Education technology is a necessary tool in today’s 21st century classrooms. With that necessity, SIIA recognizes the need to protect student information. Today there exists a strong framework of existing Federal, state and local laws and regulations, contracts between schools and service providers, and voluntary commitments from industry that are working in sync to protect student data. SIIA is committed to maintaining strong student privacy protections, and we believe this current framework is working.
There have been a number of proposed changes to current law and SIIA has shared questions and concerns with those proposals, including on the legislation proposed by House Education Committee Chairman John Kline that would reform the student privacy protections in FERPA. SIIA recognizes the need to review policies and practices, but it is imperative to ensure that any updates or additions to current law do not prevent students from having access to increasingly essential educational technologies.
One of our specific reservations concerning some of these proposed bills includes data breach provisions which would conflict with existing state and federal statutes – causing confusion for both schools and school service providers.
After a review of current state data breach laws, SIIA has found that 47 states have existing laws the majority of which govern schools and state agencies in the case of a breach. With laws currently governing breach responsibility and a bevy of activity currently happening at the state and local level on data breach and responsibility, wading into this issue with a new, separate federal standard is unnecessary and burdensome for schools.
In addition to data breach, SIIA has identified a number of other items in proposed legislation that would have the effect of stifling student and school use of technology, including:
- overly broad definitions of ed record and personally identifiable information that could sweep in information that is not intended for human access and that is not necessarily personally identifiable
- unnecessary restrictions on the educational uses of student information that could create barriers to educators, students and families identifying educational opportunities and on service providers in improving their products (including through legitimate research)
- required insertion of comments into education records, including those not formatted for such purposes or intended to be accessed by individuals.
Other proposed provisions that would create difficulties for educational technology service providers include:
- problematic requirement of identification of a service provider’s individual subcontractors
- security standards that require an impossible to meet guarantee of the security of data
SIIA will continue to work with the legislators on student data privacy to ensure that students continue to have access to the education technologies necessary to compete in today’s classrooms and workplaces.