Illustrations By Miguel Porlan
At Alabama’s Mountain Brook High School (MBHS), lists of overdue books used to be sent to students’ classroom teachers, who spoke to the kids directly about them—and knew what they were reading. Now, MBHS librarian Annalisa Keuler emails overdue notices directly to individual students. It’s one step she takes to make sure that information about her students—in this case, their choice of reading—is confidential.
Respecting patron privacy is a fundamental aspect of librarianship, including service to children and youth. “If you go back to the ethics of our profession, you want to keep as much of that information private as you can,” says Keuler. Only the student who checked the materials out should see that information, she adds. Some teachers still ask Keuler for the list, but she does not provide it.
“Students should have two expectations of privacy,” says Helen Adams, author of Protecting Intellectual Freedom and Privacy in Your School Library (ABC-CLIO, 2013). “They should be able to come in and use the library’s resources and have no one looking over their shoulder. Whatever information they seek on that topic should remain private.”
Those principles face new challenges in the digital age. A recent survey from the Future of Privacy Forum found that while parents support school tech and data, they also want privacy assurances from schools. Electronic student data, including library records and much more, is often stored in the cloud and handled by third parties, and can exist forever. For instance, when a student checks out a book, a file marked online can potentially be read by a parent and emailed to others. When an elementary school child reads on an app, the title, reading level, and other details are often digitally stored. High school e-records of student homework, classes, and grades—often also including behavioral issues and health data—may be attached to a students’ name, age, and student ID number. In addition, students may not know, for example, that when they download a library ebook onto a Kindle device, the Kindle—and Amazon—saves their borrowing history.
By educating themselves about how student data storage works, librarians can take precautions to lock down these records—and take more basic steps to help students, such as showing them how to guard their browsing history and control their digital footprints.
Student privacy laws
Student confidentiality concerns predate the digital era. The Family Educational Rights and Privacy Act (FERPA), which underscores the protection of student records, was signed into law in 1974, under President Ford. That law states that educational institutions must ensure that privacy measures are in place to safeguard details about their students. Today, legislators and others are trying to further protect student data. One legislation effort, the Student Digital Privacy and Parental Rights Act of 2015, has been stalled in Congress since May 2015, but would prevent targeted advertising from reaching students online based on their online behavior. Meanwhile, organizations including EPIC (Electronic Privacy Information Center) Students Privacy Project, a nonprofit venture, seek to inform students, parents, educators and the public about changes to FERPA along with challenges and shifts in law that affect student data and privacy.
That’s Confidential
Informing educators and students about how to protect nondigital personal information is also critical. In 2015–16, parents at West Allegheny Middle School in Pittsburgh, PA, reportedly considered a lawsuit after their children, who participated in an anti-bullying program, were asked to move into different groups based on how they answered certain questions—including whether they had been affected by drugs or alcohol, and whether they, or someone close to them, had been in prison. Where students moved could effectively reveal private details that, as one person told CBS Pittsburgh, “gave the bullies ammunition.”
Such personal information made public by the school or its staff can quickly spread throughout a school and beyond. In Canada, a school was reportedly found guilty of violating a transgender student’s privacy by calling her by her male birth name during attendance and sharing information about her private life that could have made her subject to bullying or abuse.
The American Civil Liberties Union page on Student Speech and Privacy outlines information about students’ rights at school.
In addition, on the state level, in November, California recently passed the Early Learning Personal Information Privacy Act, expanding protections of an earlier act and updating some points from FERPA. Simultaneously, California Attorney General and U.S. Senator-elect Kamala D. Harris also posted recommendations for how ed tech companies can keep student data private.
On the ground, the Consortium for School Networking (CoSN; cosn.org), whose members include technology leaders in K–12 school districts around the country, awards a Trusted Learning Environment (TLE) Seal to school districts that take recommended steps to make sure their students’ data is guarded and kept private to the extent of the law. The organization’s larger mission is to bring effective learning technology and tools to students in schools.
Kathleen Styles, chief privacy officer for the U.S. Department of Education, says that schools often need help figuring out how to protect and handle electronic records correctly, and how to make sure that whomever the information is trusted with takes the same level of care to keep data secure.
“Schools and districts need to take the lead in setting appropriate policies and in investigating educational technology products,” Styles said via email. “As data stewards, [they] are responsible for selecting third-party vendors that provide safe, appropriate, and effective education technology.”
Despite parental concerns that third parties may be selling their children’s data, Styles says that she hasn’t seen this happen. “I have heard concerns about this, but thus far I have not run across a district that actually does it,” she said.
Schools often view third-party systems as essential for data management and maintaining student records, from grades to attendance. Because of this, “we’ve had a lot of questions from schools around cloud service providers,” says Linnette Attai, project director for CoSN’s TLE Program, which administers the TLE Seal and a broader privacy initiative established last year.
But in using these outside companies, schools must understand how the firms are maintaining records, according to FERPA. The law protects, among other things, the rights of parents to access their children’s educational records until the student is 18, when the right transfers to the child. Parents can request records be corrected, and demand a hearing if they are not amended.
