Our team at Rethink Education sees the everyday struggle of startups working to create tools and platforms with the goal of reducing the stresses and time commitments of teachers, students, administrators, and even parents.These entrepreneurs operate within a politically ambiguous world of student data: they know this information is sensitive. But for a software service, there is a minimum requirement of user information needed for basic application. And the more complex a vendor’s data intake, the more options they are given to fine-tune their product to best fit the customer need.
In the spirit of building this community around student data privacy and the sometimes amorphic laws governing their usage, we co-hosted a two-day boot camp on February 17-18 with the Future of Privacy Forum at the 1776 workspace in Washington, DC. This event brought some of the leading thinkers and practitioners from the world of K-12 student data together with the entrepreneurs building the tools that shepherd such data through third party platforms.
Nearly 50 companies fought through six inches of snow to come to the workshop. The demand for a conversation around student data regulations was palpable: the startups navigating these complex legal barriers want to be part of the solution. Entrepreneurs want to be trained on how best to work with teachers and parents to provide solutions that further educational outcomes while mitigating fears of less transparent data ingestion.
Workshops featured leading voices from the legal world, the policy world, and the education world, including Jules Polonetsky of the Future of Privacy Forum and Terrell McSweeny, Commissioner of the Federal Trade Commission.
There are several resources for startups looking to write clear privacy policies, starting with the Federal Trade Commission’s FIPPs guidelines (or Fair Information Practice Principles). But don’t stop with federal legislation, entrepreneurs: you should also check state law around data protection, as states will often try to fill in perceived gaps in such protection with unique regulations.
And don’t forget about the Family Educational Rights and Privacy Act, or FERPA. Schools MUST ensure that all contracted vendors are FERPA compliant, and companies MUST ensure that all consultants and outside help are FERPA compliant. (Check out ferpasherpa.org as a resource for all things FERPA compliance.)
While much of the goal of this boot camp was to illuminate, it is clear that the topic of student data privacy still is not black and white. Much of the discussion revolved around navigating the multiple agencies, laws, statutes, and vagaries of the language therein. All participants--speakers, sponsors, and “students” alike--will play a role in the continuing progression of data policy and implementation.
We challenge entrepreneurs to place data security within the product development stage, to make this a priority within the very core of their offering. The usage of student data is not a layer to be added on top of an existing product; it should be built into the design.