Student Data Privacy- beyond FERPA: COPPA, PPRA, and CIPA
FERPA, the Federal Education Rights & Privacy Act, is the standard to which all educational institutions, from pre-K to higher ed, are held in terms of student data privacy. I think we can all agree that anyone in education is at least passingly familiar with FERPA.
However, especially in terms of digital data and privacy, FERPA is not the only federal regulation educators must be informed about. FERPA actually leaves some gaps that do not specifically address online student or educational data*.
Here are a few more acronyms to become acquainted with, if you aren't already.
COPPA
PPRA
CIPA
COPPA, the Children's Online Privacy Protection Act, specifically applies to websites that are designed for, or may be operated by, children under the age of 13. COPPA adds extra protections to children under the age of 13 such as more stringent rules about privacy policies and collection of personal data. Ever been on a site that wants to know your birthday or asks if you are over the age of 13? The website is trying to be COPPA compliant.
PPRA, the Protection of Pupil Rights Amendment, which governs the administration of surveys and analysis of students in eight protected areas, as well as marketing surveys and certain physical exams. These eight protected areas are:
- Political beliefs
- Mental or psychological problems
- Sex behavior or attitudes
- Illegal, anti-social, self-incriminating, or demeaning behavior
- Critical appraisal of others with whom a respondent has a close relationship
- Legally recognized privileged relationships (doctor, lawyer, minister, etc)
- Religious practices or beliefs
- Income (except where required by law to determine eligibility for a program)
CIPA, the Children's Internet Protection Act, requires schools and public libraries to limit children's access to "obscene or harmful content" (CIPA, 2000). In return, schools and libraries receive federal e-rate funding to help pay for internet and telecommunication services. This is why schools and libraries have robust search filters in place. CIPA is worded oddly, however. It states that "An authorized person may disable the blocking or filtering measure during use by an adult to enable access for bona fide research or lawful purposes" (CIPA, 2000). See the catch? According to CIPA, filtered content may only be unblocked and viewed by adults. No filter is perfect so what happens if material that students need access to is blocked by the filter? It's a conundrum.
So how can you help protect your student's digital privacy?
- Be sure to follow all of your district's or institution's acceptable use policies.
- Read the terms of service of any programs you use with students very carefully.
- Check to see if the company publishing the app/program has signed the Student Privacy Pledge.
- Ensure your students know the basics of Digital Citizenship, which includes the safety of their information.
- Model Terms of Service
- Tips for protecting student privacy while using online student services
- Transparency best practices
- Best practices for data destruction
*FERPA defines student data as Personally Identifiable Information (PII) that includes a student's name, parent's/family member's names, student/family address, personal identifiers (SSN, student number, or biometric record), indirect identifiers (birth date, place of birth, mother's maiden name), information that alone or in combination would allow someone in the community to identify a student, or information requested by someone the educational institution believes knows the student.
Image courtesy of Wikipedia Commons.
Comments
Post a Comment