Students now use technological devices both in school and at home. But what does that mean for student data privacy? The age of digital media means adapting education techniques to include edtech. With increased accessibility for all ages, new policing and privacy strategies must continually improve to protect the influx of data. 

Understanding how students interact on different platforms and networks is critical to successfully educating youth and securing student privacy. As educators, it’s important to verify the applications students use are vetted for data privacy.

Following student confidentiality laws falls in the hands of the administrators. So what can you do to protect student data privacy? Educate yourself on the different types of data. Know federal and state student privacy laws. Lastly, seek out ways to protect student data.

What is Student Data?

In short, any piece of data that can be combined with other information to identify a student is considered student data. This can include names, addresses, demographics, birth dates, student IDs, login information, and any data that includes personally identifiable information, or PII. 

Types of Student Data

three types of student data

Although data is collected in a number of ways, edtech generally saves the following:

  • Education Records: These records include information like academic and disciplinary records. Parents and guardians have access to education records until a child is 18 years old. 
  • Demographics: Student demographic data can include the child’s address, contact information, first language, any medical alerts, designations for free-and-reduced price meals, and specialized teaching requirements.
  • De-Identified Data: De-identified data is student data that has been obscured so that a single student cannot be identified. 
  • Aggregate Data: When de-identified data is collected from groups of students, it’s considered aggregate data.

Who has Access?

Generally, a number of local, state, and federal institutions receive student data. Depending on the relationship, they will receive a different access point. 

groups with access to student data

Locally, teachers can use student data to monitor activities online that may harm others or themselves, along with insight into educational gaps. Oftentimes, school counselors will have access to more data than teachers, and can often assist in identifying students with troublesome home lives.

On a familial level, parents and guardians also have access to all available data until the child is 18 years old. Districts and states may use student data to allocate resources. On a federal level, the U.S. state department may use the data to allocate federal funds. 

Student Data Privacy Laws

Data privacy laws in regards to edtech aim to achieve student data privacy, including the use, collection, handling and governance of students’ personally identifiable information (PII). State laws are more poignant than federal ones and vary significantly across the country. 

Student Data Privacy Federal Laws

  • Family Educational Rights Privacy Act (FERPA): The Family Educational Rights Privacy Act applies to education records only. It allows parents and guardians access to amend education records and the right to control how PII is disclosed.
  • The Children’s Online Privacy Protection Act (COPPA): The Children’s Online Privacy Protection Act aims to protect data for children under the age of 13 from websites and other third party operators.
  • National School Lunch Act (NSLA): The National School Lunch Act implements stricter privacy laws, regulating information such as which students are eligible for free-and-reduced price meals. 

 Student Data Privacy State Laws

While federal laws regulate general PII records, state laws protect all types of data and how it’s processed. In five years, lawmakers across the country have implemented 120 bills to govern how K-12 students’ data is collected and used.

This legislation ranges in data protection methods. For example, Arizona has enacted a bill that requires an option for parents to opt-out of releasing demographic information to other families within the school. In contrast, Maryland enacted a bill that lengthens the period of time a school can use student data, increasing from five to 20 years.

Edtech Safety in the Classroom

Edtech is vital to facilitate individualized and engaging classroom learning. However, without the proper safety precautions in place, teachers face legal implications. In the worst case, data could be sold by third parties. 

In 2019, schools within the United States experienced three times the amount of data breaches as the previous year. The total number of attacks reached 348, says the K-12 Cybersecurity Resource Center. Actively seeking ways to reduce these types of breaches is essential for parents, teachers, administrators, and lawmakers. 

The 2019 State of Edtech Privacy Report explained that while applications and services doubled their median privacy rating during 2018, 80% of apps and services are still not meeting the benchmark safety precautions set by legislation. 

As a teacher, edtech hardware and software should be vetted carefully. Before using these tools in the classroom make sure to:

  • Seek approval from the school or district.
  • Do your research. Don’t just rely on other teachers or conferences for new recommendations.
  • Read through the terms of service and privacy policies.

Online Safety Tips for Teachers

7 online safety tips for teachers

These data privacy tips are not an exhaustive list, and it’s important to seek out additional tips from administrators and state legislators. 

  • What to look for: Technology designed for education, not consumers.
    Why it matters: Consumer technologies are not required to follow the same laws as educational technologies to protect student privacy, which creates legal risks.
  • What to look for: Websites with an “s” in the URL.
    Why it matters: The “s” in “https” identifies the site as an encrypted page. This will be important to protect student data, such as login credentials.
  • What to look for: Web address bars without the grey “i” icon.
    Why it matters: This icon indicates that anyone may be able to access the information you provide on the website. 
  • What to look for: Websites with a privacy policy.
    Why it matters: If a website’s privacy policy is hard to find, or doesn’t exist, it’s a safe bet that student data won’t be secured on the page. 
  • What to look for: Apps and tools that have previously been vetted by the school.
    Why it matters: Schools that have already vetted an app have typically reviewed the privacy policy, parental permissions, and information about what data is being shared.
  • What to look for: Commitment from the merchant to not share data other than what’s necessary for using the product.
    Why it matters: This ensures the merchant won’t sell student data either directly or via a subcontractor.
  • What to look for: Websites, applications, and tech without clickwrap agreements.
    Why it matters: Clickwrap agreements are legally binding, and control how student and school data is used.

download infographic button

As edtech useage increases, we must adapt to new technologies and how they affect the privacy of data. Monitoring data is beneficial to protect against cyberbullying, self-harm, and potential threats. Nonetheless, consider how long this information will follow children on their records. Additionally, take it upon yourself to protect student data from the wrong hands.

Sources: U.S. Department of Education | FERPA/SHERPA | K12 Cyber Secure |