Balancing Teacher Creativity in the Classroom & Student Privacy after AB Anthony M. Ramos, Esq. General Counsel Ventura Unified School District

Transcription

1 Balancing Teacher Creativity in the Classroom & tudent Privacy after AB 1584 Anthony M. Ramos, Esq. General Counsel Ventura Unified chool District

2 Teacher Creativity vs. tudent Privacy PB News Hour tudent Privacy Clip

3 Teacher Creativity vs. tudent Privacy Privacy isn t new 1974 FERPA Family Educational Rights and Privacy Act 1978 PPRA Protection of Pupil Rights Act 2000 COPPA Children s Online Privacy and Protection Act 2000 CIPA Children s Internet Protection Act (E-Rate) Acceptable Use Policies Responsible Use Policies

4 Teacher Creativity vs. tudent Privacy More recently in eptember 2014 enate Bill 1177 tudent Online Personal Information Protection Act or OPIPA (January 1, 2016) Assembly Bill 1442 Pupil Records and ocial Media (January 1, 2015) Assembly Bill 1584 Contract Requirements with Technology Providers (January 1, 2015)

5 Teacher Creativity vs. tudent Privacy A perfect storm for legislation Plethora of new devices 1:1, BYOD, Chromebooks, ipads Technology outpacing existing laws Need for FERPA revisions Increased collection of student data Frequent security breaches i.e., Target, ony & Anthem Raised public awareness and concerns

6 AB 1584 Contract Requirements with Technology Providers AB 1584 specifies what LEAs must include in contracts with third-party vendors that: provide services, including cloud-based services, for the digital storage, management, and retrieval of pupil records provide digital educational software that authorizes a thirdparty provider of digital educational software to access, store, and use pupil records

7 AB 1584 Contract Requirements with Technology Providers AB 1584 Pupil Records vs. FERPA Education Records Pupil records are: Any information directly related to a pupil that is maintained by the LEA; and Any information acquired directly from the pupil through the use of instructional software or applications assigned to the pupil by a teacher or other LEA employee. Education records are those records that are: Directly related to a student; and Maintained by an educational agency or institution or by a party acting for the agency or institution.

8 AB 1584 Contract Requirements with Technology Providers Contracts are not limited to the big, obvious contracts: CAMA, I, A, A2A, etc. Every EULA (End User Licensing Agreement) is a contract and must be considered. Apps chosen by teachers must be vetted ome vendors are willing to listen (ex. Read Naturally Live, Naviance, Academic Innovations)

9 AB 1584 Contract Requirements with Technology Providers Therefore, all contracts entered into or effective on or after January 1, 2015 must include the terms enumerated below: Establish that the local educational agency owns and controls student records. Describe how students can keep control of content created for school, along with a way to transfer content to a personal account later. Prohibit third parties from using student information for purposes outside of those named in the contract. Describe how parents, legal guardians, or students can review and correct personally identifiable information contained in their records. Outline actions that third parties will take to make sure that student data is secure and confidential.

10 AB 1584 Contract Requirements with Technology Providers Continued Describe procedures for notifying affected parents, legal guardians, or eligible students when there is an unauthorized disclosure of student records. Certify that student records will not be retained or available to the third party once the contract is over and how that will be enforced. Describe how local educational agencies and third parties will comply with FERPA. Prohibit third parties from using personally identifiable information from student records to target advertising to students.

11 AB 1584 Contract Requirements with Technology Providers chool districts should be cautious that out-of-state technology providers may not be familiar with these requirements. The penalty for noncompliance with AB 1584 is that contracts will be voided if following the provision of notice of deficiency they do not comply after a reasonable amount of time.

12 AB 1442 tudent Information and ocial Media AB 1442 requires local educational agencies that consider a program to gather or maintain in its records any pupil information obtained from social media to first notify pupils and their parents or guardians about the proposed program, and to provide an opportunity for public comment at a regularly scheduled public meeting before the adoption of the program. Any local educational agency that adopts a program pursuant to this provision must: Gather and maintain only information that pertains directly to school safety or to student safety Provide a student with access to any information about the student obtained from social media Destroy the information gathered from social media and maintained in its records after a certain period

13 AB 1442 tudent Information and ocial Media Continued If a local educational agency contracts with a third party to gather information from social media on a student, AB 1442: (1) prohibits the third party from using the information for purposes other than to satisfy the terms of the contract; (2) prohibits the third party from selling or sharing the information with outside persons or entities; and (3) provides additional restrictions on the destruction of the information by the third party.

14 B 1177 OPIPA tudent Online Personal Information Protection Act B 1177, the tudent Online Personal Information Protection Act ( OPIPA ), takes effect on January 1, OPIPA sets forth privacy laws for operators of websites, online services, and applications that are marketed and used for K-12 school purposes, even if those operators do not contract with educational agencies. While primary responsibility for compliance with OPIPA lies with website operators, school districts should proceed with reasonable due diligence when evaluating technology providers, especially providers based out-of-state, to ensure that their policies and procedures comply with OPIPA.

15 B 1177 OPIPA tudent Online Personal Information Protection Act OPIPA adds to the K-12 student privacy scheme the following requirements: 1. Operators cannot target advertising on their website or any other website using information acquired from students. 2. Operators cannot create a profile for a student, except for school purposes. 3. Operators cannot sell a student's information. 4. Operators cannot disclose student information, unless for legal, regulatory, judicial, safety, or operational improvement reasons.

16 B 1177 OPIPA tudent Online Personal Information Protection Act Continued 5. Operators must protect student information through reasonable security procedures and practices. 6. Operators must delete school- or district-controlled student information when requested by schools or districts. 7. Operators must disclose student information: when required by law; for legitimate research purposes; and for school purposes to educational agencies.

17 Teacher Creativity vs. tudent Privacy Recommendations Designate a responsible department/person Maintain awareness of other relevant federal and state laws Be aware of which online educational services are currently being used in your district Have policies and procedures to evaluate and approve proposed online educational services oftware Evaluation Rubric

18 Teacher Creativity vs. tudent Privacy Continued Use a written contract or legal agreement standard contract terms as well as AB 1584 requirements Be aware of Click-Wrap agreements or EULAs Be transparent with parents and students Board Policies, Administrative Regulations and Annual Notice Raise awareness with all staff

19 Teacher Creativity vs. tudent Privacy References Privacy Technical Assistance Center, PTAC-FAQ, February Online-Educational-ervices-February-2014.pdf Education Week A pecial Report on tudent-date Privacy. Data Quality Campaign tudent Data Privacy Legislation, What Happened in 2015, and What Is Next? Data-Privacy-Legislation-2015.pdf Data Privacy Guidebook. vacy_guidebook.aspx

20 Teacher Creativity vs. tudent Privacy QUETION