How to discuss student data privacy in your school and community
Although school leaders are concerned about student data privacy as education becomes increasingly infused with technology, communicating school policies around data collection, storage and use is often a challenge. But developing a policy framework that includes best practices for informing all stakeholders in a school community — educators, administrators, as well as parents — on student data privacy is a critical responsibility for institutions.
During a recent webinar hosted by edWeb.net and the Consortium for School Networking, leaders in K-12 education shared several lessons to assure student data privacy is a multi-stakeholder priority and compliance policies and practices related a schools’ system-wide use of technology are given precedent.
Understanding regulations
In the United States, an abundance of laws governing student privacy at the federal, state and local level can make understanding privacy regulations difficult. Most districts have a team dedicated to understanding the complexity of the laws, but school leaders must also make sure that every employee using technology has a job-appropriate understanding of the regulations.
“One of the common missteps I see from districts is writing policies that are simply restatements of the law, and what I would encourage instead is thinking about, ‘What do you want your teams to do to stay compliant with the laws?'” said Linnette Attai, project director for CoSN’s Privacy Initiative and Trusted Learning Environment Program.
For example, teachers most likely know they can’t just download an app and start using it with their students. Subsequently, rather than writing a policy that simply restates what actions violate the law, the policy should include the procedure teachers need to follow to get approval.
Administrators shouldn’t neglect privacy training for non-classroom staff either.
“It’s critically important that leadership really immerse in these regulations order to be able to set the policies, to set the expectations, to create the boundaries of risk for their technology teams and others in the districts,” Attai said.
Coaches, for instance, might have sensitive health information, and clerical staff enter student data into systems constantly.
Parents need to know, too
Beyond making sure faculty and staff have a strong understanding of privacy laws, schools need to develop that same training for parents. Parents generally fall into two camps, said Andrew Moore, chief information officer of the Boulder Valley School District in Colorado: those that want minimal technology use and wish the classroom looked the same as it did 20 to 30 years ago, and those that see technology as essential to their child’s education and future. Balancing those perspectives in conjunction with instructional needs is essential.
Attai suggested that administrators ask the same questions of parents they did of their employees: What do the parents know, and what do they need to know? Then, start with the basics — communicate to parents why you have the policy, what protections you’re putting in place, and how they will help the students.
Being clear with parents, students, and teachers about what technologies have been implemented and what the ramifications are surrounding their use is a critical priority for schools so that the community feels like a part of the conversation, the presenters said.
Everyone is responsible
Continually emphasizing that privacy protection is a shared duty is an important responsibility for school leadership.
“We’re all responsible,” Moore said. “It’s not an IT issue. It’s all of our issue to make sure we’re not letting data leak out or that we’re not sharing data inappropriately.”
About the presenters
Dr. Chris Gaines is Superintendent of Mehlville School District in suburban St. Louis. Dr. Gaines previously served as superintendent of Missouri’s Crawford County R-I and Wright City R-II school districts. Under Dr. Gaines’ leadership, Mehlville is expanding opportunities for students. In 2017 the district opened MOSAIC, a personalized learning elementary school, and created the MyPath program, which allows high school students to create their own class. The AASA Digital Consortium visited these programs in the spring of 2018 to gain insight into emerging models of best practices using digital media to support engaging learning experiences. This year Mehlville opened academies at each middle school to expand personalized learning experiences at the middle school level. Dr. Gaines holds degrees from Southeast Missouri State University and earned his doctorate at St. Louis University. He is a member of numerous professional associations and served as the 2018-2019 President of AASA, The School Superintendents Association.
Andrew Moore is the CIO for Boulder Valley School District in Colorado where he provides IT services for 4,200 employees and 30,000 students. His focus on eliminating the homework gap, staying vigilant on cybersecurity and student data privacy guides his decision making on policy and programs in the school district. Before joining the Boulder Valley School District, Andrew was a Sr. Director at Sun Microsystems responsible for a global IT team. He developed his government experience during three terms as Mayor of the Town of Erie, a 20,000 person suburb of Boulder. Andrew holds degrees in computer science and sociology, is a certified Six Sigma professional, and is an MBA candidate at CU Denver in 2020.
Linnette Attai is Project Director for CoSN’s Privacy Initiative and Trusted Learning Environment Program. For more than 25 years, Linnette has been building organizational cultures of compliance and guiding clients through the complex obligations governing data privacy, user safety, and ethical marketing, with a focus on the education and youth sectors. As founder of the global compliance consulting firm PlayWell, LLC, Linnette advises organizations, educators, lawmakers, and policy influencers. She serves as Virtual Chief Privacy officer and data protection officer to select clients, and speaks nationally on data privacy matters. Linnette is a member of the Rutgers Center for Innovation cybersecurity advisory board, and author of Student Data Privacy: Building a School Compliance Program.
About the host
Ann McMullan is Project Director for CoSN’s Empowered Superintendents Initiative. Ann served as Executive Director, Educational Technology in the Klein Independent School District, near Houston, Texas until September 2013, when she and her family moved to Los Angeles, California. For 16 years Ann led the district team that provided professional development on technology and 21st century instructional strategies to 4,000 professional educators serving 50,000 students. Ann served as co-chair of Texas Education Technology Advisory Committee which developed the Texas Long Range Plan for Technology, 2006-2020. Today, Ann is based in Los Angeles working as a public speaker, writer, and education consultant focused on leadership and planning to meet the needs of today’s students. Ann serves on the Project Tomorrow advisory council and is a leadership consultant with Executive Service Corps of Southern California, serving non-profit associations. Ann co-authored Life Lessons in Leadership, a guide for leaders ages eight to 88.
Join the community
Super-Connected is a free professional learning community on edWeb.net for school superintendents, district leadership, and aspiring district leaders.
This edWeb broadcast was co-hosted by CoSN and edWeb.net and sponsored by ClassLink. The recording of the edWebinar can be viewed by anyone here.
Stacey Pusey is an education communications consultant and writer. She assists education organizations with content strategy and teaches writing at the college level. Stacey has worked in the preK-12 education world for 20 years, spending time on school management and working for education associations including the AAP PreK-12 Learning Group. Stacey is working with edWeb.net as a marketing communications advisor and writer.