A number of developments recently took place in the area of student privacy. On June 25, 2014, the House Education and the Workforce’s Subcommittee on Early Childhood, Elementary, and Secondary Education (Education Subcommittee) and the House Homeland Security’s Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies (Homeland Security Subcommittee) convened a joint hearing, entitled “How Data Mining Threatens Student Privacy.” The hearing explored the implications of evolving and emerging technologies that foster the ability of instructors to use student data for individualizing and enhancing educational programs, and potential privacy concerns regarding the collection, use, and sharing of the student data that facilitates these advancements.

Members and witnesses discussed existing federal laws affecting student privacy, and whether such laws needed to be updated to account for emerging technologies and services. In particular, Members and witnesses addressed the Family Educational Rights Privacy Act (FERPA) of 1974, a law that gives parents certain rights with respect to children’s student education records for schools that receive funding from the US Department of Education. A key issue raised in this context was FERPA’s application to third parties. As was mentioned at the hearing, 95% of schools surveyed in a study were found to use third-party educational software and cloud services. It was noted that schools pursued these technologies and services for several reasons, including for data-driven educational goals, reporting obligations, cost savings, and instructional opportunities.

The hearing also addressed the trends associated with contracts between schools and vendors that handle student data. In this context, Members and witnesses addressed issues of data ownership, security, retention, destruction, breach notification, and use for marketing purposes.

On July 24, 2014, the US Department of Education’s Privacy Technical Assistance Center (PTAC) released guidance entitled, “Transparency Best Practices for Schools and Districts,” a document intended to provide recommendations for keeping parents and students informed about schools’ and districts’ collection and use of student data.1 Specifically, the guidance recommends that schools and districts:

  • Make information about student data policies and practices easy to find on a public webpage;
  • Publish a data inventory that details what information is collected about students, and what it is used for;
  • Explain to parents what, if any, personal information is shared with third parties and for what purpose(s); and
  • Use multi-layered communication strategies that tailor the complexity of the information to the medium, and inform parents where they can get more detailed information if they want it.

On July 30, 2014, Senators Ed Markey (D-MA) and Orrin Hatch (R-UT) introduced the Protecting Student Privacy Act, which would amend FERPA to prohibit programs administered by the US Department of Education from making funds available to any educational agency or institution that has not implemented information security policies specified in the law. These policies include the protection of personally identifiable information (PII) from education records, and the requirement that third parties to whom PII is disclosed have a comprehensive security program to protect such information. The bill was referred to the Senate Committee on Health, Education, Labor, and Pensions, where it awaits further action.

These efforts on student privacy follow the release of the Administration’s “Big Data” report, which included a discussion about the collection and use of data in the educational context. The report, which was released on May 1, 2014, discussed the benefits of data applications and technological innovations, including new online course platforms that provide students real time feedback and personalized learning, while also calling on the federal government to ensure that educational data linked to individual students gathered in school is used for educational purposes, and not shared or used inappropriately.