Skip to Content

Press Releases

Committee Discusses Efforts to Safeguard Student Privacy and Data

Today, the Committee on Education and the Workforce, chaired by Rep. Virginia Foxx (R-NC), held a hearing to discuss student privacy and the importance of protecting students’ personally identifiable information (PII) and data.
Today, the Committee on Education and the Workforce, chaired by Rep. Virginia Foxx (R-NC), held a hearing to discuss student privacy and the importance of protecting students’ personally identifiable information (PII) and data.

“Over the past several decades, there has been a significant leap in the ways that technology can be used to strengthen classroom instruction and improve student outcomes. Companies specializing in education technology have provided teachers, school districts, and states with the cutting-edge software and tools needed to create a modern learning environment that inspires student success,” Chairwoman Foxx said in her opening statement. 

“Numerous surveys indicate overwhelmingly parental support for the proposition that ed tech can and has improved how their child learns,” said Ms. Amelia Vance, Director of Education Privacy at the Future of Privacy Forum. “When properly used and implemented, technology and data in education can close learning gaps in the classroom and be a powerful tool in fulfilling the great promise of high quality education for every student in America.” 

However, Vance also noted, “Ed tech solutions cannot succeed if schools, teachers, and parents believe that technology vendors cannot be trusted to protect that information or are motivated by monetizing student data.”

Many in the education community have voiced concerns that students’ personally identifiable information, such as attendance records and school performance may be sold or mined for profit, or otherwise fall into the wrong hands. Dr. Gary Lilly, Superintendent of Bristol Tennessee City Schools, echoed this sentiment as he testified about the security of his students’ sensitive data and information.

“What keeps me awake at night is knowing that there are bad actors around the world who are actively working to find, compromise, and sell student data that should be kept private,” Lilly said.

“To register a student, we need his or her basic demographic information, such as their name, address, phone number, gender, and race,” Lilly continued. “But we also have to be able to differentiate one John Smith from another John Smith, either within our own district, or from the district down the road. That means either collecting their social security number or assigning some other unique identifier.”

According to Mr. David Couch, the K-12 CIO and Associate Commissioner of the Kentucky Office of Education Technology, “There were over four billion attempted unauthorized network connections, or attacks, of [Kentucky] K-12 services this past school year. However our biggest vulnerability by far is internal staff, not external criminals.”

Couch went on to say, “[T]he greatest number of data breaches in KY K12, by far, are either accidents, such as posting PII onto a website or sharing a spreadsheet with hidden columns of SSNs, or from lack of savviness of staff who fell for phishing scams like ‘your mailbox is over its limit – hand over your password.’” 

As education technology continues to advance, more must be done to ensure that student data remains safe. A good starting point is updating the Family Educational Rights and Privacy Act (FERPA) to better accommodate the ways in which education and technology work hand in hand.

Dr. Lilly closed his testimony by urging members of the committee, “The Family Educational Rights and Privacy Act also needs to be regularly reviewed and updated to keep up with the pace of technology. Ideally, the federal policy will align with and complement state and local efforts.”

“Times have changed and the law is in need of a more substantial reform to better reflect the current realities of data collection in schools and classrooms,” said Chairwoman Foxx. “We need to clarify what data is a part of the record, we need to ensure access to the information is limited to those who truly need access to the data, and we need to ensure that anyone who accesses that information is known and knows the rules of using that data.”         

To learn more, click here.

 

Stay Connected