The U.S. Department of Education's Privacy Technical Assistance Center (PTAC) released new guidance today to help school systems and educators interpret and understand the major laws and best practices protecting student privacy while using online educational services.
The guidance summarizes the major requirements of the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA) that relate to these educational services, and urges schools and districts to go beyond compliance to follow best practices for outsourcing school functions using online educational services, including computer software, mobile applications and web-based tools.
"As an education community, we have to do a far better job of helping teachers and administrators understand technology and data issues so that they can appropriately protect privacy while ensuring teachers and students have access to effective and safe tools," said U.S. Secretary of Education Arne Duncan. "We must provide our schools, teachers and students cutting-edge learning tools--and we must protect our children's privacy. We can accomplish both--but we will have to try harder to do it."
Recent advances in technology and telecommunications have dramatically changed the landscape of education in the United States and resulted in the proliferation of student data. Today's classrooms increasingly employ on-demand delivery of personalized content, virtual forums for interacting with other students and teachers, and a wealth of other interactive technologies that help foster and enhance the learning process. While these technologies have the potential to transform the educational process, they also raise new questions about how best to protect student privacy.
The Department is issuing this guidance to answer questions from schools, districts and vendors about how student data can and should be used, what steps are necessary to protect students' privacy, and how to prevent the misuse, abuse and commercialization of students' information. The guidance addresses a range of concerns regarding the security and privacy of student data. For example: "What does FERPA require if personally identifiable information from students' education records is disclosed to a provider?" and, "Do FERPA and PPRA limit what providers can do with the student information they collect or receive?"