Protecting student data in wake of Facebook scandal

Protecting student data in wake of Facebook scandal

(Colo.) As Congress and the national media focus increasing attention on the use of personal data by social media giants, the interest in state legislatures in protecting student data appears to be waning.

According to a new report from the Education Commission of the States, lawmakers nationally proposed 93 bills addressing education data issues during the 2017 session. That compares to 112 bills offered in 2016 and 183 proposed in 2015.

Although the report doesn’t account for the decline, it could be that there’s a growing sense of security surrounding the privacy of student data—at least until the news broke earlier this year about a British data firm mining personal information of some 50 million Facebook users.

Well before the 2016 presidential election and revelations that data harvested from social media may have been used to target voter messaging, Congress adopted the Family Educational Rights and Privacy Act in 1974, or FERPA, which generally restricts school districts and other educational institutions from releasing any information that is personally identifiable to an individual student.

But as technology has expanded and evolved, FERPA has also, while lawmakers in almost every state have found need to adopt more and different regulations.

Part of the issue has been to balance the need to protect students from the use of private data for marketing or commercial uses against the real need for academics and policy makers to comb the ever-increasing amount of student performance data for legitimate research purposes.

Much of the attention by state Legislatures in recent years has been to develop rules on data sharing, according to the commission report. Many states have also established data governance bodies to oversee access and arbitrate privacy issues.

Here is a list of some of the bills that are pending before lawmakers in the current 2018 legislative session:

Illinois H.B. 5064: Allows national assessment providers to sell or rent a student’s information if the provider secures express written consent from the student or the student’s parent or guardian, and if the information is used only to provide access to employment, financial aid or other postsecondary opportunities.

Illinois S.B. 599: Prohibits the operator of a website, online service or online application used and marketed primarily for higher education purposes from engaging in targeted advertising, using information gathered by the site, selling a student’s information or disclosing protected information without the student’s consent.

Rhode Island S.B. 2644: Includes several provisions to protect student privacy on school-owned or take-home technology. Allows for voluntary participation in take-home technology programs, requiring opt-in consent from parents or guardians. Prohibits schools or third parties from accessing a take-home technology device or the data stored on it after it is provided to a student. Requires educational institutions to erase all stored data from devices used by students when they are permanently returned.

Texas H.B. 2087: Establishes rules regarding the use of student data by the operator of a website, online service or online application. Sets guidelines for how operators must protect and delete collected student data. Prohibits the sale of student data and the use of student data for targeted advertising.