With a recent flood of student data privacy laws and providers of technology solutions, public school districts have found themselves scrambling to put compliance measures in place. As an education law attorney and chair of Fagen Friedman & Fulfrost’s eMatters law practice dedicated to education and technology, I know this process can be challenging for school districts. Thankfully, there are resources available to help.
To ensure school districts are meeting their obligations, it is helpful to have some background on the legal guidelines for protecting student data privacy. The Children’s Online Privacy Protection Act, or COPPA, is a comprehensive set of federal laws requiring mechanisms be put in place to protect children’s privacy online. COPPA applies to operators of commercial websites and online services directed to children under the age of 13 that collect, use or disclose personal information from children; operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13; and websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children (collectively referred to as operators).
COPPA requires operators to:
These requirements typically apply to the operator of an online educational site. However, when a school district is the intermediary in providing student access to an online educational site, the consent requirements become the responsibility of the school district. Failure to do so could result in significant legal liability for a school district if a student's privacy is compromised.
In response to the COPPA amendments, school districts are encouraged to post clear and comprehensive online privacy policies. As a best practice, it is recommended by the Federal Trade Commission that school districts provide parents with notice of the websites and online services whose collection of student data the district has consented to on behalf of the parent, and that school districts make the operators direct notices regarding information practices available to parents.
School districts should also be proactive in asking key questions from online operators and sites made available to students, like:
The California Education Code requires school districts to provide a safe school environment, and school districts universally want to protect student privacy. However, keeping up with the state and federal privacy laws may prove challenging for Operators and school districts. I hope these recommendations and resources will guide Operators, school districts and parents to make informed decisions to incorporate technology into the educational process in a way that is both beneficial and safe for our children.