Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Protecting Student Privacy in Blended
and Online Learning: New FERPA
Guidance from the US Department of
Education
• Frank ...
Introductions & Overview
Maria Worthen
Vice President, Federal & State Policy
iNACOL
• Palm Springs, Ca – Nov. 4-7, 2014
• Registration available soon.
• Over 2200 experts, educators and
thought leaders in t...
Webinar Format
• Feel free to type questions in the chat box
• The webinar is being recorded and
archived. Link will be em...
iNACOL’s mission is to ensure all
students have access to a world-
class education and quality blended
and online learning...
iNACOL Strategic Priorities
• Development of new learning models
• Quality assurance for blended and online
learning
• Pol...
State Policy Priority Issues
1. Create competency-based education systems
2. Improve equity and access for students to
ble...
Priority Area: Support new learning models
through connectivity, data systems, and
security.
• Broadband telecommunication...
Without data, we cannot
personalize instruction at scale.
Without sensible data
governance, we cannot sustain
new learning...
Protecting Student Privacy
While Using Online Educational
Services
An Overview of Recent Department of
Education Guidance
...
QuestionsQuestions
 Please type your questions in the chat
box in the lower left hand corner of the
webinar window.
11
Poll: Who is in thePoll: Who is in the
Audience?Audience?
Please indicate which sector you represent:
A) K-12 Administrati...
OverviewOverview
 The changing landscape of education technology in
schools
 The U.S. Department of Education’s role in ...
14
Use of EducationUse of Education
Technology in SchoolsTechnology in Schools
 Student Information Systems
 Productivity a...
Online Educational ServicesOnline Educational Services
This guidance relates to the subset of education services that
are:...
The Challenge of OnlineThe Challenge of Online
Educational ServicesEducational Services
 Schools and districts are increa...
The U.S. Department ofThe U.S. Department of
Education’s Role in ProtectingEducation’s Role in Protecting
Student PrivacyS...
Poll: FERPA AwarenessPoll: FERPA Awareness
Please rate your familiarity with FERPA:
A) “FERPA, what’s FERPA?”
B) I know en...
Family Educational RightsFamily Educational Rights
and Privacy Act (FERPA)and Privacy Act (FERPA)
 Gives parents (and eli...
But wait! There areBut wait! There are
exceptions!exceptions!
Two of FERPA’s exceptions to the parental consent
requiremen...
Directory InformationDirectory Information
ExceptionException
 Students don’t attend school anonymously.
 Allows schools...
Directory InformationDirectory Information
ExceptionException
 Common uses:
– Yearbooks
– Concert programs
– Telephone di...
School Official ExceptionSchool Official Exception
 Schools or LEAs can use the School Official exception to disclose
edu...
Poll: PPRA AwarenessPoll: PPRA Awareness
Please rate your familiarity with PPRA:
A)(Yawn) I know all about it.
B)I’ve work...
Protection of Pupil RightsProtection of Pupil Rights
Amendment (PPRA)Amendment (PPRA)
 Amended in 2001 with No Child Left...
Question 1:Question 1:
Is student information used in online
educational services protected by FERPA?
27
Is student information used inIs student information used in
online educational servicesonline educational services
protec...
Question 2:Question 2:
What does FERPA require if PII from
students’ education records is disclosed to a
provider?
29
What does FERPA require ifWhat does FERPA require if
PII is disclosed to aPII is disclosed to a
provider?provider?
 Paren...
Question 3:Question 3:
Under FERPA and PPRA, are providers
limited in what they can do with the student
information they c...
Are providers limited in whatAre providers limited in what
they can do with the studentthey can do with the student
inform...
Are providers limited in whatAre providers limited in what
they can do with the studentthey can do with the student
inform...
Question 4:Question 4:
What about metadata? Are there restrictions
on what providers can do with metadata
about students’ ...
What about metadata?What about metadata?
“Metadata” are pieces of information that provide meaning
and context to other da...
Other laws to considerOther laws to consider
 Childrens Online Privacy and Protection Act (COPPA)
– Applies to commercial...
Best Practices forBest Practices for
Protecting Student PrivacyProtecting Student Privacy
 Maintain awareness of other re...
Best Practices forBest Practices for
Protecting Student PrivacyProtecting Student Privacy
 Maintain awareness of other re...
Best Practices forBest Practices for
Protecting Student PrivacyProtecting Student Privacy
 Maintain awareness of other re...
Question 5:Question 5:
Can individual teachers sign up for free (or
“freemium”) education services?
