How Secure is Student Privacy as More Learning and Testing Go Online?

Student-privacy issues have long percolated in New Jersey, with debates over issues ranging from preventing schools from releasing documents containing basic information about students to more high-tech worries about online testing and other data collection.

Now the student-privacy landscape is changing further still as computer devices and instructional software are becoming ubiquitous in classrooms across the state, raising more questions about the safety of children and their information online.

The state’s annual School Law Conference – a gathering of more than 100 school attorneys -- took up the issue this week, with a discussion on what protections already exist and how New Jersey stacks up in terms of its policies and practices.

For instance, New Jersey is in the minority of states that have yet to impose their own set of privacy standards and requirements on school districts. And debate continues when it was revealed last year that the PARCC testing company was monitoring students’ social media for possible test-security breaches.

The conference held Wednesday in Woodbridge attracted some of the country’s top experts in the field, including the U.S. Department of Education’s chief privacy officer, and they drew a sobering picture of the student-privacy issue nationwide.

The federal statute and regulations impose some relatively strict requirements through the 40-year-old Family Educational Rights and Privacy Act (FERPA), they said, and New Jersey and most other states have required districts to adhere to the federal rules.

But FERPA is largely centered on the confidentiality of student information kept by schools. The increasing role of third-party vendors -- and even teachers using downloaded apps -- has further complicated the picture.

Brenda Leong of the Future of Privacy Forum, a consortium that has helped craft student-date privacy pledges signed by more than 200 companies working with school districts, said such pledges apply to the free apps that teachers might download or the online tools a student might use. But the question is whether the teachers know that, and who is tracking what is and isn't being made available.

“There is a lot of grey areas to who is accountable for that,” she said.

Paige Kowalski of the Data Quality Campaign, a Washington, D.C., advocacy group, said the dynamics have changed for all schools.

“Your districts have been collecting data for decades, but somewhere along the way, we moved into more technology, and there is a lot less control,” she said.

Leong gave the example of Chrome Books and other devices provided by many schools to students with strict controls and filters governing how they are used inside the building. But when students go home, she said, it’s trickier.

“The box around schools is not there anymore with such a bright line,” Leong said.

For all the worries, there are a few myths to be debunked, too, the panel members said. Cloud storage, for example, is not as vulnerable as many fear, they said.

“In some ways, it may be the safest way to store data,” said Kathleen Styles, the chief privacy officer of the U.S. Department of Education.

But they also said much comes down to districts and schools being vigilant, with many of the controls depending on the conditions in contracts and procurement with vendors.

What’s more, there is little support provided to individual teachers who use the online tools.

“Teachers don’t have a lot of guidance, and certainly not a lot of training,” said Kowalski. “It’s kind of a wild, wild west in classrooms right now, and they could use a how-to.”

She said many states had taken steps to increase privacy protections beyond FERPA in the last couple of years, but New Jersey is not yet among them.

Thirty-six states introduced new bills and 24 of them enacted new laws in 2014 alone, Kowalski said. Forty-six states introduced bills in 2015, including New Jersey, where seven bills were filed.

Among them was a bill introduced last year in the aftermath of revelations that Pearson Education, the firm administrating the PARCC testing, had been monitoring Twitter feeds and had alerted at least one New Jersey district about a student who had been discussing test items.

In that case, a bill was introduced that would require testing vendors to conduct criminal background checks of anyone with access to student data.

Another bill would allow parents to opt out of allowing their children’s data being collected at all. The chief sponsor of that bill, Assemblyman David Rible (R-Monmouth), said yesterday said some protections need to be made available to families.

“Information is constantly being collected about our children, and that information is being stored,” he said yesterday. “What concerns me is if we as legislators don’t protect that data, that could eventually hurt people down the line.”

[Original Article]