Student data continues to be a hot topic in education. Last year we saw the FTC get involved in the debate after Ed-tech company ConnectEDU filed for bankruptcy, potentially putting 20 million student records at risk for sale. The California legislature also entered the fray by passing a bill that prohibits companies from targeting ads to students based on school information and reinforces schools’ ownership of student data regardless of where it is stored or managed.
Now, the U.S. Department of Education is taking steps to help schools protect the privacy of students that use online educational services and applications. It released a model terms of service guide and a training video for K-12 schools that offers examples of terms of service provisions aimed at helping school officials identify which online providers have strong privacy and data security policies and practices.
In a prepared statement, Kathleen Styles, the U.S. Department of Education’s chief privacy officer recognized the difficulty schools face understanding terms of service agreements.
“Reading and understanding terms of service agreements is tough, even for lawyers,” she said. “We hope this guidance will help schools identify privacy-friendly apps and online services and avoid providers that might abuse student information.
Schools can also check to see if a company they are about to enter an agreement with has signed the Student Privacy Pledge put together by the Future Privacy Forum and The Software & Information Industry Association.
Here are six recommendations from the Dept. of Education’s terms of service guide
- Marketing and Advertising: Terms of service agreements should be clear that data may not be used to create user profiles for the purposes of targeting students or their parents for advertising and marketing, which could violate privacy laws.
- Data Collection: Agreements should include a provision that limits data to only what is necessary to fulfill the terms.
- Data Use: Schools and districts should restrict data use to only the purposes outlined in the agreement.
- Data Sharing: While providers can use subcontractors, schools and districts should be made aware of these arrangements, and subcontractors should be bound by the limitations in the terms of service.
- Access: Federal student records laws require schools and districts to make education records accessible to parents. A good contract will acknowledge the need to share student records with parents
- Security Controls: Failure to provide adequate security could lead to a violation of the Family Educational Rights and Privacy Act, which protects student education records.
The document also provides links to the Privacy Technical Assistance Center and other resources that offer additional best-practice recommendations related to terms of service agreements.