澳门跑狗论坛

Privacy & Security

Ed-Tech Vendors Attend 鈥楤oot Camp鈥 for Data-Privacy Advice

By Sean Cavanagh 鈥 February 24, 2015 6 min read
  • Save to favorites
  • Print
Email Copy URL

With education technology companies facing increasing pressure to protect students鈥 data privacy, a pair of organizations set out recently to help them鈥攂y staging a 鈥渂oot camp鈥 meant to cut through vendors鈥 confusion and make sense of shifting legal obligations.

The event, held last week in the nation鈥檚 capital, is expected to be the first of several of the tutorials for ed-tech companies, according to the Future of Privacy Forum, which along with the investment company Rethink Education, organized the two-day tutorial.

The boot camp drew about 40 companies, many of them startups or small- to medium-size businesses that aren鈥檛 likely to have their own lawyers on staff to advise them on how to navigate the legal terrain of student-data privacy.

The organizers closed most of the event to the press, and they would not release the names of the companies attending. They said they wanted to allow company officials to be free to ask questions of the speakers, and each other, without having their statements aired publicly.

Protecting Information: Advice for K-12 Companies

Education technology companies are required to comply with a variety of laws and policies that address student-data-privacy issues鈥攊ncluding two federal laws, the Family Educational Rights and Privacy Act, or FERPA, and the Children鈥檚 Online Privacy Protection Act, or COPPA. The Future of Privacy Forum, a think tank in Washington that advocates responsible data use, offers this advice to companies serving the K-12 market:

Be careful about changing your privacy policies. Companies may need permission if the uses of data differ from what the policies originally stated. Under COPPA, for instance, material changes to policies may require specific notice and an obligation not to handle privacy differently from what was previously promised.

If your service allows parents or teachers to sign up, make sure your policies are complete and clear. Enable parents to delete any data for children under age 13; don鈥檛 request a child鈥檚 precise location without parents鈥 consent. Be careful using free social-sharing widgets or free plug-ins, which may sell data to advertising networks and data companies or share data with third parties in violation of FERPA and COPPA.

Be prepared to report and fix a potential data breach to your system. And use reasonable, standard industry practices for securing data up-front.

Be aware that different laws have different definitions of 鈥減ersonally identifiable information,鈥 and restrictions on using it. If a company receives education records from schools, there can be different legal obligations based on whether the data are personally identifiable or are aggregated.

Be aware of rights provided to students under FERPA. For instance, schools must provide parents (and students, under some circumstances) with the ability to inspect and review students鈥 education records within 45 days.

Jules Polonetsky, the executive director of the Future of Privacy Forum, a Washington-based organization that aims to help build more responsible data practices, said one of his group鈥檚 primary goals was to help K-12 vendors understand their legal and other obligations at the federal, state, and district levels鈥攁nd how to address those demands during the conception of products, rather than after a problem occurs.

Legal Concerns Rising

K-12 organizations, such as the Consortium for School Networking, which represents school technology officers, and the Software & Information Industry Association, have also sought to provide clarity on various laws for their audiences.

In addition to the major federal laws that address student-data privacy鈥攖he Family Educational Rights and Privacy Act, or FERPA, and the Children鈥檚 Online Privacy Protection Act, or COPPA鈥攎ore than 20 states have passed their own laws related to safeguarding student data over the past two years. Individual districts are also tailoring their own requirements for vendors.

鈥淧rivacy and contracting across thousands of school districts is getting very complex,鈥 said Mr. Polonetsky, who served previously as New York City鈥檚 consumer-affairs commissioner and as AOL鈥檚 chief privacy officer.

To vendors, each district seems to have 鈥渁 different checklist,鈥 he added. 鈥淕ood companies want to get it right, but it鈥檚 really hard to come up with different versions of your product, or negotiate different versions of contracts.鈥

The boot camp was held at the downtown Washington offices of 1776, a business incubator and seed fund that backs companies in education and other areas. It was co-sponsored by Rethink Education, a White Plains, N.Y.-based venture capital firm that invests in educational technology.

The setting was designed to be informal: On the opening day of the event, Mr. Polonetsky and other organizers sported 鈥淔ERPA sherpa鈥 T-shirts, an allusion to their efforts to guide companies through challenging terrain.

Attendees heard from speakers such as Terrell McSweeny, a member of the Federal Trade Commission; representatives of individual school districts; lawyers who study data-privacy law; and privacy- and industry-advocacy groups.

In comments to attendees at the beginning of the boot camp, Ms. McSweeny said she was aware of the potentially 鈥渋ncredible benefits鈥 that innovative tools for using data can bring to schools, even as the FTC鈥攚hich seeks to protect consumers on privacy and other issues鈥攊s determined to make sure K-12 companies follow the law.

Companies鈥 worries about the legal landscape were evident in an opening question-and-answer session, when a business official told Ms. McSweeny that concerns about data privacy can potentially scuttle fledgling education vendors鈥 ability to raise capital.

鈥淗ow do you figure out how to regulate with the lightest possible touch?鈥 the company official asked.

Ms. McSweeny responded that the FTC鈥檚 duty is to enforce the law鈥攊t can fine providers it deems to have committed violations鈥攂ut that its staff also strives to answer individual companies鈥 detailed questions about how to interpret COPPA, and how it applies to their business practices.