40
Using free educationalUsing free educational
servicesservices
Remember the FERPA’s requirements for schools and
districts ...
Best Practices forBest Practices for
Protecting Student PrivacyProtecting Student Privacy
 Maintain awareness of other re...
Best Practices forBest Practices for
Protecting Student PrivacyProtecting Student Privacy
 Maintain awareness of other re...
Best Practices forBest Practices for
Protecting Student PrivacyProtecting Student Privacy
 Maintain awareness of other re...
Question 6:Question 6:
What provisions should be in a school’s or
district’s contract with a provider?
45
Best Practices for ContractBest Practices for Contract
Provisions for OnlineProvisions for Online
Educational ServicesEduc...
Question 7:Question 7:
What about online educational services that
use “click-wrap” agreements instead of
traditional cont...
What to look for in “click-What to look for in “click-
wrap” agreementswrap” agreements
When reviewing “click-wrap” agreem...
Read the GuidanceRead the Guidance
DocumentDocument
http://ptac.ed.gov/document/protecting-student-privacy-
while-using-on...
ResourcesResources
 Family Policy Compliance Office, U.S. Department of
Education, Model Notice for Directory Information...
QuestionsQuestions
 Please type your questions
in the chat box in the lower
left corner of the webinar
screen.
51
Contact InformationContact Information
52
Telephone: (855) 249-3072
Email: privacyTA@ed.gov
FAX: (855) 249-3073
Website: w...
FERPA and Student Privacy
Protections: District Perspective
Themy Sparangis, Ed.D.
Chief Technology Director
Los Angeles U...
• What are the benefits of using data to
personalize instruction?
• How does LAUSD handle student data?
• What is the impa...
Q&A
• Please type questions or comments in the
chat box on the left side of your screen.
Contact Information
• Frank Miller, Management and Program Analyst, U.S.
Department of Education, Frank.E.Miller@ed.gov
• ...
Upcoming SlideShare
Loading in …5
×

iNACOL Leadership Webinar "Protecting Student Privacy in Blended and Online Learning"

1,708 views

Published on

The Family Educational Rights and Privacy Act (FERPA) is the federal law that protects personally identifiable information from students’ education records from unauthorized disclosure. The US Department of Education’s Privacy Technical Assistance Center (PTAC) recently issued new FERPA guidance specific to online learning environments, “Protecting Student Privacy While Using Online Educational Services: Requirements and Best Practices". This webinar was presented by officials from the US Department of Education Privacy Assistance Center. http://ptac.ed.gov/

Published in: Education
  • If you need your papers to be written and if you are not that kind of person who likes to do researches and analyze something - you should definitely contact these guys! They are awesome ⇒⇒⇒WRITE-MY-PAPER.net ⇐⇐⇐
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • I can advise you this service - ⇒ www.HelpWriting.net ⇐ Bought essay here. No problem.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

iNACOL Leadership Webinar "Protecting Student Privacy in Blended and Online Learning"

  1. 1. Protecting Student Privacy in Blended and Online Learning: New FERPA Guidance from the US Department of Education • Frank E. Miller, Management and Program Analyst, U.S. Department of Education • Ross Lemke, Technical Assistance Manager, Privacy Technical Assistance Center, U.S. Department of Education • Themy Sparangis, Chief Technology Director, Los Angeles Unified School District • Maria Worthen, Vice President for Federal and State Policy, iNACOL April, 2014
  2. 2. Introductions & Overview Maria Worthen Vice President, Federal & State Policy iNACOL
  3. 3. • Palm Springs, Ca – Nov. 4-7, 2014 • Registration available soon. • Over 2200 experts, educators and thought leaders in the field of online and blended learning and competency based education
  4. 4. Webinar Format • Feel free to type questions in the chat box • The webinar is being recorded and archived. Link will be emailed out to you within 2 days after the webinar • Also posted in iNACOL Member Forum
  5. 5. iNACOL’s mission is to ensure all students have access to a world- class education and quality blended and online learning opportunities that prepare them for a lifetime of success.
  6. 6. iNACOL Strategic Priorities • Development of new learning models • Quality assurance for blended and online learning • Policy and advocacy
  7. 7. State Policy Priority Issues 1. Create competency-based education systems 2. Improve equity and access for students to blended & online learning opportunities 3. Ramp up quality assurance 4. Provide room for innovation. 5. Support new learning models through connectivity, data systems, and security.
