Data Privacy and Security
A digital environment opens up opportunities for both positive and negative aspects of data collection and sharing.
Tools like Facebook, Twitter and Google Docs have transformed our opportunities to share and collaborate. Websites with log-ins or that track use have simplified personalizing our accounts. On the other hand, our concerns for protecting personal data are fueled by news stories about leaked access to government records, data breaches experienced by major corporations and personal experiences with information on social media sites being used for unintended purposes.
As adults, we make informed choices about what digital data to share and how much to trust applications, websites, and other users to use the data in the ways we intend.
To protect children, three federal laws govern the collection, use, and sharing of personal information. In an educational setting, this includes information contained in educational records, surveys, and the student data collected by websites, online services, and mobile apps. Understanding what data can be shared, with whom and for what purposes, is a critical aspect of teaching in the digital age.
Children’s Online Privacy Protection Act (COPPA)
This law governs the collection, use, sharing, and protection of personal information collected from children under age 13 when using website, online services, and mobile apps. Student personal information includes:
- full name;
- email address or screen name;
- geolocation information;
- a child’s image or voice contained in a photo, video, or audio file posted online; and
- persistent device identifiers, such as IP addresses and cookies, that can be used to track a user over time and across multiple sites.
When a child is under age 13, COPPA requires sites or apps to obtain parent consent for use. School districts may act as the agent for the parents in providing consent. For this reason, SPPS reviews the data privacy and security policies for all apps in our Self Service app store and has a list of vetted websites that require access to student information, such as log-ins.
- Pictures, videos, and audio recordings of students may be posted on school and district websites or used in presentations only when there is a signed media release form on file with the school.
- For students who are under 13, SPPS educators must use only apps and websites vetted by the District if any personal information is shared.
- When creating student logins for online services and mobile apps, use only the student’s first name or a random means of identification. Do not use full names or student ID numbers.
Family Educational Rights and Privacy Act (FERPA)
This law protects the privacy of student education records and requires consent from a parent/guardian or student age 18+ before student records may be disclosed. Disclosure includes access to, release, transfer, or other oral, written, or electronic communication of personally identifiable information.
- Student data should only be shared with SPPS staff who need to know the information for legitimate educational purposes. Parents sign consent forms for sharing information with other agencies.
- Student records or data must be secured, and should not be left in an easily accessible location or open on a computer.
- Students should not record scores or grades of other students.