capitals and in Washington, D.C.

Now is the time for school leaders to wake up and review their data privacy policies and procedures … before severe restrictions are imposed.

Why should we care?

As a first step, we need to step back and articulate the value of using the cloud for data storage. Cloud computing has moved from an emerging technology into the mainstream, with nearly 90 percent of K–12 institutions reporting using one or more cloud-based applications (O’Keeffe & Co., 2011). The issue is not if, but how data will reside in the cloud.

Looking beyond the administrative benefits of the cloud, what are the educational  opportunities that data provide to teachers and students? According to the New Media Consortium’s “2013 Horizon K-12 Report,” in partnership with CoSN, data analytics is identified as one of the two most important emerging technology trends in the coming two- to three-year “horizon” for learning. This opportunity for feedback loops between the learner and the teacher promises a more personalized, self-paced learning environment.

Given our highly charged political environment, if we start the privacy conversation through the lens of “how to make educational data completely private,” we might lose an important educational opportunity to personalize learning.

Let the debate begin

This critical topic will be discussed at the Opening Town Hall Forum during the 2014 CoSN Annual Conference, themed “Can Big Data and Innovative Digital Learning Play Together?” Former West Virginia Governor Bob Wise, now head of the Alliance for Excellence Education, will spar off with Yong Zhao, presidential chair and associate dean for global education in the University of Oregon’s College of Education.

The two will address key questions: Will the push for “big data” enable customized student learning that improves outcomes? Can formative data inform instruction and stimulate creativity, communication, collaboration, and critical thinking for learners? Or will our mountain of data be used to narrow creativity and innovation? How can we ensure that data are not used to define simple, but wrong, education solutions? Do we have adequate protections in our education systems to ensure privacy and security in a “big data” world?

(Next page: What FERPA says about storing student records in the cloud)

We must get smarter

New research by Joel Reidenberg from the Center on Law and Information Policy at the Fordham University School of Law shows that school districts need to get smarter about how they contract for cloud solutions. Standard industry contracts often don’t protect school districts or ensure even the basic requirements of the Family Education Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA).

FERPA requires that parents and eligible students have the right to access and seek to amend their children’s education records; protects personally identifiable information (PII) from education records against unauthorized disclosure; and requires written consent before sharing PII—unless an exception applies.

Given the heightened scrutiny around privacy and the overall desire by educators to do the right thing with data, we need a new national conversation about what is required, what isn’t, and what are best practices.

Records in the cloud

Schools or local education agencies (LEAs) can use the “school official” exception to disclose education records to a third party provider (TPP). FERPA allows the use of cloud services, but the arrangement must meet the “school official” requirements.

The TPP, however, must perform a service or function for the school or district for which the educational organization would otherwise use for its own employees; be under the direct control of the organization regarding the maintenance of the education records; use education data in a manner consistent with the definition of the “school official with a legitimate educational interest,” specified in the school’s or LEA’s annual notification of rights under FERPA; and not re-disclose or use education data for unauthorized purposes.

As this issue grows, more resources are being offered to help district technology leaders navigate the complex data privacy landscape. Every school system should consider leveraging these resources and proactively think about data privacy now. This issue cannot be ignored, and we all have to get it right.

Keith R. Krueger is CEO of the Consortium for School Networking (CoSN).

Want to share a great resource? Let us know at