California Attorney General Advises Companies on Student-Data Privacy
The office of the California state attorney general released a new report yesterday aimed at encouraging education technology companies to better protect student privacy.
"Technology in the classroom can unlock countless new opportunities to educate students for the workforce of tomorrow," said Attorney General Kamala D. Harris, a Democrat who is currently running for the U.S. Senate.
"At the same time, we must protect our children's privacy as they learn," Harris's statement reads. The recommendations outlined in this report will help companies whose products enter the physical or virtual classroom protect students' personal information and ensure that its use is only for educational purposes."
The report, titled Ready for School: Recommendations for the Ed Tech Industry to Protect the Privacy of Student Data, does not lay out any new regulations, mandates, or legal requirements. Instead, it's meant to "encourage companies whose ed-tech products enter the physical or virtual classroom to model the good digital citizenship that our students are being taught by protecting their personal information and using it only for school purposes."
At issue are the vast amounts of sensitive student information now gathered via the devices, platforms, services, software, and apps that have turned K-12 ed tech into a more than $8 billion annual market.
The new report comes in response to concern that such collection includes "medical histories, social and emotional assessments, child welfare or juvenile justice system involvement, progress reports, and test results" as well as "metadata like a student's location and the type of device being used."
The recommendations focus on the following themes:
- Efforts to minimize the amount of data that companies collect and retain. "Your default retention period for 'covered information' should not be indefinite," the report advises companies.
- A focus on educational uses of data. That means that companies should not be using student information for targeted advertising or "to create profiles of students, except profiles that are necessary" for educational purposes.
- Data disclosure: Companies should not sell student information, the report advises, and they should use the power of contracts to ensure third parties are also being responsible with student data.
- User rights: Companies should allow parents and students to review and access their own information, the report recommends.
- Security: In addition to employing "reasonable security measures," companies should have a good process for notifying parents and the public in the event of a breach and should provide training on such policies to staff, the report says.
Since passing in 2014 the widely emulated Student Online Personal Information Protection Act, often known as SOPIPA, California has been regarded as a leader on the issue of student data privacy.
- 'Landmark' Student-Data-Privacy Law Enacted in California
- Education Week Special Report on Student Data Privacy