  8. 8. Priority Area: Support new learning models through connectivity, data systems, and security. • Broadband telecommunications infrastructure • Statewide longitudinal data systems • Secure and ethical use of student data.
  9. 9. Without data, we cannot personalize instruction at scale. Without sensible data governance, we cannot sustain new learning models powered by blended and online learning.
  10. 10. Protecting Student Privacy While Using Online Educational Services An Overview of Recent Department of Education Guidance April 9, 2014 Frank Miller Team Lead, Family Policy Compliance Office U.S. Department of Education Ross Lemke Technical Assistance Manager Privacy Technical Assistance Center
  11. 11. QuestionsQuestions  Please type your questions in the chat box in the lower left hand corner of the webinar window. 11
  12. 12. Poll: Who is in thePoll: Who is in the Audience?Audience? Please indicate which sector you represent: A) K-12 Administration B) K-12 Faculty C) Post-Secondary Administration or Faculty D) Education Technology Industry E) Other (e.g., parent/student, non-profit org., etc.) 12
  13. 13. OverviewOverview  The changing landscape of education technology in schools  The U.S. Department of Education’s role in protecting student privacy  Legal protections for students’ information used in online educational services – How FERPA and PPRA protect student information used in online educational services – Other laws to consider  Beyond compliance: best practices for protecting student privacy 13
  14. 14. 14
  15. 15. Use of EducationUse of Education Technology in SchoolsTechnology in Schools  Student Information Systems  Productivity applications  Educational applications  Fundamental school services 15
  16. 16. Online Educational ServicesOnline Educational Services This guidance relates to the subset of education services that are: Computer software, mobile applications (apps), or web- based tools; Provided by a third-party to a school or district; Accessed via the Internet by students and/or parents; AND Used as part of a school activity. This guidance does not cover online services or social media used in a personal capacity, nor does it apply to services used by a school or district that are not accessed by parents or students. 16
  17. 17. The Challenge of OnlineThe Challenge of Online Educational ServicesEducational Services  Schools and districts are increasingly contracting out school functions  We have new types of data, and much more of it!  Many online services do not utilize the traditional 2-party written contractual business model  Increasing concern about the commercialization of personal information and behavioral marketing  We need to use that data effectively and appropriately, and still protect students’ privacy 17
  18. 18. The U.S. Department ofThe U.S. Department of Education’s Role in ProtectingEducation’s Role in Protecting Student PrivacyStudent Privacy  Administering and enforcing federal laws governing the privacy of student information – Family Educational Rights and Privacy Act (FERPA) – Protection of Pupil Rights Amendment (PPRA)  Raising awareness of privacy challenges  Providing technical assstance to schools, districts, and states  Promoting privacy & security best practices 18
  19. 19. Poll: FERPA AwarenessPoll: FERPA Awareness Please rate your familiarity with FERPA: A) “FERPA, what’s FERPA?” B) I know enough to be dangerous C) You could add me to your national cadre of experts on FERPA: I’m an expert. 19
  20. 20. Family Educational RightsFamily Educational Rights and Privacy Act (FERPA)and Privacy Act (FERPA)  Gives parents (and eligible students) the right to access and seek to amend their children’s education records  Protects personally identifiable information (PII) from education records from unauthorized disclosure  Requirement for written consent before sharing PII – unless an exception applies 20
  21. 21. But wait! There areBut wait! There are exceptions!exceptions! Two of FERPA’s exceptions to the parental consent requirement are most relevant when using education technology: – Directory information exception – School official exception There are many other FERPA exceptions. 21
  22. 22. Directory InformationDirectory Information ExceptionException  Students don’t attend school anonymously.  Allows schools to release certain information without consent. A few examples: – name, address, telephone listing, electronic mail address; – date and place of birth; – photographs; – weight and height of athletes; – degrees & awards received. 22
  23. 23. Directory InformationDirectory Information ExceptionException  Common uses: – Yearbooks – Concert programs – Telephone directories  Remember that parents have a right to opt-out 23
  24. 24. School Official ExceptionSchool Official Exception  Schools or LEAs can use the School Official exception to disclose education records to a third party provider (TPP) if the TPP: – Performs a service/function for the school/district for which it would otherwise use its own employees – Is under the direct control of the school/district with regard to the use/maintenance of the education records – Uses education data in a manner consistent with the definition of the “school official with a legitimate educational interest,” specified in the school/LEA’s annual notification of rights under FERPA – Does not re-disclose or use education data for unauthorized purposes 24
