As you’ve probably seen, the Education Week team has been covering data-privacy issues heavily here on the Digital Education blog, over on Marketplace K-12, and on the State Ed Watch blog.
One area of intense interest to many people paying attention to this issue is the Family Educational Rights and Privacy Act, enacted in 1974 to help protect children’s educational records from unwarranted disclosure.
Some privacy advocates, including Khaliah Barnes, a lawyer for the Washington-based nonprofit Electronic Privacy Information Center, argue that FERPA is too outdated and weak to protect children’s information in this era of big data and ubiquitous digital devices and tools. A big part of the problem, Barnes and others contend, is that the U.S. Department of Education actually weakened the law with regulatory changes made over the past several years.
“Once [the department] said private companies can access students’ information and education records for the same purposes schools would access them for—once [those companies] were made ‘school officials'—that opened the door for these private companies to access student data and do whatever they want to do,” Barnes said during an interview for this week’s story on the privacy policies of three big ed-tech vendors.
Barnes also described the recent guidance issued by the department to help schools interpret and apply FERPA as “too little, too late.”
It’s important to note that EPIC has a long-standing beef with the department over this issue, including a 2012 lawsuit that was ultimately dismissed when a federal judge ruled the organization lacked the standing to file its complaint.
But EPIC is far from alone in its beliefs, so when my colleague Michele McNeil from Politics K-12 sat down with U.S. Education Secretary Arne Duncan last week, she asked him whether the department is doing enough to protect students’ privacy now, especially given that many believe the department helped open the floodgates to the current problems and questions.
Here’s the Secretary’s response:
“I’m happy to take any great ideas people have. Obviously, technology is changing much faster than any rules. We created a new Chief Privacy Officer. We’ve put out guidance recently, and where it needs to be strengthened going forward -- and not just us, but everybody, states, districts, schools, myself as a parent trying to figure it out everyday with my kids. This is not one that you’re going to issue some guidance and that’s the Bill of Rights for the next 100 years. And so where people have good thoughts or good ideas, we have no pride of authorship. We have no ego. We just want to do the best we can.”