The document discusses the rewards and risks schools face when adopting cloud-based data storage and analytics solutions. It notes that while these technologies can provide educational benefits, they also carry significant legal and privacy risks if student data is not properly protected. Schools must comply with various federal and state student privacy laws like FERPA, COPPA, and California-specific regulations. Selecting technology providers that can meet the requirements of these laws is important. Overall, the landscape of education technology and data privacy is complex, so schools should work with legal experts to help navigate these issues.
2. Some important questions to ask when selecting a cloud service provider:
•
Will parents be able to review and potentially delete portions of a student’s education data record if they so
request?
•
What are the cloud service provider’s data retention and deletion policies?
•
Does the cloud service provider disclose information to third parties?
•
Does the cloud service provider plan to release any anonymized data to third parties?
•
How will the cloud service provider implement data security protections for the education data records?
What
About
COPPA?
The Children’s Online Privacy Protection Act (COPPA) restricts the online collection of personally identifiable
information of any child aged 12 or younger without parental consent. Websites that aim their services towards
children must adopt some mechanism of obtaining parental consent before they begin data collection and must
permit parents to access and delete data records regarding their children.
COPPA generally does not effect educational institutions directly, as very few build and maintain their own websites
or mobile applications. As the line between big data and education further blurs, schools should be aware of COPPA
and its implications. It is quite possible that schools themselves may be drawn to develop their own proprietary data
technologies – a move that would directly implicate COPPA.
Compliance in California: Even More Legal Risks
California has led the way in passing a variety of data privacy laws, including state-specific additions to the FERPA
requirements, as well as robust regulations governing the collection of data online. Any educational institutions
located in California must also be aware of these regulations before drafting and implementing a student data
privacy policy.
The California Attorney General’s Office maintains a website summarizing the major aspects of these privacy laws:
http://oag.ca.gov/privacy/privacy-laws.
Conclusion
The regulatory landscape regarding data privacy can be overwhelming for institutions handling sensitive student
information. As districts continue to embrace new data-driven technologies, they must develop plans to assess and
maintain compliance with both federal and state rules. A data privacy attorney can help a school district makes sense
of the requirements imposed by the web of data laws, allowing districts to mitigate legal risks while reaping the
rewards of exciting new technologies.
For
more
informa-on
on
how
your
school
district
can
manage
data
privacy,
contact
an
aIorney
at
Gagnier
Margossian
LLP.
3. References
Jim Finkle and Mark Hosenball, Exclusive: More Well-Known U.S. Retailers Victims of Cyber Attacks, REUTERS (January 12,
2014), available at http://www.reuters.com/article/2014/01/12/us-target-databreach-retailersidUSBREA0B01720140112.
Keith R. Krueger, Data Privacy: What School Leaders Should Know, ESCHOOLNEWS (January 6, 2014), available at
http://www.eschoolnews.com/2014/01/06/data-privacy-cosn-119/ (study citation omitted).
See generally 20 U.S.C. § 1232g; 34 C.F.R. 99.
See generally 15 U.S.C. §§ 6501–6506.
See, e.g., CAL. EDUC. CODE § 49069, et seq. (specifying a parent’s right to inspect, review and challenge the content of a
student’s records maintained at a school district); Id. § 49073 et seq. (specifying requirements for school districts
pertaining to student directory information and exceptions to parental consent requirements).
See, e.g., California Online Privacy Protection Act of 2003, CAL. BUS. & PROF. CODE §§ 22575-22579.
Internet
Intellectual Property
Privacy
Social Media
Technology
The Good Stuff
#nerdlawyers
Los Angeles
Sacramento
T: 415.766.4591
F: 909.972.1639
E: consult@gamallp.com
gamallp.com
@gamallp
San Francisco