“Clouds” have ushered in landmark technology to education communities but also flurries of debate within corporate, legislative and legal forums. Student privacy and safeguarding student data, especially on the school bus, have become the year’s hot topic.
Special interest groups and the federal government recently launched campaigns to raise awareness about laws and proper use of student data. Meanwhile, state lawmakers are responding to rising parental concern over the use of their children’s information. The result: New state laws and higher expectations for the handling student data and information.
“Parents are becoming more aware that data on their child is collected by schools. They are not always sure about it,” said Paige Kowalski, director of state policy and advocacy at the nonprofit Data Quality Campaign, focused on the use of high-quality education data to improve student achievement.
She likened the issue to heightened consumer awareness of online banking and credit card security.
“Information can be used to make decisions, allocate resources and better educate. At the end of the day, parents want to know who has information about their child and what they do about it,” she added. “It’s important to be very transparent about all of it.”
STUDENT PRIVACY ON THE BOOKS
The Data Quality Campaign — supported by private and corporate funding to promote good use of data — helps raise public awareness about the types of student information and the common protocols expected of everyone, ranging from local schools to technology providers.
Common student data is collected for attendance, instruction, tests, grades, programs, interventions, observations, demographics and teacher information. Crunching big data can provide analysis and insight used to make decisions and allocate resources for better education. But the type of data collected, and who can use the information, is different and starting to get contested.
There are three common types of data: personally identifiable information (PII), de-identified data (all identifying student information is removed) and aggregate data (groups without any identifying information). Through law, regulation and best practices, the U.S. Department of Education (DOE) and individual states then make up the boundaries of who gets what information and how it should be handled.
DOE launched a new website, familypolicy.ed.gov, as a user-friendly guide to school officials, parents and students about data protection. It defines the work of the Family Policy Compliance Office, which administers two federal laws: the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA).
FERPA gives parents the right to access their children’s education records and have the records amended as well as some control over the disclosure of PII from the education records. It also establishes the right of adult students to review education records that are sent to other institutions. PPRA goes a step beyond to govern information from surveys that ask personal questions.
“These laws have been around for a long time, but what’s different is data is stored in cloud applications,” said Keith Krueger, CEO of the Consortium for School Networking (CoSN), a professional association for district technology leaders.
CoSN’s membership reported more than 10 million students nationwide. The group also partners with Harvard Law School to provide school leaders with a decision tree for the collection of student data, as well as certification and toolkits.
“School districts need to be better about communicating data protection in education. They must indicate to the community that they are following best practices,” said Krueger.
Especially in a “bring your own device” world, Krueger warned about distinguishing between trusted, contracted technology partners and “free-mium” applications, usually no-cost apps marketed to educators for the payoff of freely given data.
“Who is really assuring teachers and parents that the educational apps are complying with law? The school system should think carefully about what they are doing with data, particularly where parents object,” she added.
PRIVACY ON SCHOOL BUSES
“When you look at how services are delivered to consumers, it seems everything has moved to the cloud, whether you’re talking about file storage, movies or customer relationship management,” said Seon’s Lori Jetha.
Many cloud-based technology vendors specializing in student transportation already set the bar high for student safety, but student privacy advocates advise school transporters to communicate more widely with all education stakeholders if they aren’t already.
“Transportation services are unique. It’s a great group to step up to say safety is also about student information and privacy. I would encourage them to be transparent about safety records, like the use of data information, and not just physical safety. Help parents feel good about the information,” said Kowalski.
Information collected in transportation, such as school bus GPS and telematics data, generally isn’t covered under FERPA student privacy laws. Most cloud-based solutions for school buses offer GPS, routing software and real-time tools to track road safety and vehicle maintenance. Other suppliers, like Seon, offer Web-based, on-board video tracking. Additionally, transporters are building less invasive tools without using personal information about a specific individual.
“Cloud services are convenient and easy to access, and eliminate the expense of server purchases and complexity of computing requirements,” said Jetha, Seon’s marketing communications manager. “Privacy is always a concern when it comes to cloud-based services, but all three of (Seon’s routing, tracking and video management) applications feature unique logins and passwords, and customizable user permissions to prevent unauthorized access.”
Partnerships are bringing integrated systems to operate school buses from the cloud. Last year, Blue Bird and Synovia Solutions paired up to deliver Blue Bird Connect, a cloud-based GPS fleet management system offered as an OEM option.
Thomas Built Buses and Zonar Systems began production in June on factory-installed telematics for the Saf-T-Liner C2, as standard equipment. The Zonar platform has the ability to send and receive data from the engine, as well as provide insight on overall vehicle performance and driver behavior. This kind of data is not covered under FERPA, and it has addressed compliance with any information used for student ridership. Andrew Johnson, Zonar vice president of marketing and sales, said ZPass is FERPA-compliant.
“The ZPass student ridership platform captures the student identification number, date, time and location of each RFID card scan,” he said, adding that data is stored securely and shared only with the school district, contractors or parents. “We do not store personal student data such as social security numbers or home addresses.”
Other cloud-based providers offer hosting with iron-clad protection at compliant data centers. Blue Bird and Synovia announced the first factory telematics solution last fall, Blue Bird Connect, for the Vision and All-American models. It captures all data in a proprietary format that is “impossible to reverse engineer.” Additionally, no student data is used, but instead school districts correlate a number to a particular student. Backups provide extra data protection.
Meanwhile, John Lavazzo, vice president of operations at Tyler Technology, said protection of the client’s data is paramount and is always addressed contractually. The company offers SaaS-model Versatrans to the industry.
“That is a given, and any client considering a cloud-based solution should inquire of their prospective vendors data center capabilities, certifications, processes, procedures, contractual protections and history,” he added. “This goes even beyond the technical elements of security, such as encryption and should include processes and procedures around physical access to the hosting facility.”