Regulating State and Local Education Agencies

Regulating State and Local Education Agencies

In March of 2020, the COVID-19 pandemic changed education in ways never before seen, as suddenly most students began taking remote classes exclusively. Even now, more than a year later, students of all ages are returning to classrooms that are incorporating more technology than ever before. On August 11, 2021, the Future of Privacy Forum hosted the Federal Student Privacy Summit to spread knowledge to students, parents, and school staff on best practices for protecting student privacy. One event at this summit was the “Regulating State and Local Education Agencies” panel, which offered valuable information on best practices for managing students’ data and implementing privacy policies at the state and local levels.

This panel was moderated by Noelle Ellerson Ng, Associate Executive Director of Advocacy and Governance at the American Association of School Administrators. The panelists included Rachel Anderson, Director of Policy and Research Strategy at Data Quality Campaign, Lorrie Owens, Chief Technology Officer at the San Mateo County Office of Education, and Whitney Phillips, Chief Privacy Officer for the Utah State Board of Education

The first key takeaway for stakeholders is that school staff overwhelmingly want to do the right thing and protect student data but often lack the necessary support. Rachel Anderson noted the difficulties imposed on school staff when new guidelines emerge without any additional assistance. Teachers are already required to do a lot with very little support, and giving them additional responsibilities without additional funding or training hasn’t proven to be effective in the past. Whitney Phillips noted that while every district in Utah is required to have a plan for protecting student data, a staff team of only four people at the Utah State Board of Education is responsible for evaluating the more than 40 plans from Utah school districts. Lorrie Owens also pointed out the frequent miscommunications between policymakers and those who are expected to carry out policies; policymakers will occasionally demand that schools and districts carry out practices for which they don’t have the technology or capacity.

The panelists also noted that federal policy on student data privacy isn’t cohesive. “COVID exposed some technical failures with FERPA,” Whitney Phillips observed, when commenting on the many challenges districts faced in complying with the federal law during the abrupt switch to remote learning. Lorrie Owens saw a similar challenge, as districts did not know how to provide a home-based education that complied with FERPA, and school staff weren’t always aware of which state or district policies they had to follow. Student privacy bills tend to pass without much public awareness, leaving school staff in the dark as to what guidance they need to follow. Rachel Anderson also remarked that most privacy policies reflect the intent to punish school staff after data privacy has been breached, rather than to prevent data breaches.

The panelists also had many suggestions for improvements. First on the list? Policymakers and other privacy stakeholders should provide funding for supplemental technology and training when issuing new privacy guidance. Rachel Anderson remarked that when it comes to student data protection, “most lapses come from human error.” Usually when student data is breached, it is because someone reused a password, stayed logged in on a shared computer, or didn’t use two-factor authentication. Training school staff on best practices is vital to protecting student data. Lorrie Owens concurred, noting that this training should be ongoing, not just something offered once to each educator. Instead, privacy training should continually keep school staff up to date on best practices for securing student data. Whitney Phillips suggested that districts follow Utah’s lead and have a designated student data-protection authority on staff. This would allow school staff to have meaningful dialogue with someone about the implications of privacy policies, without overwhelming state officials. As one of only four states that has a chief privacy officer, Utah is well ahead of the curve on student privacy protection.

Lastly, the panelists suggested policy reforms that fit the new hybrid digital education landscape. Whitney Phillips made the astute point that our current data policies are structured to protect student records, and called for policy that’s more “nimble and seeking to protect students rather than records.” Lorrie Owens expressed the need for policies that are more “cohesive” and work together to protect students, rather than offering conflicting guidance. Rachel Anderson, emphasizing her point about human error, said she wanted to see policies that focused on supporting school staff to prevent breaches, rather than solely punishing them when breaches happen.

During the discussion, these brilliant panelists offered numerous invaluable resources, which are listed below. Readers can also find links to the other events held during the Federal Student Privacy Summit.

Resources:

Related Resources

  • Blog

    Surveillance Won’t Save Our Kids, Humane Public Policy Can

    Sep 17, 2021Isabelle Barbour

    As a result of the lack of investment by our country in mental health services, schools have, for years, been the de facto providers of mental health supports …

    Learn More
  • Blog

    Bodycams in the Classroom? The Risks are Plain to See.

    Jul 10, 2021Anisha Reddy and Amelia Vance

    Proposals that would force teachers to wear bodycams are grabbing headlines as some activists push to install an unproven surveillance program in classrooms ac…

    Learn More
  • Blog

    Talking to Kids About Privacy: Advice from a Panel of International Experts

    May 21, 2021Jasmine Park

    Now more than ever, as kids spend much of their lives online to learn, explore, play, and connect, it is essential to ensure their knowledge and understanding …

    Learn More