Bill sets standards for student privacy [Commentary]

Some public schools are unwittingly trading students' personal information for discounted digital learning tools

February 20, 2014|By Bradley S. Shear

Many public schools in Maryland engage private cloud-computing services to provide software and digital educational platforms to help students learn. Schools have entrusted these companies with vast amounts of sensitive student data contained in emails, digital documents and school records, which is stored in computer networks outside of our schools. While cloud providers can offer tremendous advantages, their use may have a darker side.

Some third-party cloud providers "mine" the student data they collect from schools and monetize it for commercial profit. These companies surreptitiously scrutinize data collected from our children to learn how to better target impressionable students with commercial advertising. This information may include a student's age, disabilities, grades, health, location, personal opinions, race, religion and so on.

The schools are therefore unwittingly trading student privacy and safety for free or discounted digital learning tools, and few parents or educators are aware of it.

According to a survey from Common Sense Media published this January, most parents said they know little or nothing about the information that their schools collect. The report found that 91 percent of parents surveyed were concerned about the sharing of their student's private data and supported stronger parental consent requirements. Some 89 percent of parents in the same survey supported stronger cloud storage standards.

Privacy and Cloud Computing in Public Schools, a December 2013 study by Fordham University's Center on Law and Information Policy, discovered that schools have struggled to adequately protect student data from commercial data mining and concluded that most cloud-based services are "poorly understood, non-transparent and weakly governed" by schools. It found that only 25 percent of school districts inform parents about the use of cloud services, and 20 percent of districts fail to establish policies to protect student data in the cloud.

The Maryland attorney general's recently released Report to the Maryland General Assembly on Children's Online Privacy found some cloud computing services may resell student data for commercial purposes. To protect Maryland students, the report recommended enactment of student privacy and cloud computing legislation.

Maryland can protect our children's personal digital information by enacting HB 607, the Student Privacy and Cloud Computing Act, sponsored by Del. Anne Kaiser. The bill sets minimum standards for student privacy, and it limits the commercial use of student data by all cloud computing service vendors.

According to the Maryland attorney general's report, this type of legislation "does not prohibit use of cloud services by Maryland schools; it simply ensures that such cloud services are child-protective and do not facilitate the sale of information about children and minors." In other words, it establishes common-sense restrictions for vendors and protections for students.

Opponents of this legislation may claim that the federal law pertaining to student data, the Family Educational Rights and Privacy Act (FERPA), properly protects student data. FERPA was enacted four decades ago, before the public Internet and other digital technologies became available, and it has failed to be updated to adequately protect student privacy in the digital age. No school has been denied access to federal funds due to a FERPA violation that has put the personal privacy or safety of students at risk. FERPA does not have the teeth to safeguard sensitive student data. More is needed.

Arizona, Florida, Kentucky, Massachusetts, Oregon, New York and Oklahoma are some of the states that have either enacted laws or proposed legislation to better protect student data housed in the cloud. Other states may soon follow due to the belief that personal student information should not be for sale.

We need common sense protections to ensure that our children's data will not be misused for advertising, marketing or other improper commercial purposes. Maryland parents, educators and lawmakers should act now and work together to safeguard the digital privacy of future generations. As a parent of two young children, I ask you to please support HB 607 to ensure that our children's confidential, personal data is not for sale to the highest bidder.

Bradley Shear, a Baltimore native who works in Bethesda, is a lawyer and advocate for stronger digital privacy protection. His email is bshear@shearlaw.com.


To respond to this commentary, send an email to talkback@baltimoresun.com. Please include your name and contact information.
Baltimore Sun Articles
|
|
|
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.