Student Privacy: Questions for Parents

What student privacy protection questions should parents (and interested community members) be asking of school officials? The Fordham Law Study (on cloud computing in K-12 public schools) and pending legislation in NYS provide a wake up call for parents and prompt the following observations and questions:

Questions for Parents to Pose to School Districts About Student Privacy and Parental Rights

• Which school official(s) is highly knowledgeable about the contracts entered into by the school district (with third-party vendors) that pertain to the sharing of private student data? Many (possibly most) school officials have no employees who are knowledgeable about the contracts.
•  Do the contractual provisions protect students and respect parental oversight rights? Two bills introduced in the NYS Assembly last year  (A07872A & A06059A) contain language to the effect that a form should be made available to allow parents (or eligible students 18 yrs. or older) to opt-out of the disclosure of personally identifiable student information and biometric records to a third party [unless such release is permissible under current law without permission]. Among other provisions: 1. student data must be under the direct control of the school district 2. security audits must be conducted annually by third-party vendors and the results must released to boards of education along with remediation plans 3. security breaches must be reported to school districts and the costs associated with security breaches must be paid by the third-party vendor 4. Finally,"The Department and District Boards of Education shall publicly and conspicuously disclose on their website and through annual electronic notification...the existence and character of any personally identifiable information from education records that they, directly or through contracts with outside parties, maintain. 5. Are there explicit prohibitions on the nonacademic use of student data that is being outsourced?

• Is the school district transparent about student privacy protection and documents related to such? According to the Fordham Study, most school districts are opaque on the topic of student privacy, student data outsourcing, and the provisions of their contracts with outside vendors. 

• What information has been outsourced on my child and us (the parents)? How do we see this data to verify accuracy and examine the scope of the data collection? Parents, for the most part, are being left out of the data collection and sharing practices of school districts.

• Does the school district negotiate contract provisions (with third-party vendors) such that parental consent rights and student privacy rights are protected? Most school districts sign boilerplate contracts with vendors instead of negotiating contracts that protect student privacy and parental consent rights. For instance, do the contracts contain provisions....requiring parental consent for the sharing of their child's private data? permit parents to view the information about their child that is in the possession of third-party vendors?  require/permit the auditing of the vendor by the school district to ensure the student data is being used properly and deleted when appropriate? prohibit the re-selling or release of private student data to other vendors? 

• Is student privacy protection a high priority for school officials? The Fordham Study reveals that private student data is not well-protected by school districts.