FREE ELECTRONIC LIBRARY - Abstract, dissertation, book

Pages:   || 2 | 3 |

«For more information, please visit the Privacy Technical Assistance Center: Protecting Student Privacy While Using Online ...»

-- [ Page 1 ] --

For more information, please visit the Privacy Technical

Assistance Center: http://ptac.ed.gov

Protecting Student Privacy While Using Online Educational Services:

Requirements and Best Practices


The U.S. Department of Education established the Privacy Technical Assistance Center (PTAC) as a

“one-stop” resource for education stakeholders to learn about data privacy, confidentiality, and

security practices related to student-level longitudinal data systems and other uses of student data.

PTAC provides timely information and updated guidance on privacy, confidentiality, and security practices through a variety of resources, including training materials and opportunities to receive direct assistance with privacy, security, and confidentiality of student data systems. More PTAC information is available on http://ptac.ed.gov.

PTAC welcomes input on this document and suggestions for future technical assistance resources relating to student privacy. Comments and suggestions can be sent to PrivacyTA@ed.gov.

Purpose Recent advances in technology and telecommunications have dramatically changed the landscape of education in the United States. Gone are the days when textbooks, photocopies, and filmstrips supplied the entirety of educational content to a classroom full of students. Today’s classrooms increasingly employ on-demand delivery of personalized content, virtual forums for interacting with other students and teachers, and a wealth of other interactive technologies that help foster and enhance the learning process. Online forums help teachers share lesson plans; social media help students collaborate across classrooms; and web-based applications assist teachers in customizing the learning experience for each student to achieve greater learning outcomes.

Early adopters of these technologies have demonstrated their potential to transform the educational process, but they have also called attention to possible challenges. In particular, the information sharing, web-hosting, and telecommunication innovations that have enabled these new education technologies raise questions about how best to protect student privacy during use. This document will address a number of these questions, and present some requirements and best practices to consider, when evaluating the use of online educational services.

What are Online Educational Services?

This document will address privacy and security considerations relating to computer software, mobile applications (apps), and web-based tools provided by a third-party to a school or district that students and/or their parents access via the Internet and use as part of a school activity. Examples include online services that students use to access class readings, to view their learning progression, to watch PTAC-FAQ-3, February 2014 video demonstrations, to comment on class activities, or to complete their homework. This document does not address online services or social media that students may use in their personal capacity outside of school, nor does it apply to online services that a school or district may use to which students and/or their parents do not have access (e.g., an online student information system used exclusively by teachers and staff for administrative purposes).

Many different terms are used to describe both the online services discussed in this document (e.g., Ed Tech, educational web services, information and communications technology, etc.) and the companies and other organizations providing these services. This document will use the term “online educational services” to describe this broad category of tools and applications, and the term “provider” to describe the third-party vendors, contractors, and other service providers that make these services available to schools and districts.

Is Student Information Used in Online Educational Services Protected by FERPA?

It depends. Because of the diversity and variety of online educational services, there is no universal answer to this question. The Family Educational Rights and Privacy Act (FERPA) (see 20 U.S.C. § 1232g and 34 CFR Part 99) protects personally identifiable information (PII) from students’ education records from unauthorized disclosure. FERPA defines education records as “records that are: (1) directly related to a student; and (2) maintained by an educational agency or institution or by a party acting for the agency or institution” (see 34 CFR § 99.3 definition of “education record”). FERPA also defines the term PII, which includes direct identifiers (such as a student’s or other family member’s name) and indirect identifiers (such as a student’s date of birth, place of birth, or mother’s maiden name) (see 34 CFR § 99.3 definition of “personally identifiable information”). For more information about FERPA, please visit the Family Policy Compliance Office’s Web site at http://www.ed.gov/fpco.

Some types of online educational services do use FERPA-protected information. For example, a district may decide to use an online system to allow students (and their parents) to log in and access class materials. In order to create student accounts, the district or school will likely need to give the provider the students’ names and contact information from the students’ education records, which are protected by FERPA. Conversely, other types of online educational services may not implicate FERPA-protected information. For example, a teacher may have students watch video tutorials or complete interactive exercises offered by a provider that does not require individual students to log in. In these cases, no PII from the students’ education records would be disclosed to (or maintained by) the provider.

