Education Edition | PrivacyNews.TV

Good morning and welcome to FPF’s Privacy
News TV: Education Edition. My name is Erika Ross, and I’m the communications
associate for FPF’s Education Privacy Project. So, I’m just gonna jump right in; it’s been
a big couple of weeks in the student privacy world Amelia, director of the Education Privacy
Project at FPF, testified a student privacy hearing before the House committee at the
Department of Ed., and also spoke yesterday before the Federal Commission on School Safety’s
public listening session on school safety. There’s also been some major releases: the
Department of Ed.’s Privacy Technical Assistance Center released a technical assistant letter
on the best practices on protecting student privacy when schools are involved with signing
up students to take SAT or ACT. And Fordham’s university- excuse me- Fordham
University’s Center on Law and Information Policy released a study called “Transparency
in the Marketplace for Student Data” that examines the practices of student data brokers. So here I have Amelia and Sara Collins, privacy
counsel for the Education Privacy Project at FPF, here to answer a few of our questions
about the projects that FPF’s privacy team has been tackling. So, just jumping right in, Amelia, what were
the major issues raised at the Congressional hearing? So thank you very much, Erika, probably the
biggest thing that we heard from my testimony and from the testimony of the district superintendent
and the state chief information officer who were there is that training is vital when
it comes to student privacy. Somewhere between 45 and 95 percent of all
accidental data leakages- or intentional data breaches- occur because of human error, whether
it’s someone attaching the wrong attachment to an email, or sending the wrong information,
or leaving their laptop in their car and having it stolen, or having a student hack into their
account because their password is “password123”. So overwhelmingly we’ve heard that the type
of support that states and districts need from Congress is to make sure that districts
and states, particularly small districts or underfunded districts, need is funding to
be able to support making sure that everyone who handles student data is trained on how
to protect it. Well great. So, student data privacy and its protection
is not a new topic, so why do you think this is happening now? Absolutely. So, we’ve seen a lot of hearings on this topic
from the House Education and Workforce Committee; I think we’ve had about four over the past
few years. And what I was told about why this hearing
was happening now was they wanted to make sure that members understood what was actually
happening on the ground, and had examples of how districts and states are dealing with
this and how ed. tech companies are helping them insure student privacy and where they
need federal support. This is likely teeing up, not this year but
maybe next Congressional session, a FERPA rewrite; the Family Educational Rights and Privacy
Act, which is the primary federal student privacy law. Ok great, so I want to switch gears just a
little bit. So yesterday you spoke at the listening session
before the Federal Commission on School Safety. So what was the main message you were trying
to communicate to the panel? So, it’s very important, as we consider how
to protect students’ safety, that we also keep in mind that we need to protect student
privacy. So the overall message I wanted to give is
not that states and districts should do one particular thing- whether it be not surveilling
students, or having video cameras, or social media monitoring- but that whatever states
and districts do and whatever the Federal Commission recommends should have privacy
safeguards built-in in order to make sure that that data does not inadvertently harm
students down the line. So, just to push back on that a little bit,
so why shouldn’t schools’ only priority be keeping kids safe as their only priority? Absolutely. So when we talk about keeping students safe,
I think the president mentioned in his statement when he formed the commission, that we want
to make sure that kids have opportunities as they grow. And a lot of the questions around student
privacy are about maintaining those opportunities. When you have more surveillance- whether,
again, it’s looking at social media accounts, or it’s surveillance cameras, other systems-
you tend to have schools punishing students for more minor offenses that they wouldn’t
otherwise have found out about. We’ve also seen that students don’t feel safe
in schools that have a lot of surveillance, so they often feel like they’re in a prison-like
environment where Big Brother is always watching, and they’re hindered from critical thinking,
from exploring ideas, and being able to fail, which is really important for students to
be able to do as their brains are evolving and they’re learning more and more in school. So keeping students safe and keeping student
information private and maintaining their opportunities later in life, so the dumb social
media posts they had at age 13 is not following them around when they’re applying for college
or a job is really important and something that can easily go hand-in-hand without endangering
the safety of students. Well yea, thank you for that insight. Sara, I wanted to ask you a couple of questions,
so I know you had a large part in drafting our blog response to the PTAC technical assistant
letter on SATs and ACTs when schools are implementing those exams. So I wanted to talk about the optional surveys
that are offered during these exams. So these optional surveys administered to
students as part of the SAT and ACT can violate FERPA, IDEA, and PPRA if appropriate transparency,
consent, and other safeguards are not taken into action. So, what are these optional surveys, to start
with? So, before you take your SAT or ACT, there’s
a ton of demographic questions before the test. This includes stuff you’d expect to see, like
name, birthdate, but these also go into greater detail, so they may ask you what courses you’re
taking, what you’re interested in in college, maybe activities you’ve done, sort of to get
a broader picture of the student. Ok. So why do people feel- or how can these violate
these three laws? So the PPRA in particular really touches on
this because this is about- the law is focused on student surveys, and one of- the main reason
it’s violative is students actually can’t give consent in order to take these surveys
or not; the consent right is held by the parent. So while these are optional surveys that the
