Exploring Student Data Privacy

Exploring Student Data Privacy
By Jamie Smith | March 16, 2022

When I was in high school, an athletic coach sat me and the team down and shared with us that someone on the team would not be playing for us this season. This came as a shock to all of us. The coach then shared that this student had failed to meet the eligibility requirements of the team. This then led to a discussion about how important keeping academic standing was and how serious this was for all of us. In hindsight, this oversharing of this individual’s academic standing was not only a breach of confidentiality, but is one of the many ways that educators fail to uphold the legal requirements of FERPA.

Image: Depicting the Department of Education Seal and FERPA: Family Educational Rights and Privacy Act

What is FERPA?

FERPA is the Family Education Rights and Privacy Act. FERPA was passed in 1974 as a means to make confidential student’s data for any institution that benefits from tax dollars, from pre-k through college. FERPA protects students’ personal information from being shared. This data includes student’s race and ethnicity, specifics about their academic standing, disciplinary actions, learning disabilities and more.

FERPA also lays the groundwork for how school’s can share some data that to most might be considered necessary to effectively run a school. This might include the student’s name, picture, email address, phone number, or home address. Examples of this data being used might be in the school year book, playbills for theater or honor roll announcements. This category of data is called “Directory Information.”

Image of Directory Information versus protected data. Image taken from the Department of Education

Directory Information is a very broad category of data and is not explicitly defined under FERPA. Each school district may have differing opinions of what is considered Directory Information and will also have different policies around how and with whom this data is shared. FERPA requires that the school district’s make this data known either through school bulletins provided at the start of the year or on the school’s website. Parent’s own the right to “opt out” of the sharing of this data, but there are many who do not believe that parents are properly informed of what this entails:

“The World Privacy Forum’s (WPF) Pam Dixon studied FERPA forms from districts across the country and found that many are worded in ways that “discourage parents” from opting-out of information sharing.” (Weisbaum 2015)

Though there are options to limit the amount of data that is being collected from our student’s, there’s a new age of data collection occurring with little oversight.

Student Data Collection through a Virtual Environment

Image of a book transforming into a laptop

There has been a steady shift towards online learning and with the onset of COVID, which halted in-person learning for many in the US, it was the only option. Unfortunately, and what is oftentimes commonplace, regulations around data privacy have not kept up with the changing times.

As educator’s scrambled to find the best ways to teach students virtually, a deluge of apps were being created to help with this transition to a virtual world. However, most of these apps come with their own set of terms and agreements that do not necessarily align with FERPA. This oftentimes means that the educator is unwittingly allowing these companies access to student information that can then be processed and used for things like marketing or advertisements.

As students and educators transition more and more to leveraging online resources, there are rights that caregivers should better understand if they want to keep their children’s data private.

The Parent Coalition for Student Privacy has a number of resources and tips for how to protect student data. An example is when students log into apps not managed by the school system. They encourage students to only use usernames that do not have any personally identifiable information. They also encourage caregivers to speak up if they are not ok with the privacy terms and agreements of these third party apps. It’s the right of the caregiver to remove their student from using an app if it collects data that they are not comfortable with.

As we move to a virtual world, it’ll be important for the Department of Education to act to protect students’ data, while also teaching data privacy to educators, caregivers and students.