She also urged companies to embrace 鈥減rivacy by design.鈥 They should make efforts to notify parents about how information is used, and to be transparent about privacy practices, as part of their product development, she said, rather than cobble together a policy for a district after the fact.

When companies take that step, 鈥渁t the very least, one advantage is your technology matches what your privacy policy says,鈥 Ms. McSweeny said in an interview after the session. 鈥淚t鈥檚 been those disconnects that can result in liability鈥 problems for businesses, she said, when they fail to do so.

When companies are proactive in addressing privacy, 鈥渋t actually generates, in and of itself, new innovation,鈥 Ms. McSweeny added, and 鈥渃hanges to the product that are very marketable and interesting.鈥

As it is, figuring out what is required by FERPA, COPPA, myriad state laws, and individual district policies has involved considerable 鈥渄etective work,鈥 particularly for up-and-coming ed-tech companies, said one boot-camp attendee, Karina Linch. She is the senior vice president of product management for BrainPOP, a New York City-based company that creates digital learning games and other academic content.

That鈥檚 the case even for BrainPOP, which has its own legal counsel and does business with schools in all 50 states, Ms. Linch said.

When it comes to districts鈥 privacy policies, she said, 鈥渨e get a lot of very, very different requests, that sometimes conflict with each other.鈥

Widespread Confusion

The company has sought to bake privacy policy into the development of products so that schools and districts can either subscribe to the company鈥檚 services without sharing any student data or enable usage to keep track of individual student learning, Ms. Linch said. Creating those options requires much more work for BrainPOP on the development end, she said, but the company believes it appeals to parents and districts.

Mr. Polonetsky hears particular frustration among vendors about cases in which FERPA and COPPA may overlap, and how companies sometimes have trouble deciphering which law governs their various practices. COPPA is designed to give parents control over what information is collected from their children. FERPA is meant to protect the privacy of students鈥 education records, and generally applies to schools that receive funds from the U.S. Department of Education.

But confusion is widespread. Decisions about whether FERPA or COPPA applies can hinge on whether schools are creating online student accounts and have contracts with vendors, or if teachers provide permission and enable students to create accounts, Mr. Polonetsky noted.

Federal lawmakers, meanwhile, have been drafting legislation meant to update and broaden student-data-privacy policies, in a way that could pre-empt the various laws being enacted by individual states.

The confusion, of course, doesn鈥檛 just flow one way. Mr. Polonetsky said the flurry of local privacy policies reflects K-12 officials鈥 desire to make their protections as broad as possible, to account for the fast-evolving and often-bewildering set of apps, tools, and cloud-based systems being marketed to them.

Districts are 鈥済oing through their checklist, and they鈥檙e saying to companies, 鈥榃hy can鈥檛 I tell if you meet [our data-privacy requirements] or not? Here are the things I need to know,鈥 鈥 Mr. Polonetsky said. 鈥淭here鈥檚 been complexity on both sides that鈥檚 made it hard for good-meaning schools and good-meaning companies to have a meeting of the minds.鈥

A version of this article appeared in the February 25, 2015 edition of 澳门跑狗论坛 as Forum Coaches Ed-Tech Vendors on Data-Privacy Issues

Events

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of 澳门跑狗论坛's editorial staff.
Sponsor
Reading & Literacy Webinar
Literacy Success: How Districts Are Closing Reading Gaps Fast
67% of 4th graders read below grade level. Learn how high-dosage virtual tutoring is closing the reading gap in schools across the country.
Content provided by 
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of 澳门跑狗论坛's editorial staff.
Sponsor
Artificial Intelligence Webinar
AI and Educational Leadership: Driving Innovation and Equity
Discover how to leverage AI to transform teaching, leadership, and administration. Network with experts and learn practical strategies.
Content provided by 
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of 澳门跑狗论坛's editorial staff.
Sponsor
School Climate & Safety Webinar
Investing in Success: Leading a Culture of Safety and Support
Content provided by 

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide 鈥 elementary, middle, high school and more.
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.

Read Next

Privacy & Security What Teachers Need to Know About Changes to Instagram Teen Accounts
The adjustments come as Meta faces multiple lawsuits from states and school districts.
4 min read
Close up photo of Black teen looking at Instagram photos on her cellphone.
Anastasia_Prish/Getty
Privacy & Security Download A Tip Sheet to Help Teachers Prevent and Respond to Doxxing
Teachers can be a target for malicious actors. Use this tip sheet to prevent and respond to doxxing.
1 min read
Image of digital safety against doxxing and privacy invasion.
Laura Baker/澳门跑狗论坛 via Canva
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of 澳门跑狗论坛's editorial staff.
Sponsor
Privacy & Security Quiz
Quiz Yourself: How Much Do You Know About Cybersecurity For Schools And Districts?
Answer 6 questions about actionable cybersecurity solutions.
Content provided by 
Privacy & Security What Schools Need to Know About These Federal Data-Privacy Bills
Congress is considering at least three data-privacy bills that could have big implications for schools.
5 min read
Photo illustration of a key on a digital background of zeros and ones.
E+