Reopening Schools Issue Brief: Increased Data Collection and Sharing

Reopening Schools Issue Brief: Increased Data Collection and Sharing

Schools and higher education institutions nationwide are still considering whether to return to in-person classrooms, continue remote learning, or offer a mix of options this fall as the COVID-19 pandemic continues. Any of these options raise significant implications for student privacy and equity, but most reopening plans do not examine these concerns.  The Future of Privacy Forum has developed a new issue brief series to raise awareness of the reopening issues that are keeping us up at night.

Issue Brief: Increased Data Collection and Sharing

Most K-12 and higher education reopening plans include ways to collect health information, often daily, from students, staff, and their families or household members. A recent piece published in the Journal of the American Medical Association recommends that K-12 schools provide parents with a checklist to complete every morning that confirms not only that their child is symptom-free, but also that other members of the household are healthy. Since younger students are more likely to be asymptomatic carriers of the virus, schools may ask for information about any household pre-existing health conditions to identify immunocompromised family members or roommates. Schools may want to use this information to determine whether an otherwise healthy and low-risk student should remain home or be kept separate from other students.

Many schools are likely trying to follow CDC guidelines that recommend that K-12 schools and higher education institutions should conduct, when feasible, daily physical health screenings of students and staff upon arrival, such as through temperature or symptom checks. While the guidance surrounding these health screenings is evolving, schools must be prepared for false flags–when these screenings inevitably “flag” someone with symptoms, like a fever, that are not related to COVID-19 but rather the sign of another ailment.

Some higher education institutions such as Boston University and Duke have announced preliminary plans that will require students to conduct daily health screenings via an app, either one created by the school or by a company. Boston University students who do not complete their daily check-in may be denied access to school buildings via a “passport” on the school’s app. Higher education faculty and staff are also being asked, with little context or warning, to self-disclose sensitive personal information to receive appropriate on-campus accommodations during the fall semester.

This expanded collection of sensitive and personal health information goes far beyond the amount of information a school typically collects about a student, let alone about the people living with them. It will be essential for schools to consider privacy and equity as they solidify the specific requirements in their reopening plans. How long will this information be kept – for a week, a month, the duration of the pandemic, or indefinitely? How will it be stored and secured? If a third-party app is being used, has it been thoroughly vetted for sufficient privacy and security protections based on the sensitivity of the data? Will the data be shared or used for any other purpose? Is there a potential for misuse of the information? Will there be consequences if students or parents do not want to comply with the reporting system? Some students and families may wish to keep their living arrangements and health statuses private, either for safety reasons or concerns about bias, stigma, or discrimination.

And what laws apply? While many people may assume all health data is covered under HIPAA, it is unlikely that the data collected from these types of health check-ins are. The data is likely protected under FERPA as part of students’ education records, but FERPA does not have higher protections for medical information or the highly-regulated cybersecurity standards required by HIPAA. K-12 schools may be subject to state student privacy laws that include greater protections for health information, but most higher education institutions are not governed by comparable state statutes.

These are complicated questions without a single right answer, but these questions must be asked and schools must create policies to ensure that their community trusts their institutions and shares accurate health data, as needed, to combat the pandemic. K-12 and higher education institutions’ reopening plans must protect student health and student privacy. If you have any questions or would like to discuss these issues further, please contact us here.

What They’re Saying: Recent News

Future of Privacy Forum Resources

Additional Resources

Related Resources

  • FPF Perspectives

    FPF Responds to the FTC’s COPPA Policy Statement

    May 19, 2022

    On May 19, 2022, the Federal Trade Commission (FTC) held an open meeting where it approved a policy statement prioritizing enforcement of the Children’s Online…

    Learn More
  • Higher Ed Perspectives

    The Datafication of Student Life and the Consequences for Student Data Privacy

    Apr 11, 2022Kyle M. L. Jones (MLIS, PhD) Indiana University-Indianapolis (IUPUI)

    The COVID-19 pandemic changed American higher education in more ways than many people realize: beyond forcing schools to transition overnight to fully online l…

    Learn More
  • Blog

    So Much Data: Thinking About How We Govern with Data and How We Are Governed by Data in US Higher Education

    Apr 11, 2022Michael Brown, Assistant Professor of Higher Education and Student Affairs, School of Education, Iowa State University

    As a researcher who focuses on how US higher education institutions construct data systems to support students’ success, I find myself having the same conversa…

    Learn More