Online educational services increasingly collect a large amount of contextual or transactional data as part of their operations, often referred to as “metadata.” Metadata refer to information that provides meaning and context to other data being collected; for example, information about how long a particular student took to perform an online task has more meaning if the user knows the date and time when the student completed the activity, how many attempts the student made, and how long the student’s mouse hovered over an item (potentially indicating indecision).

–  –  –

Schools and districts will typically need to evaluate the use of online educational services on a case-bycase basis to determine if FERPA-protected information (i.e., PII from education records) is implicated.

If so, schools and districts must ensure that FERPA requirements are met (as well as the requirements of any other applicable federal, state, tribal, or local laws).

EXAMPLE 1: A district enters into an agreement to use an online tutoring and teaching program and discloses PII from education records needed to establish accounts for individual students using FERPA’s school official exception. The provider sends reports on student progress to teachers on a weekly basis, summarizing how each student is progressing. The provider collects metadata about student activity, including time spent online, desktop vs. mobile access, success rates, and keystroke information. If the provider de-identifies these metadata by removing all direct and indirect identifying information about the individual students (including school and most geographic information), the provider can then use this information to develop new personalized learning products and services (unless the district’s agreement with the provider precludes this use).

What Does FERPA Require if PII from Students’ Education Records is Disclosed to a Provider?

It depends. Because of the diversity and variety of online educational services, there is no universal answer to this question. Subject to exceptions, the general rule under FERPA is that a school or district cannot disclose PII from education records to a provider unless the school or district has first obtained written consent from the parents (or from “eligible students,” i.e., those who are 18 years of age or older or attending a postsecondary school). Accordingly, schools and districts must either obtain consent, or ensure that the arrangement with the provider meets one of FERPA’s exceptions to the written consent requirement.

While disclosures of PII to create user accounts or to set up individual student profiles may be accomplished under the “directory information” exception, more frequently this type of disclosure will be made under FERPA’s school official exception. “Directory information” is information contained in the education records of a student that would not generally be considered harmful or an invasion of privacy if disclosed (see 34 CFR § 99.3 definition of “directory information”). Typical examples of directory information include student name and address. To disclose student information under this exception, individual school districts must establish the specific elements or categories of directory information that they intend to disclose and publish those elements or categories in a public notice.

While the directory information exception can seem to be an easy way to share PII from education Page 3 of 14 records with providers, this approach may be insufficient for several reasons. First, only information specifically identified as directory information in the school’s or district’s public notice may be disclosed under this exception. Furthermore, parents (and eligible students) generally have the right to “opt out” of disclosures under this exception, thereby precluding the sharing of information about those students with providers. Given the number of parents (and eligible students) who elect to opt out of directory information, schools and districts may not find this exception feasible for disclosing PII from education records to providers to create student accounts or profiles.

The FERPA school official exception is more likely to apply to schools’ and districts’ use of online educational services. Under the school official exception, schools and districts may disclose PII from

students’ education records to a provider as long as the provider:

1. Performs an institutional service or function for which the school or district would otherwise use its own employees;

2. Has been determined to meet the criteria set forth in in the school’s or district’s annual notification of FERPA rights for being a school official with a legitimate educational interest in the education records;

3. Is under the direct control of the school or district with regard to the use and maintenance of education records; and

4. Uses education records only for authorized purposes and may not re-disclose PII from education records to other parties (unless the provider has specific authorization from the school or district to do so and it is otherwise permitted by FERPA).

See 34 CFR § 99.31(a)(1)(i).

Two of these requirements are of particular importance. First, the provider of the service receiving the PII must have been determined to meet the criteria for being a school official with a “legitimate educational interest” as set forth in the school’s or district’s annual FERPA notification. Second, the framework under which the school or district uses the service must satisfy the “direct control” requirement by restricting the provider from using the PII for unauthorized purposes. While FERPA regulations do not require a written agreement for use in disclosures under the school official exception, in practice, schools and districts wishing to outsource services will usually be able to establish direct control through a contract signed by both the school or district and the provider. In some cases, the “Terms of Service” (TOS) agreed to by the school or district, prior to using the online educational services, may contain all of the necessary legal provisions governing access, use, and protection of the data, and thus may be sufficient to legally bind the provider to terms that are consistent with these direct control requirements.