student can choose to fill out, the student really doesn’t have a choice in the situation-
it’s the parent, which is where the violation is occurring. So, to either of you, what advice would you
give to SEAs or LEAs in response to this guidance? I think it’s really good for schools to review
PPRA- I’m not sure if we’ve said what PPRA is yet: it’s the Protection of Pupil Rights
Amendment, it is right after FERPA in Federal statutes, and, as Sara was saying, it governs
all school surveys and gives parents certain rights about whether the student takes the
survey at all and when it comes to certain questions, such as the “sex drugs and rock
and roll” questions, you can summarize it as, but it also includes things like what
your religion is, what your family’s income is, and if any of those types of questions
are on the survey, parents get additional rights to both view the survey and be able
to opt out. So I would advise that schools look at PPRA
because part of the lot is that districts need to have a policy on surveys that they
created in consultation with parents, and if they don’t have that policy, then they’re
not able to then make the decisions they need to make about what surveys they allow and
don’t allow in the district. I don’t know if you have anything to add,
Sara. Well, I would just say as a bigger practice,
whenever you’re contracting with these companies, whether it’s at the state level or the district
level, it’s really important to have written agreements, so you decide what information
is going to be shared and how it’s going to be used, and solidifying those agreements
so you know what is happening and it’s all articulated can really stave off some of these
problems and concerns right from the beginning. So, great. So I know this is the first major guidance
that PTAC has released on PPRA. Absolutely. So what would you say are the implications
for ed. tech companies moving forward? I think it’s what Sara just mentioned in terms
of written agreements; though this technical assistance is specific to college admissions
exams or exams used to evaluate all the students in the state. PTAC actually goes into some pretty detailed
guidance about what needs to be in written agreements between districts and companies. And so ed. tech providers should take a look
at that guidance and make sure that their current agreements with districts are in line
with what PTAC is now saying is required. Ok, so I want to move on to the Clip study. So yesterday, Fordham’s University Center
on Law and Information Policy Clip released a study called “Transparency and the Marketplace
for Student Data” which examines practices on student data brokers, So Sara, could you
talk a bit about the study and its findings? So- excuse me- so what this study’s goal was
to understand what the marketplace is for what Fordham was calling “student data” or
what could sort of be understood as data under- about minors under the age of 18. So they were trying to do two things: map
who was selling the data, what data that they had, and where this data was coming from. And as they found out, it’s a really opaque
practice; there’s no requirements that data brokers right now need to share this information,
so it can be really difficult to figure out where it’s coming from, but they did find
out that at least 12- I believe- companies are selling lists that would be around students
under the age of 18. In some of the more inflammatory examples,
was 14 to 15 year olds interested in family planning, Asian American students in New York
City. So they found that there’s clearly a market
for this data, but they weren’t able to really discern where it was coming from. But the study didn’t find that it was coming
from schools or ed. tech companies. What it seems to be is from certain, maybe
websites surveys. Yea, I would add about that: from reading
the methodology of the study and the study itself the authors went into great detail
to investigate what school practices were here and whether any information was coming
from schools, and they pretty clearly found that the schools that they looked at were
not giving information in any way over to these data brokers or to someone who is then
giving the information to data brokers. However, what schools should be cognizant
of is some schools may be getting a survey, and I’m trying to remember what the organization
is, the National Research Center for College and University Admissions, which says on its
website that the way that they get their lists of students is from surveys given by teachers
and guidance counselors in school. So this comes back to the Protection of Pupil
Rights Amendment, and what schools are required to do under that law when they give surveys. From the name of this organization, most schools,
most teachers would not understand that this is an organization that is actively selling
student data for non-educational purposes. So you may have schools that are giving this
survey and not realizing where the datas end up or what it will be used for, so it’s really
important that schools take a look again at their PPRA practices, at their local policy,
consult with parents and see if there should be a more involved process to vet surveys
and where the data will be going before teachers or guidance counselors are allowed to give
surveys. Yea, so this paper is a big piece, big topic
in the student privacy world, so what do you think the effects of the paper will be? It’s very possible that the paper could spur
a lot of legislation. One of the big findings and something we dug
into in our response blog about it is that most of this is not covered under FERPA or
the 120+ state laws specifically on student privacy passed over the- since 2013. This is very specific to data brokers because
none of the data is coming from schools or from ed. tech companies that are serving schools,
you don’t have any coverage under those laws, and so states may want to act to limit the
ability of data brokers to market to students. However, on the other hand, you do want to
maintain the ability of students to get information about things that are useful to them, like
scholarship opportunities, or finding out about a college they never would have found
out about. And so making sure that these laws are finely
targeted and aimed at stopping the things we don’t want to happen but allowing the things
we do want to happen. It should be really useful. Yea, so I want to thank you both for taking
the time for me to interview you, I think it’s important

Leave a Reply

Your email address will not be published. Required fields are marked *