At Hobsons, we know how important it is for you to know how technology providers handle your students’ data. From educational apps used in the classroom to data management platforms that house your records, you need products that protect student data privacy in a way that complies with federal, state and district requirements, and you want to feel confident that you understand each vendors’ practices. Join us on March 19th as we talk about how to ease the process of ensuring that technology used in your school is compliant with your privacy requirements. You’ll come away armed with:
• Some of the reasons student data privacy has become so complicated
• Simple tips to get started assessing technology that you’re currently using
• Questions that you should be asking of technology providers in the future
Hosted by Linnette Attai, President of PlayWell, LLC and Privacy Advisor to Hobsons
See more of our archived webinars http://www.naviance.com/resources/webinars
2. 2
About Us
• Linnette Attai
- President, PlayWell, LLC
Compliance consulting
Privacy, safety, advertising, marketing,
content
Education and entertainment sectors
- Data Privacy Advisor to Hobsons
3. • Hobsons:
- Creating solutions to maximize student
success and institutional effectiveness to
create the world-changers of tomorrow
- Supporting over 7.3 million students across
over 8,400 schools worldwide
- Measure our achievements by those of our
clients
3
About Us
4. 4
Agenda
• Why is student data privacy so complicated?
• Creating your school compliance program
• Assessing new technologies
• Q&A – use the “chat window” to submit your
questions
6. 6
Benefits of Technology
• Enhancing student learning and success
- Identifying strengths and learning styles
- Delivering personalized learning
- Supporting at-risk students
- Providing opportunities for accomplishment
and creativity
- College and career planning and preparation
7. • Management and efficiency
- Record-keeping for students and staff
- Data analysis
- Vendor and contract management
- Operations management
7
Benefits of Technology
8. 8
Technology in the Classroom
New
Technology
New Uses
for Data
New Privacy
Frameworks
9. • Data privacy and security as separate but related
terms:
- Privacy: collection, use, handling and sharing
or transfer of data
- Security: protective measures applied to
prevent unauthorized access, and to preserve
the integrity of the data
9
Privacy vs. Security
10. • Existing federal regulation:
- FERPA, PPRA, CIPA, COPPA
• Existing state regulation
• Emerging federal and state regulation
10
Regulatory Climate
11. • Applies to all schools that receive federal funds
• Protects privacy of student education records
• Provides parents and eligible students (ages 18+)
with access to education records
- Rights to review and request amendment or
correction
11
Family Educational Rights and
Privacy Act (FERPA)
12. • Education records: directly related to a student
and maintained by an educational agency
− Must obtain consent from parent or eligible
student prior to release of student education
records
FERPA
12
13. • Exceptions for obtaining prior consent for release
of education records
−School officials with legitimate educational interest;
−Other schools to which a student is transferring;
−Specified officials for audits or evaluations;
−Appropriate parties in connection with financial aid;
−Organizations conducting certain studies on behalf of a school;
−Accrediting organizations;
−To comply with a judicial order or subpoena;
−Certain officials in cases of health and safety emergencies;
−State and local authorities, within a juvenile justice system, in
accordance with certain state law.
FERPA
13
14. • School official:
− Contractor to whom a school or institution has
outsourced institutional services or functions
− Must be performing an institutional service or function
for which the agency would otherwise use employees
− Must be under the direct control of the agency or
institution with respect to the use and maintenance of
education records
FERPA
14
15. • Sets requirements around notice prior to
disclosure of directory information
• Requires annual notice to parents of FERPA
rights
15
FERPA
16. • Provides rights to parents of minor students
around collection of sensitive information through
surveys, analysis or evaluations
• Requires consent prior to collection of “protected”
information
• Opt out rights for certain surveys, physical exams
and information disclosure for marketing
purposes
16
Protection of Pupil Rights
Amendment (PPRA)
17. • Requires schools to establish policies for
collection, disclosure or use of personal
information about students for commercial
purposes
PPRA
17
18. • Applies to schools or libraries that receive
discounts for Internet access or internal
connections via E-rate
• Requires:
- Blocking or filtering of certain images
- Internet safety policy that includes monitoring
online activities of minors
- Education for minors about appropriate online
behavior
18
Children’s Internet Protection Act
(CIPA)
19. • Applies to operators:
- of commercial websites and online services
directed to children under 13
- with actual knowledge that they are collecting
personal information from children under 13
• Requires clear, comprehensive privacy policy
• Maintain reasonable data security and deletion