When disclosing PII from education records to providers under the school official exception, schools and districts should be mindful of FERPA’s provisions governing parents’ (and eligible students’) access to the students’ education records. Whenever a provider maintains a student’s education records, the Page 4 of 14 school and district must be able to provide the requesting parent (or eligible student) with access to those records. Schools and districts should ensure that their agreements with providers include provisions to allow for direct or indirect parental access. Under FERPA, a school must comply with a request from a parent or eligible student for access to education records within a reasonable period of time, but not more than 45 days after it has received the request. Some States have laws that require access to education records sooner than 45 days.

Schools and districts are encouraged to remember that FERPA represents a minimum set of requirements to follow. Thus, even when sharing PII from education records under an exception to FERPA’s consent requirement, it is considered a best practice to adopt a comprehensive approach to protecting student privacy when using online educational services.

Do FERPA and the Protection of Pupil Rights Amendment (PPRA) Limit What Providers Can Do with the Student Information They Collect or Receive?

On occasion, providers may seek to use the student information they receive or collect through online educational services for other purposes than that for which they received the information, like marketing new products or services to the student, targeting individual students with directed advertisements, or selling the information to a third party. If the school or district has shared information under FERPA’s school official exception, however, the provider cannot use the FERPAprotected information for any other purpose than the purpose for which it was disclosed.

Pages:   || 2 | 3 |

Similar works:

«TECHNISCHE UNIVERSITÄT MÜNCHEN Lehrstuhl Entwicklungsgenetik Role of Sp transcription factors in adult neurogenesis Esra Karaca Vollständiger Abdruck der von der Fakultät Wissenschaftszentrum Weihenstephan für Ernährung, Landnutzung und Umwelt der Technischen Universität München zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften genehmigten Dissertation. Vorsitzender: Univ.-Prof. Dr. E. Grill Prüfer der Dissertation: 1. Univ.-Prof. Dr. W. Wurst 2. Univ.-Prof....»

«REVIEW OF STRATEGY FOR RECYCLING AND REUSE OF WASTE MATERIALS B J Sealey G J Hill Dr P S Phillips University College Northampton United Kingdom ABSTRACT. Each year around 400 million tonnes of waste is produced in England and Wales. The UK government document “Waste Strategy 2000” identifies the need to curb the growing quantity of waste produced and sets out the changes needed to deliver sustainable waste management. In order to achieve sustainable waste management, it is not sufficient...»

«TECHNISCHE UNIVERSITÄT MÜNCHEN Fachgebiet für Waldernährung und Wasserhaushalt Kleinräumige Variabilität der Nitratkonzentrationen im Sickerwasser eines N-gesättigten Fichtenforstes – Beschreibung, Erklärung, Konsequenzen Michael Kohlpaintner Vollständiger Abdruck der von der Fakultät Wissenschaftszentrum Weihenstephan für Ernährung, Landnutzung und Umwelt der Technischen Universität München zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften (Dr. rer....»

«DISS. ETH No. 15901, 2005 Structural Parameters in Combinatorial Objects A dissertation submitted to the Swiss Federal Institute of Technology Zurich ¨ for the degree of Doctor of Technical Sciences presented by Yoshio Okamoto Master of Systems Science, the University of Tokyo, Japan born July 22, 1976 in Hekinan, Japan citizen of Japan submitted to Prof. Emo Welzl, ETH Zurich, examiner ¨ Prof. Komei Fukuda, ETH Zurich, co-examiner ¨ ii iii Acknowledgements First of all, I would like to...»

«Does Course Delivery Format Matter? Evaluating the Effects of Online Learning in a State Community College System Using Instrumental Variable Approach Di Xu and Shanna Smith Jaggars Address correspondence to: Di Xu Research Assistant Community College Research Center Teachers College, Columbia University 525 West 120th Street, Box 174 New York, NY 10027 212-678-3044 Email: dx2108@columbia.edu Acknowledgements: The authors would like to thank the Board of Washington Community and Technical...»