FERPA also allows schools to release details about a student’s records—without a parent or child’s permission—to certain groups, including schools where a student is transferring, state and local authorities, officials if there is a health and safety emergency, among others, and financial aid groups and organizations.
How secure is that app?
Doug Johnson, director of technology for the Burnsville-Eagan-Savage School District in Minnesota and a former school librarian, notes that protecting student data doesn’t begin or end at library records. He is more concerned about apps that educators may adopt for school use without checking how they collect, store, and disseminate student details.
In his district and across the country, tech-loving teachers and media specialists often introduce digital tools to classrooms without supervisors’ knowledge. In Johnson’s school system, technology directors like himself have two options. They can limit all apps and require them to undergo a formal vetting process—or help teachers to understand how apps work, along with the potential ramifications when app producers collect, share, or even sell a child’s personal information.
“We tend to educate teachers and let them be experimental,” he says. “But I come from a library background, and I believe in intellectual freedom and giving them the right to choose.”
Adams has a quick way of explaining to her online students if an app is likely safe or not. The online instructor at Antioch University-Seattle, who teaches about legal and ethical issues in school libraries, asks if the app is free.
If so, “It’s being paid for in some way,” she says. “Data [collection] is likely the answer.”
That’s a key reason why two Colorado parents, Leonie Haimson and Rachael Stickland, cofounders of the Parent Coalition for Student Privacy, believe that teachers should never sign up for a classroom app without approval from their school and district.
Haimson and Stickland took up arms against the student data aggregator inBloom, reportedly putting political and parental pressure on the nonprofit, which was funded by the Bill & Melinda Gates Foundation. InBloom would have enabled schools to upload student names, test scores, grades, health and attendance records, family information, and other identifiable details, and sell that information to third parties. InBloom shut its doors in 2014.
“Your child is basically seen as a tremendous profit potential for companies whether you sign up [for an app] in school or out of school,” Haimson says.
Resources to help educators understand privacy issues include CoSN checklists for K–12 school districts, with suggestions for how to proactively protect student details. “There is so much fear and so many questions that parents have around student data privacy,” says Attai, who is also president of the New York-based privacy consultancy Playwell LLC. “We wanted to find a way for school systems to measure their work and assess how they’re doing.”
Student Protection Checklist
Resources and tools
CoSN’s Trusted Learning Environment Seal is a rigorous program offering recommendations to districts for protecting students’ privacy rights.
FERPA Sherpa is an online site with multiple links to resources for schools and parents, and questions to ensure they’re making good decisions.
The Electronic Freedom Foundation offers suggestions around the adoption of cloud education services and devices at schools.
The Parent Coalition for Student Privacy, which led the fight against online data aggregator inBloom, is primarily aimed at parents, but its recommendations also apply to educators.
American Library Association Library Privacy Guidelines for K–12 Students Recommendations for K–12 school libraries.
Electronic tracking blockers
uBlock Origin; Privacy Badger from the Electronic Freedom Foundation; and Ghostery are browser extensions that protect privacy.
BrowserSpy allows students to see what their browser discloses about them.
The CoSN checklist includes professional development for teachers to ensure that students use technology in a way that safeguards their information. Districts that follow CoSN’s guidelines can then apply for the TLE Seal, which honored its first seven winners this year, including Butler County (AL) Schools , Cambridge (MA) Public Schools, and Denver (CO) Public Schools. The seven districts added specific policies and took action to make sure they are protecting student data.
Digital footprints
Students can take simple steps to safeguard their digital footprints, experts emphasize. Even young children can learn how to wipe the history of their browsers after a search at the school library or on a school computer. Simply logging out of a Chromebook prevents access to their online details.
In addition, beyond browsing privately—with Google’s Incognito mode or by using the Private Browsing function on an iPhone or iPad, for instance—students can also use add-on tools that can block tracking technology. Some of these include uBlock Origin, Privacy Badger from the Electronic Freedom Foundation, and Ghostery. BrowserSpy allows students to see what their browser discloses about them.
Young people frequently don’t distinguish between expressing their thoughts online and out loud, Attai notes. They may not grasp the idea that data can live online forever. Educators can help them understand what is at stake.
The conversation should be framed in ways that will resonate with students at the moment, Attai says. “As opposed to asking them if this could impact them getting a job in 10 years, you could ask, ‘Is this something you would want your football coach to see?’” she says. “It’s a challenging conversation.”
In the bigger picture, the best way to protect students is to educate teachers and stakeholders at the district and state level. Johnson notes that providing teachers with guidelines, through professional development, leads to the best outcome.
The goal, experts say, is to find a way to safeguard information—not shut down access. If educators and students can’t adopt new tech, it puts teachers at a disadvantage and also hobbles students who must learn how to navigate the online world safely.
“We can’t forget that having this data and technology allows us to support students in the most amazing ways,” says Attai. “We want to just make sure we’re really responsible, but not let fear stifle innovation and the benefits of a technology-enabled classroom.”
Lauren Barack writes about the connection between media and education, business, and technology.