State Boards of Ed. Can Help Shape Student Data Privacy Rules, Group Says
State boards of education can play a number of significant roles in protecting student data privacy, from direct oversight to public communications to federal advocacy, according to a new report from their national membership group.
In fact, state boards are already "major players" on the issue: In three-dozen states, the state board has "at least some authority over education data privacy," according to the report, titled "Policymaking on Education Data Privacy: Lessons Learned."
Issued by the National Association of State Boards of Education, the document is based on the group's work providing technical assistance, convening meetings, and publishing analyses on what has become a hot-button issue in K-12 education over the past three years. Since 2013, 34 states have passed new student-data-privacy-related laws, and a number of federal bills have been introduced in Congress.
Among the major "lessons learned" identified by NASBE:
- State boards of education have a responsibility to ensure the security of state and local student data collection. That can include ensuring compliance with existing laws, policies, and regulations; reshaping policy; raising public awareness; and, in five states, superseding some aspects of state student privacy laws on a case-by-case basis. (One example of that latter role is Oklahoma, where the state board of education intervened when a newly enacted law was interpreted in a way that would have prevented more than half the state's districts from releasing graduation rates.)
- Public communication is key. Here, NASBE echoes an argument long made by proponents of educational data use, that parents just need to know why schools want to collect and share data about their children. (It's an argument that many of the more vocal parent activists on the issue angrily reject as patronizing, by the way.) The NASBE report cites the example of Delaware, where an analysis of statewide data found that many college-ready students were not applying to and enrolling in college, prompting the state to work with the College Board on what ended up being a successful effort to increase college enrollment among these students.
- On a related note, transparency is also key. "State boards of education can take a leading role in advocating for easy-to-understand information that helps parents and others learn how data are being used and protected," according to the report.
- Student-data privacy laws should be updated regularly. According to NASBE, nine states have adopted laws based on Oklahoma's Student DATA Act (which itself was based on model legislation advanced by the conservative American Legislative Exchange Council), and 10 states have adopted laws based on California's Student Online Personal Information Protection Act (developed with heavy input from advocacy groups such as Common Sense Media.) But both laws—as well as other locally developed state statutes—have some gray areas. One example: What, exactly, counts as "targeted advertising?" Because the issues are tricky and constantly evolving, "state boards of education would be wise to use their influence and ability to make new rules to ensure that student privacy laws and regulations are updated so they adequately balance privacy and the use of data in education," NASBE concludes.
- Watch out for unintended consequences. The report includes a laundry list of examples of problems caused by imprecise legislative language and lack of attention to implementation issues, both with state laws (in Florida and Louisiana, for example) and federal proposals. One way to avoid such problems in the future, NASBE concludes? Give "district stakeholders," including classroom teachers, chief technology officers, and superintendents, ample opportunity to "weigh in on how bills would affect educational work"—before the bills are passed.
- Don't forget training. Most data breaches are the result of human error, NASBE contends, but few bills and laws mention (let alone provide funds for) training for the K-12 staffers who will be handling student data.
NASBE's director of data and technology Amelia Vance, who authored the report, will be unveiling it at the group's annual legislative conference in Washington, D.C. Tuesday. Afterwards, I'll be moderating a panel discussion on the issues with Vance, Paige Kowalski of the Data Quality Campaign, and Elana Zeide, a privacy research fellow at New York University's Information Law Institute.