Schools use web tools and data is considered at risk

Public schools across the country are adopting web services that collect and analyze student personal data without adequately protecting the information from possible misuse by service providers, according to a new study.

A study, due for release Friday, by the Center on Law and Information Policy at Fordham Law School in New York City, found weaknesses in protecting student information in contracts that school districts sign when they under- deal with web tasks to service companies.

The study found that many contracts did not list the type of information collected, while others did not prohibit vendors from selling personal information – such as names, contact details or medical condition – or use this information for marketing purposes.

“We have found that when school districts transfer student information to cloud service providers, overall, key privacy protections are missing from those arrangements,” said Joel R. Reidenberg, law professor at Fordham. who led the study. “We are concerned about the implications for students over time of how their personal information may be used or misused. “

Schools adopted programs such as automated student assessment or in-line homework management systems with the idea that data-driven digital education could ultimately lead to better test scores, grades and graduation rates. graduation. Kindergarten to Grade 12 educational technology software has an estimated market of $ 8 billion, according to the Software and Information Industry Association.

But some privacy experts, industry executives and district officials say federal education privacy rules and local district policies don’t keep up with advancements like learning apps that can record. every keystroke or the algorithms that rank academic performance. Without explicit prohibitions on the non-academic use of information, scholars warn that unflattering data could hypothetically be shared with colleges or employers, to the detriment of the student.

Fordham’s study suggested that some districts may not fully grasp the implications of outsourcing data processing or may lack the negotiating power to insist on contracts that restrict the use of information.

“The report raises the possibility that abuse could occur with student data if contracting practices are not up to par,” said Kathleen Styles, Department of Education’s privacy officer. Although the agency has had no evidence of such abuse, she said, it is developing best practices for schools to use for “outsourcing web services and for transparency with parents.”

Under the Family Educational Rights and Privacy Act, schools that receive federal funding generally must obtain written permission from parents before sharing student education records. An exception allows school districts to share student information with companies, such as those that provide student information systems, without parental consent. The exception requires school districts to have direct control over the use by these contractors of student information; if contractors misuse the data, regulators can prohibit districts from sharing other data with those companies.

In a statement, the Software and Information Industry Association criticized the Fordham study for examining school contracts and policies, but not actual industry practices. The group said the law created a corporate culture that respected student privacy.

Fordham researchers looked at how schools approached student data privacy by first calling officials from a representative sample of small, medium, and large school districts in different parts of the country; then they used open case laws to request copies of each district’s web service contracts and policies for staff use of technology. Microsoft provided an unrestricted research grant.

The study indicated that districts are hiring online services to monitor individual student progress, analyze overall class and school performance, host school data, and manage school transportation.

Although school systems were required to respond to the request for information, only 20 of 54 districts provided full documentation by the deadline, according to the study. The researchers said they encountered “significant difficulties in reaching district staff who were familiar with district outsourcing practices.”

“When you talk about transparency, the fact that we have to be persistent, I think, is a public policy issue,” Dr Reidenberg said.

Among the districts that provided documents, less than a quarter of the contracts specified the purpose for which student information would be disclosed, according to the study; and less than 7% stopped companies from selling student data or using it for marketing purposes. Several districts did not have policies governing the use of computers by staff members, meaning that teachers could potentially sign up for free apps or sites that collected information about students without officials. of the school do not check the programs.

The study suggests that school districts have widely varying degrees of legal expertise and resources to devote to data protection.

Of course, many neighborhoods are trying to be vigilant. The South Orangetown Central School District in Blauvelt, NY, for example, is conducting an audit to examine how its contracts cover the sharing or reuse of student data.

“The types of applications, software and online resources have changed so much in such a short time that it is difficult for districts to keep pace,” said District Superintendent Ken Mitchell. “There are so many questions about sharing data between primary and secondary vendors that until we fully understand that, we need to slow this thing down. “

The Fordham study insisted that contracts specify the type of services a company provides, list the types of information collected, and limit disclosure of student details. The researchers also recommended that education officials notify parents of the nature of information disclosed to third parties and post privacy information on district websites.

Some industry experts are considering a national approach to protect student information.

Steve Mutkoski, director of government policy for Microsoft’s global public sector activities, recommended that the tech industry voluntarily agree not to use student data for advertising, marketing, or student profiling, like his business. did this for schools that use certain Microsoft software.

“At a minimum, if that doesn’t reach an industry consensus,” Mr. Mutkoski said, “there should at least be more transparency about how providers plan to use the data.”

Source link

About Haydee J. Kennedy

Check Also

How Cosmetics Retailers Drive Online Sales Using Web Tools

Historically, cosmetic retail sales have largely come from brick-and-mortar stores, with a relatively small share …

Leave a Reply

Your email address will not be published. Required fields are marked *