  25. 25. Poll: PPRA AwarenessPoll: PPRA Awareness Please rate your familiarity with PPRA: A)(Yawn) I know all about it. B)I’ve worked with it, but only in regard to the survey provisions. C)I have limited knowledge about PPRA D)Oh yes, that stands for “Pen Pal Research Association” right? 25
  26. 26. Protection of Pupil RightsProtection of Pupil Rights Amendment (PPRA)Amendment (PPRA)  Amended in 2001 with No Child Left Behind Act  Mostly known for provisions dealing with surveys in K-12  Includes limitations on using personal information collected from students for marketing  Parental notification and opportunity to opt out may be required  Development of policies in conjunction with parents may be required  However … a significant exception for “educational products or services” 26
  27. 27. Question 1:Question 1: Is student information used in online educational services protected by FERPA? 27
  28. 28. Is student information used inIs student information used in online educational servicesonline educational services protected by FERPA?protected by FERPA? It depends! Some data used in online educational services is protected by FERPA. Other data may not be. Schools and Districts will typically need to evaluate the use of online educational services on a case by case basis to determine if FERPA-protected information is implicated. 28
  29. 29. Question 2:Question 2: What does FERPA require if PII from students’ education records is disclosed to a provider? 29
  30. 30. What does FERPA require ifWhat does FERPA require if PII is disclosed to aPII is disclosed to a provider?provider?  Parental consent for the disclosure; OR  Disclosure under one of FERPA’s exceptions to the consent requirement. Typically, either: – Directory Information exception • Remember parents’ right to “opt-out” – School Official exception • Annual FERPA notice • Direct control • Use for authorized purposes only • Limitation on re-disclosure • Remember parents’ right to access their student’s education records 30
  31. 31. Question 3:Question 3: Under FERPA and PPRA, are providers limited in what they can do with the student information they collect or receive? 31
  32. 32. Are providers limited in whatAre providers limited in what they can do with the studentthey can do with the student information they collect orinformation they collect or receive?receive? If PII is disclosed under the Directory Information exception: – No limitations If PII is disclosed under the School Official exception: – PII from education records may only be used for the specific purpose for which it was disclosed – TPPs may not sell or share the PII, or use it for any other purpose except as directed by the school/district and as permitted by FERPA When personal information is collected from a student, the PPRA may also apply! – PPRA places some limitations on the use of personal information collected from students for marketing 32
  33. 33. Are providers limited in whatAre providers limited in what they can do with the studentthey can do with the student information they collect orinformation they collect or receive?receive? Remember, schools and districts have an important role in protecting student privacy. Additional limitations and restrictions (beyond what FERPA, PPRA, and other laws require) may be written into the agreement between the school/district and the provider! 33
  34. 34. Question 4:Question 4: What about metadata? Are there restrictions on what providers can do with metadata about students’ interactions with their services? 34
  35. 35. What about metadata?What about metadata? “Metadata” are pieces of information that provide meaning and context to other data being collected, for example: – Activity date and time – Number of attempts – How long the mouse hovered before clicking an answer Metadata that have been stripped of all direct and indirect identifiers are not protected under FERPA (NOTE: School name and other geographic information can be indirect identifiers in student data) Properly de-identified metadata may be used by providers for other purposes (unless prohibited by other laws or by their agreement with the school/district) 35
  36. 36. Other laws to considerOther laws to consider  Childrens Online Privacy and Protection Act (COPPA) – Applies to commercial Web sites and online services directed to children under age 13, and those Web sites and services with actual knowledge that they have collected personal information from children – Schools may exercise consent on behalf of parents in certain, limited circumstances (e.g., when it is for the use/benefit of the school and there is no other commercial purpose) – Administered by the Federal Trade Commission – See http://www.business.ftc.gov/privacy-and-security/childrens-privacy for more information  State, Tribal, or Local Laws 36
  37. 37. Best Practices forBest Practices for Protecting Student PrivacyProtecting Student Privacy  Maintain awareness of other relevant laws  Be aware of which online educational services are currently being used in your district  Have policies and procedures to evaluate and approve proposed educational services  When possible, use a written contract or legal agreement  Be transparent with parents and students  Consider that parental consent may be appropriate 37
