Bill Would Safeguard Students' Data from Cloud-Computing Providers

Join Common Sense in calling for legislation that would require stronger privacy protections in contracts between schools and cloud-computing providers. By Jim Steyer
Bill Would Safeguard Students' Data from Cloud-Computing Providers
I wanted to share the letter I sent to California Governor Jerry Brown's office this week in regards to important legislation (AB 1584) that would help safeguard the privacy and security of schoolchildren's personal and academic data when schools contract with outside companies for digital educational software and record management services. California schools are increasingly integrating computers, laptops, and tablets in the classroom, and relying on could services for a variety of academic and administrative functions. These cloud services are collecting massive amounts of sensitive data about students and their personal information is at risk. This important bill would require stronger privacy protections in contracts between schools and cloud-computing companies and help safeguard students' personal and academic data.
 
Dear Governor Brown:
 
We respectfully urge you to sign Assembly Bill 1584, introduced by Assembly Member Buchanan and passed unanimously by both the Assembly and the Senate.  This bill would help safeguard the privacy and security of schoolchildren’s personal and academic data when schools contract with outside companies for digital educational software and record management services.
 
California schools are increasingly integrating computers, laptops, and tablets in the classroom, and relying on cloud computing services for a variety of academic and administrative functions.  This technology, used wisely, has the vast potential to enhance and personalize student learning and to improve school efficiency.  To realize this potential, we must ensure that students’ personal information is protected.  Through cloud computing, digital courseware, online platforms, and other applications, education technology providers collect massive amounts of sensitive data about students – including contact information, performance records, online searches and schoolwork, health information, behavior and disciplinary records, eligibility for free or reduced-price lunch – even cafeteria selections and whether or not students ride the bus to school.  This personal student information is at risk. 
 
A recent study by Fordham Law School’s Center on Law and Information Policy found that the majority of school district cloud service agreements have serious deficiencies in the protection of student information, “generally do not provide for data security and even allow vendors with alarming frequency to retain student information in perpetuity.”[1]  Some online services have collected and analyzed personal details about students without clear limits on use of the student data for educational purposes.[2]  Other online services have failed to adequately secure students’ personal information from potential misuse.[3]
 
Students shouldn’t have to surrender their right to privacy and security at the schoolhouse door.  We need clear rules of the road to ensure that schoolchildren’s information is not exploited for commercial purposes and stays out of the wrong hands.
 
To this end, AB 1584 would require specified privacy and security provisions when K-12 educational institutions contract with third-party cloud service and educational software providers that access, store, and use student records.  Significantly, the contracts would provide that these companies:
  • Don’t use student information for any purposes other than those required or specifically permitted by the contract;
  • Don’t use students’ personally identifiable information for targeted advertising;
  • Take steps to ensure the security and confidentiality of the student records; and
  • Don’t retain or access student records after completion of the contract.
In addition, AB 1584 would require the vendor contracts to set forth provisions regarding school ownership and control of the student records, parental review and correction, breach notification, and federal regulatory compliance.
 
We note that Senate Bill 1177, the Student Online Personal Information Protection Act (SOPIPA) introduced by Senate President pro Tempore Darrell Steinberg, likewise passed unanimously by both Chambers, would provide complementary protections.  SB 1177 would prohibit K-12 websites, online services, and mobile applications from using students’ personal information for targeted advertising or for commercial profiling; prohibit these online companies from selling student information and from disclosing it (except as provided); and require them to implement reasonable security for students’ personal information and to delete that information upon the school’s request.  SOPIPA would apply whether or not a contract exists.
 
Simply put, the school zone should be a privacy zone, a safe and trusted environment where our kids can learn and explore, where educators can harness technology to enrich their learning, and where their sensitive information is safe and secure.
 
We strongly urge you to sign AB 1584, along with the complementary SB 1177.  With these measures, California would lead the nation in establishing a landmark framework for student privacy, with guidelines for schools and industry providers that protect students while permitting innovation in education and technology.
 
Respectfully submitted,
James P. Steyer
Founder and CEO
Common Sense Media
 

[1] Press Release, Fordham Law National Study Finds Public School Use of Cloud Computing Services Causes Data Privacy Problems (Dec. 13, 2013), http://law.fordham.edu/32158.htm; Natasha Singer, Schools Use Web Tools, and Data is Seen at Risk, New York Times (Dec. 12, 2013).
[2] E.g., Stephanie Simon, Data Mining Your Children, Politico (May 15, 2014), http://www.politico.com/story/2014/05/data-mining-your-children-106676.html; Benjamin Herold, Google Under Fire for Data-Mining Student Email Messages, Education Week (Mar. 13, 2014), http://www.edweek.org/ew/articles/2014/03/13/26google.h33.html?cmp=ENL-EU-NEWS2.   (In April, Google stated that it will stop using student data from its Apps for Education for advertising purposes.)
[3] Natasha Singer, Data Security Is A Classroom Worry, Too, New York Times (June 22, 2013).

 

About Jim Steyer

Image of blog author
Jim is Common Sense Media's CEO and founder -- read all about him here. Read more

Add comment

Sign in or sign up to share your thoughts

PubExchange

Common Sense Media is working with PubExchange to share content from a select group of publishers. These are not ads. We receive no payment, and our editors have vetted each partner and hand-select articles we think you'll like. By clicking and leaving this site, you may view additional content that has not been approved by our editors.