10 Privacy Principles for Student Data

Education groups are working together to increase transparency around how they use and protect valuable student data.

On Tuesday, March 10, the Consortium for School Networking (CoSN) and the Data Quality Campaign released 10 privacy principles that earned the support of more than 30 education groups representing education leaders, teachers and parents. These principles provide high-level guidance on protecting student data privacy in schools and show that the education community is serious about privacy.

"There's lots of work still to be done in making those principles reality, but I think just being able to articulate this hopefully starts a new conversation on trust," said Keith Krueger, CEO of CoSN.

In a time when privacy problems make headlines every day, it was time to start building trust and consensus around how schools use data, Krueger said. In the fall, CoSN and the Data Quality Campaign came up with these principles at a closed-door summit and fine-tuned the language over the last number of months.

After the summit, these two groups encouraged the ed tech industry to come up with their own privacy document. In October 2014, the Future of Privacy Forum and the Software & Information Industry Association announced their privacy pledge, which is legally binding, unlike the principles that the education groups created.  

These principles "send the message that everyone who uses student data who signed on to these principles or has integrated them into their work is really committed to using the resources that we have to serve students and to work on their behalf," said Rachel Anderson, senior associate for policy and advocacy at the Data Quality Campaign.

The 10 student data principles are: 

1. Student data should be used to further and support student learning and success.
    
2. Student data are most powerful when used for continuous improvement and personalizing student learning.
    
3. Student data should be used as a tool for informing, engaging and empowering students, families, teachers and school system leaders.
    
4. Students, families and educators should have timely access to information collected about the student.
    
5. Student data should be used to inform and not replace the professional judgment of educators.
    
6. Students’ personal information should only be shared, under terms or agreement, with service providers for legitimate educational purposes; otherwise the consent to share must be given by a parent, guardian or a student, if that student is over 18. School systems should have policies for overseeing this process, which include support and guidance for teachers.
    
7. Educational institutions, and their contracted service providers with access to student data, including researchers, should have clear, publicly available rules and guidelines for how they collect, use, safeguard and destroy those data.
    
8. Educators and their contracted service providers should only have access to the minimum student data required to support student success.
    
9. Everyone who has access to students’ personal information should be trained and know how to effectively and ethically use, protect and secure it.
    
10. Any educational institution with the authority to collect and maintain student personal information should:
    
    
    • have a system of governance that designates rules, procedures and the individual or group responsible for decision-making regarding data collection, use, access, sharing and security, and use of online educational programs;
    
    
    • have a policy for notification of any misuse or breach of information and available remedies;
    
    
    • maintain a security process that follows widely accepted industry best practices; and
    
    
    • provide a designated place or contact where students and families can go to learn of their rights and have their questions about student data collection, use and security answered.

When CoSN and the Data Quality Campaign first came up with these principles, they weren't sure if education groups would agree with them or be willing to put their names on them. But they were pleasantly surprised: 30 other organizations shared the same beliefs about why schools collect data and how it can be used in education while protecting student privacy. That's a big breakthrough, Krueger said.

Here's the list of supporters:

1. Alliance for Excellent Education
2. AASA: The School Superintendents Association
3. American Association of Colleges for Teacher Education (AACTE)
4. American Association of School Librarians (AASL)
5. Association of School Business Officials International (ASBO)
6. Consortium for School Networking (CoSN)
7. Council for the Accreditation of Educator Preparation (CAEP)
8. Council of Chief State School Officers (CCSSO)
9. Data Quality Campaign (DQC)
10. Digital Promise
11. Education Trust
12. Educators 4 Excellence
13. Foundation for Excellence in Education
14. Institute for Higher Education Policy (IHEP)
15. International Association for K12 Online Learning (iNACOL)
16. International Society for Technology in Education (ISTE)
17. National Association of Secondary School Principals (NASSP)
18. National Association of State Boards of Education (NASBE)
19. National Association of State Directors of Teacher Education and Certification (NASDTEC)
20. National Center for Learning Disabilities (NCLD)
21. National Council on Teacher Quality (NCTQ)
22. National Education Association (NEA)
23. National Parent Teacher Association (PTA)
24. National School Boards Association (NSBA)
25. PDK International
26. SIF Association
27. Stand for Children
28. State Education Technology Directors Association (SETDA)
29. State Higher Education Executive Officers Association (SHEEO)
30. StriveTogether
31. StudentsFirst
32. Thomas B. Fordham Institute

"I hope very soon whenever you walk into a principal's office or into a school, you'll start to see these 10 principles posted," Krueger said.