measures
19
Children’s Online Privacy
Protection Act (COPPA)
20. • Provide parents with notice, choice and consent
prior to collecting personal information
• Allows schools to consent to collection of
personal information in certain circumstances:
- Collection is only for use and benefit of the
school
- No other commercial purposes
• Operator may rely on the contract to indicate
consent20
COPPA
21. • 2014: 110 student data privacy bills introduced
across 36 states 28 new laws
• 2015 to date: 128 state bills introduced, along
with new federal regulation
21
State Regulation
22. • California legislation
• Applies to operators of websites, online services
designed, marketed and used primarily for K-12
school purposes
• Restricts use of data from minors for certain
marketing or advertising practices
22
Student Online Personal
Information Privacy Act (SOPIPA)
23. • Prohibits targeted advertising and sale of student
information
• Limits disclosure of “covered” information
• Requires reasonable security, appropriate to the
nature of the covered information
• If requested by a school or district, must delete a
student’s covered information under the school or
district’s control
SOPIPA
23
24. • Different nomenclature and definitions of
protected data:
- Education records
- Directory information
- Protected information
- Personal information
- Covered information
• Prior consent vs. opt out
• Marketing restrictions
Navigating the Terrain
24
25. • Control of the data
• Transparency
• Notice and choice
• Acceptable educational use cases
• Reasonable security measures
Common Threads
25
26. • Responsible for navigating regulatory matrix
• Stewards of district and community norms
• Community relations and communication plans
• Incident response management
26
Voice of Schools
28. • Identify compliance risks and gaps
• Address existing issues
• Create policies and practices to minimize risks
• Establish communications and incident response
plans
• Educate employees, parents and students on
privacy rights and responsibilities
Program Goals
28
29. • Technology audit and assessment
- What technology is currently used to support
school operations?
Data management platforms
Support services
- What technology is used in the classroom?
Devices
Websites
Apps
29
Where to Begin?
29
30. • Assemble stakeholders
• Assess current technology use
• Assess resources and infrastructure
• Identify existing capabilities and talent
30
Next Steps
31. • Identify gaps and needs:
- Policies, technology, infrastructure, security,
bandwidth, communications, training
• Consider impacts:
- Financial, personnel, logistics, time, pedagogy
• Create your goals
Planning Process
31
32. • Device use
• Data privacy and security
• App and website compliance assessment
• Social media use
• Data disclosure circumstances
• Incident response plans
32
Policy Development
33. • Notices to parents and students
- Acceptable use policy
- Rules and responsibilities
- Incident report procedures
• Policy and technology updates
• Post-incident information
Communications Plans
33
34. • Educate teams and implement policies and
processes
• Inform parents and establish plans for ongoing
community outreach
34
Transparency and Engagement
36. • Create assessment and compliance processes
for adding new technology at the district, school
and classroom levels
- Identify stakeholders
- Map out review process
Who is involved?
What will be reviewed?
How will it be reviewed?
Are additional resources needed?
36
Establish a Review Process
37. • Privacy policies
• Terms of use
• Contract terms
• Questions for vendors
37
Compliance Review Process
38. • What data is collected and why?
• Who has access and for what purposes?
• What are the security protocols?
• How can the school access the data to respond to
a request from a parent?
• What happens to the data when the agreement
ends?
Understanding the Technology
38
39. • What is the process for integrating the technology
into your school?
• How will the vendor support implementation?
• How much time is needed to be operational?
• What are the costs?
• What support is provided after implementation?
• What are the recommendations and resources for
training?
39
Going Beyond Compliance
40. • What were the goals of bringing the technology
into the school?
- Measure and assess the impacts
- Use the results to inform the process for the
future
40
Examining the Results
41. • Use the chat function to submit your questions
• We will send the list of questions and answers to
attendees after the webinar
41
Q & A
42. • US Department of Education
- http://www.ed.gov/
• Privacy Technical Assistance Center (PTAC)
- http://ptac.ed.gov/
• Consortium for School Networking (CoSN):
- http://www.cosn.org/focus-areas/leadership-vision/protectin
• Future of Privacy Forum FERPA|SHERPA:
- http://ferpasherpa.org/
42
Additional Resources
43. • For more information and to review this webinar
again, please visit the events page at:
www.hobsons.com/education-trends/events
43
Thanks for Attending!
Editor's Notes
Su will introduce Linnette and give a brief bio.
Su will overview Hobsons and will remind the audience that we will accept questions via the chat function for the webinar.
Probably cleaner if Su does this slide and then Linnette takes over and runs with it after that.