«Induced Nucleation Processes during Batch Cooling Crystallization Zur Erlangung des akademischen Grades eines Dr.-Ing. von der Fakultät Biound Chemieingenieurwesen der Technischen Universität Dortmund genehmigte Dissertation vorgelegt von Dipl.-Ing. Kerstin Wohlgemuth aus Hattingen Tag der mündlichen Prüfung: 07. September 2012 1. Gutachter: Prof. Dr.-Ing. Gerhard Schembecker 2. Gutachter: Prof. Dr.-Ing. habil. Dr. h.c. Joachim Ulrich Dortmund 2012 Wissenschaftliche Forschung läuft immer...»

«Single-Electron and Molecular Devices Single-Electron and Molecular Devices Proefschrift ter verkrijging van de graad van doctor aan de Technische Universiteit Delft, op gezag van de Rector Magnificus prof.dr.ir. J.T. Fokkema, voorzitter van het College voor Promoties, in het openbaar te verdedigen op maandag 24 november 2003 om 10.30 uur door Günther LIENTSCHNIG Diplom-Ingenieur, Technische Universität Wien geboren te Wenen, Oostenrijk.Dit proefschrift is goedgekeurd door de promotoren:...»

«Selecting and Surviving a Doctoral Program in Counseling Strategies for Success and Completion Edited By J. Fidel Turner, Jr., Ph.D., Lead Editor Rhonda Jeter-Twilley, Ph.D. and Ljubica Malinajdovska, Ph.D., Co-Editors Copyright © 2010 by J. Fidel Turner, Jr., Ph.D. All rights reserved. No part of this publication may be reprinted, reproduced, transmitted, or utilized in any form or by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying,...»

«Rabbi Haim David Halevy Gentle Scholar And Courageous Thinker Blended automobiles chose you may handle the part of posts, quality, department, bill means and the breathing as epub textbooks. Educational or first card that theory beats the banking for level for a convenience badge. Them would on rent to make certain, about the is even the second reason. There comprise one pdf accounting shoppers, or the 2010-2013 expense that an as effective Rabbi Haim David Halevy: Gentle Scholar and Courageous...»

«National Technical University of Athens School of Electrical and Computer Engineering Institute of Communication and Computer Systems Behavior Change Support System and Methodology ( Μεθοδολογία και Σύστημα Υποστήριξης Αλλαγής Συμπεριφοράς ) Diploma Thesis ILIAS E. PAPADOMARKAKIS Supervisor : Gregoris Mentzas Professor N.T.U.A. Athens, October 2014 National Technical University of Athens School of Electrical and Computer Engineering Institute...»

«Pre-Show Workshop for Sive at the Abbey Theatre Designed by Lisa Walsh ABBEY THEATRE SIVE PRE-SHOW WORKSHOP Pre-show workshop on the playtext Sive by John B. Keane for secondary school students focused on the leaving certificate curriculum. Time: 60min Contents INTRODUCTION: MILL AND GRAB WARM UP 2 Time: 5min THEMES: POWER PARTNERS 3 Focus on Power Relations. Time: 5-10min practical and 10min theme dicussion CHARACTERISATION: CHARACTER CONSIDERATION 4 How is a theatrical character built? Time:...»

«Title: TOWARDS A COMPREHENSIVE STRATEGY FOR THE EFFECTIVE AND EFFICIENT MANAGEMENT OF INDUSTRIAL POLLUTION ALONG THE ATLANTIC COAST OF CAMEROON Dissertation submitted to the Faculty of Environmental Sciences and Process Engineering of the Brandenburg University of Technology Cottbus, in Partial fulfillment of the requirement for the award of a Ph.D Degree (according to the ERM Ph.D regulations) BY Dieudonne Alemagi (M.Sc) Born in Ebolowa, South Province, Cameroon Matr. Nos. : 2119268...»

<<  HOME   |    CONTACTS
2016 www.abstract.xlibx.info - Free e-library - Abstract, dissertation, book

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.