As we move into the second half of the school year, we want to remind districts and charter schools of the importance of securing and protecting student data. Most educators use and share student data in dynamic ways that improve student learning and performance. Often this is done by accessing innovative new online resources and applications. Schools also share data to increase efficiencies by using services to manage food services, transportation, and a myriad of other day-to-day operational functions. Some districts have turned to institutions of higher education to do research and studies on student achievement to better understand what works in the classroom. All of these endeavors, while beneficial to students, also come with risks of improper sharing and use of student data. We recommend that districts and schools take the following steps to ensure that you are doing all you can to protect student data:
- Know where your data is going! Many school districts share data with a variety of vendors. We recommend that you conduct a general audit of current contracts to determine when, how, and with whom data is being shared. This will include looking at operational contracts, software, and online application contracts, assessment contracts, research agreements and others. Knowing when, how, and with whom data is being shared will enable Districts to monitor the sharing of data, determine which contracts may need to be amended in the future (see #3 below), and ensure that if parents ask what happens to their students’ data, you can provide a satisfactory answer.
- Know what your contracts say! Unfortunately, we have seen many contracts with technology companies that not only lack necessary protections for student data security but also place districts at risk of violating state and federal student records laws when data is shared pursuant to these contracts. We recommend that districts closely review any contracts where student data is being shared. On behalf of school districts, we have negotiated many protective terms and removed many egregious terms from technology contracts. Some districts have developed contract addendums that they require inserted into every data sharing contract. While Illinois has not yet passed a law requiring data privacy terms in contracts, tech companies who want to do business with Illinois districts need to understand that districts will not pay for services without adequate protections for student data.
- Have strong policies! As discussed below, teachers are entering into “click-wrap” and other agreements at the classroom level and student data is being shared. We recommend that districts make clear who can negotiate and enter into a contract on behalf of the district. Districts should have a policy and procedure to outline the steps that teachers and staff need to take in order to use online tools, applications, and software. While having a process for review, approval and negotiation of new tools might slow innovation down a bit, the benefits of ensuring adequate data privacy controls and protections greatly outweigh any delay in use.
The use of new technology tools has been fast and furious and has provided exciting new learning opportunities into the classroom. Now is a great time to make sure that the innovation comes with adequate protections for our students. This can be done by taking the steps outlined here.