The rapidly-evolving web-based services that have enabled school districts to streamline record keeping and make timely, data-driven decisions are also creating big challenges for safeguarding student information and preventing unauthorized use by third-party providers, a new report says.
“Cloud computing” services have helped school districts store and manage vast amounts of information, says the study released Friday by the Center on Law and Information Policy at Fordham Law School. But “we’re worried about the implications for students over time, how their information can be used or misused,” Joel R. Reidenberg, a Fordham law professor and the report’s lead author, told The New York Times.
The issue also concerns National School Boards Association’s (NSBA) Council of School Attorneys (COSA), which earlier this year set up a Cloud Computing and Student Privacy Working Group that plans to issue two resources in the coming months: the first a comprehensive legal primer for school attorneys, and the second an issue-spotting guide for school board members. Both publications aim to raise operational awareness for policy makers. COSA Director Sonja H. Trainor participated in a forum on the issue at Harvard University’s Berkman Center for Internet & Society in November and was among about 20 education, industry, and data experts asked to discuss the report’s recommendations at Microsoft’s Washington, D.C., offices.
The report, Privacy and Cloud Computing in Public Schools, notes that many school districts employ cloud-based services, but cautions that policies and contracts are not transparent to the public, and appear to lack some important privacy protections. It is based on information provided by 20 school districts.
The report estimated that 95 percent of the reporting school districts “rely on cloud services for a diverse range of functions, including data mining related to student performance, support for classroom activities, student guidance, data hosting, as well as special services such as cafeteria payments and transportation planning.” Yet the report estimated that 20 percent of the reporting districts do not have policies governing the use of online services, and many districts have significant gaps in their contract documentation no student privacy provisions.
Only 25 percent of the responding districts inform parents that they are using cloud services to store information, the report said. “Fewer than 7 percent of the contracts restrict the sale or marketing of student information by vendors,” the report said, “and many agreements allow the vendors to change the terms without notice.”
In an interview with School Board News Today, N. Cameron Russell, the Fordham Law Center’s Executive Director and a member of the research team, said the report is based on contracts and other documents received from the 20 school districts studied, which vary in size and are located throughout the country. He emphasized that the practices concerning safeguarding of information often go beyond the language in the contracts — something the Software and Information Industry Association emphasized in commenting on the study.
Still, the report’s authors expressed concern over the lack of specific language in many vendor contracts regarding such issues as maintaining the privacy of student data and preventing its commercial use.
Rapidly evolving web-based technologies such as cloud computing offer the potential for significant advances in individualized instruction and assessment – and many school districts are on the cutting edge of these innovations, said NSBA General Counsel Francisco M. Negrón Jr.
“Schools want to help students succeed, and web-based technology is helping them do this in innovative and creative ways,” Negrón said. “At the same time, it is important to inform and engage parents and communities about these developments and ensure vendor contracts protect student privacy and address restrictions on third-party use of data.”
The report concluded with several recommendations for school districts. Among them are putting “the existence and identity of cloud service providers and the privacy protections for student data’ on district websites and “establishing policies and implementation plans for the adoption of cloud services by teachers and staff,” including in-service training and an easy mechanism for teachers to adopt and propose technologies for instructional use.