The Forum Guide to Education Data Privacy explores how state and local education agencies (SEAs and LEAs) can support best practices at the school level to protect the confidentiality of student data in routine instructional and administrative tasks. It highlights common privacy issues related to student data use and, through case studies illustrating common situations, presents basic approaches to managing those issues. The guide is a product of the Education Data Privacy Working Group convened under the auspices of The National Forum on Education Statistics (the Forum). The Forum is an entity of the National Cooperative Education Statistics System established by The National Center for Education Statistics (NCES), within the U.S. Department of Education.
On July 17, FPF spoke with Working Group Co-Chair Dean Folkers, of the Nebraska Department of Education, about the Forum guide, privacy on the ground, and common-sense thinking about handling student data.
FPF: Please tell us about the Education Data Privacy Working Group and how this Forum guide was created.
Dean: The Forum comprises one representative from a state or local education agency in each state and territory. It presents an opportunity for these representatives to meet and receive information about data collection, support, and research from the NCES. It is also an opportunity for these representatives to provide feedback on the issues and challenges they are facing. Because of this, the topics of Forum publications often include timely pain points and respond to a demand for guidance and best practices surrounding these points.
The notion of data privacy is very important for everyone involved with the Forum. The basis for this particular publication came from a specific demand from states and districts for broader guidance and practical tools. This demand eventually resulted in the formation of the Education Data Privacy Working Group, which was tasked with creating a product that would be valuable to the broader community.
Of course, there are a number of amazing resources available, not least of which are published by the Future of Privacy Forum (FPF), the Data Quality Campaign, and others. Therefore, it was important for us not to recreate the wheel. Rather, the intent and focus of the guide was to bring the available information together and help education agencies better wrap their heads around data privacy and the impacts of different stakeholders.
FPF: Can you tell us about how the case studies and best practices you’ve included were developed and what informed your decisions about which ones to include?
Dean: The case studies were designed as tools for data privacy awareness and literacy for school districts and state education agencies. The goal was to present practices, approaches, or issues born from real-life situations. The Working Group tried to identify a number of key issues and scenarios that we had collectively experienced. We were also grateful for the participation of folks from the Privacy Technical Assistance Center (PTAC), who shared common stories that they had encountered. From this pool of ideas, we narrowed down a list of the timeliest and most appropriate topics. Those who had had experience with the situations included in this final list helped build the case studies by fleshing out the scenarios being depicted and identifying the resources, processes, and tools available to help the relevant stakeholders respond appropriately.
FPF: Was there anything particularly interesting or surprising that you learned during the process of compiling and developing these case studies?
Dean: The process certainly reminded us to be mindful of the diversity of potential audiences for the guide and these audiences’ perspectives on student data privacy. When you make awareness of student privacy the fiber of how you operate, you make assumptions about “common sense.” You take for granted that your own practices are shared even by those who are less informed or less aware. Of course, these assumptions can often be both wrong and misleading. For that reason, in developing the case studies we tried to think through the lens of someone who did not have the knowledge that we have about student data privacy best practices, and to focus on what would add value for them. We wanted to frame the information so that it would bring to the fore common misconceptions about issues or practices that may appear innocent but are actually quite problematic.
A great example of this is the PTA case study (Case Study #3). Several members of the Working Group who are parents of children in elementary schools empathized with the situation it presents: an ostensibly innocent request for contact info to invite classmates to a birthday party. This request eventually leads to various unintended consequences and teaches an important lesson. Another fascinating scenario pertains to the advent of social media and the ramifications of being able to share and post online in real time. In one instance, a concert by a local band comprising elementary students was being recorded and uploaded to social networks. In this case, posting this recording online ultimately compromised the safety and security of one of the students in the band. Here, again, we see unintended consequences arising from something seemingly inconsequential. That is why we wanted to walk our readers through correct policies and procedures for common scenarios, especially those that seem benign.
FPF: What are some high-level takeaways or goals?
Dean: Throughout the guide, it was very important for us to balance awareness and understanding about what the laws say—as well as what the laws do not say. Inherent to handling student data is the responsibility to think about the implications and elements of privacy. However, we wanted to avoid creating fear and preventing those responsible from utilizing data for its intended value. Ultimately, the intention is to support and improve the teaching and learning experiences but to do so in a way that reminds people to be thoughtful and reflective and to help them better understand their role and responsibilities regarding student privacy in the education system.
FPF: Does the guide reflect national or particular state requirements?
Dean: The guide is intended to reflect the broader national or federal expectations regarding student data privacy. It includes references for general understanding of federal laws, including the Children’s Online Privacy Protection Act (COPPA) and the Protection of Pupil Rights Amendment (PPRA). However, we were careful throughout to reinforce that, in many cases, states may have different expectations. We are not trying to present this resource as the “end-all, be-all” but, rather, as a starting point that encourages deeper exploration of the roles and responsibilities surrounding education data privacy. We see the guide as an extra tool in the broader toolset meant to support districts and states in their quest to ensure education data privacy.
This interview was conducted by Ahuva Goldstand on July 17, 2019. It has been edited and condensed for clarity.