  38. 38. Best Practices forBest Practices for Protecting Student PrivacyProtecting Student Privacy  Maintain awareness of other relevant laws  Be aware of which online educational services are currently being used in your district  Have policies and procedures to evaluate and approve proposed educational services  When possible, use a written contract or legal agreement  Be transparent with parents and students  Consider that parental consent may be appropriate 38
  39. 39. Best Practices forBest Practices for Protecting Student PrivacyProtecting Student Privacy  Maintain awareness of other relevant laws  Be aware of which online educational services are currently being used in your district  Have policies and procedures to evaluate and approve proposed educational services  When possible, use a written contract or legal agreement  Be transparent with parents and students  Consider that parental consent may be appropriate 39
  40. 40. Question 5:Question 5: Can individual teachers sign up for free (or “freemium”) education services? 40
  41. 41. Using free educationalUsing free educational servicesservices Remember the FERPA’s requirements for schools and districts disclosing PII under the school official exception. – Direct control – Consistency with annual FERPA notice provisions – Authorized use – limits on re-disclosure These services may also introduce security vulnerabilities into your school networks It is a best practice to establish district/school level policies governing use of free services, and to train teachers and staff accordingly. 41
  42. 42. Best Practices forBest Practices for Protecting Student PrivacyProtecting Student Privacy  Maintain awareness of other relevant laws  Be aware of which online educational services are currently being used in your district  Have policies and procedures to evaluate and approve proposed educational services  When possible, use a written contract or legal agreement  Be transparent with parents and students  Consider that parental consent may be appropriate 42
  43. 43. Best Practices forBest Practices for Protecting Student PrivacyProtecting Student Privacy  Maintain awareness of other relevant laws  Be aware of which online educational services are currently being used in your district  Have policies and procedures to evaluate and approve proposed educational services  When possible, use a written contract or legal agreement  Be transparent with parents and students  Consider that parental consent may be appropriate 43
  44. 44. Best Practices forBest Practices for Protecting Student PrivacyProtecting Student Privacy  Maintain awareness of other relevant laws  Be aware of which online educational services are currently being used in your district  Have policies and procedures to evaluate and approve proposed educational services  When possible, use a written contract or legal agreement  Be transparent with parents and students  Consider that parental consent may be appropriate 44
  45. 45. Question 6:Question 6: What provisions should be in a school’s or district’s contract with a provider? 45
  46. 46. Best Practices for ContractBest Practices for Contract Provisions for OnlineProvisions for Online Educational ServicesEducational Services  Security and data stewardship provisions  Data collection provisions  Data use, retention, disclosure, and destruction provisions  Data access provisions  Modification, duration, and termination provisions  Indemnification and warranty provisions 46
  47. 47. Question 7:Question 7: What about online educational services that use “click-wrap” agreements instead of traditional contracts? 47
  48. 48. What to look for in “click-What to look for in “click- wrap” agreementswrap” agreements When reviewing “click-wrap” agreements, schools and districts should also: Check amendment provisions Print (or save) the Terms of Service Specify authority to accept the Terms of Service 48
  49. 49. Read the GuidanceRead the Guidance DocumentDocument http://ptac.ed.gov/document/protecting-student-privacy- while-using-online-educational-services 49
  50. 50. ResourcesResources  Family Policy Compliance Office, U.S. Department of Education, Model Notice for Directory Information  PTAC Cloud Computing Best Practices  Federal Trade Commission Resources on COPPA and Children’s Privacy  National Institute of Standards and Technology, Cloud Computing Guidelines for Managing Security and Privacy 50
  51. 51. QuestionsQuestions  Please type your questions in the chat box in the lower left corner of the webinar screen. 51
  52. 52. Contact InformationContact Information 52 Telephone: (855) 249-3072 Email: privacyTA@ed.gov FAX: (855) 249-3073 Website: www.ed.gov/ptac
  53. 53. FERPA and Student Privacy Protections: District Perspective Themy Sparangis, Ed.D. Chief Technology Director Los Angeles Unified School District
  54. 54. • What are the benefits of using data to personalize instruction? • How does LAUSD handle student data? • What is the impact of the new FERPA guidance on your work and what do other district leaders need to know? • What approaches do you hope policymakers will take in your state?
  55. 55. Q&A • Please type questions or comments in the chat box on the left side of your screen.
  56. 56. Contact Information • Frank Miller, Management and Program Analyst, U.S. Department of Education, Frank.E.Miller@ed.gov • Ross Lemke, Technical Assistance Manager, Privacy Technical Assistance Center, U.S. Department of Education, ross.lemke@aemcorp.com • Themy Sparangis, Chief Technology Director, Los Angeles Unified School District, themy.sparangis@lausd.net • Maria Worthen, Vice President for Federal and State Policy, iNACOL, mworthen@inacol.org

×