NEW YORK -- (BUSINESS WIRE) -- Fordham Law School’s Center on Law and Information Policy (CLIP) today released a report on how school districts address privacy when they transfer student information to cloud computing service providers. The report marks the nation’s first in-depth analysis of this increasingly contentious issue.
The study found that as public schools in the United States rapidly adopt cloud-computing services to fulfill their educational objectives and take advantage of new technologically enabled opportunities, they transfer increasing quantities of student information to third-party providers, without requiring basic privacy protections such as strong data security measures and limitations on commercial data mining. As a result, school districts frequently fall short of federal privacy standards and of community expectations for children’s privacy. The study can be found here: http://law.fordham.edu/k12cloudprivacy.
“School districts throughout the country are embracing the use of cloud computing services for important educational goals, but have not kept pace with appropriate safeguards for the personal data of school children,” said Joel Reidenberg, a professor at Fordham Law School and the founding director of CLIP. Reidenberg points out that vendors who are not generally subject to federal privacy laws have put schools in a precarious position for the stewardship of children’s data through their contract terms. He said, “We believe there are critical actions that school districts and vendors must take to address the serious deficiencies in privacy protection.”
The goals of the study were 1) to provide a national picture of cloud computing in public schools; 2) to assess how public schools address their statutory obligations as well as generally accepted privacy principles in their cloud service agreements; and 3) to make recommendations based on the findings for the protection of student privacy.
Fordham CLIP selected a national sample of school districts including large, medium and small school systems from every geographic region of the country. Using state open public record laws, Fordham CLIP requested from each of the school districts all of the district’s cloud service agreements, notices to parents and computer use policies for teachers and examined whether the districts met privacy obligations under the Family Educational Rights and Privacy Act, the Protection of Pupil Rights Amendment, and the Children’s Online Privacy Protection Act, as well as basic fair information practices.
The key findings from the analysis are:
Fordham CLIP recommends that school districts and vendors take a series of specific actions to address these problems. For example, among other things, Fordham CLIP recommends 1) that the existence and identity of cloud service providers and the privacy protections should be available on district websites and districts must provide notice to parents of these services and the types of student information that is transferred to third parties; 2) that vendors and districts include explicit contract protections described in the study; and 3) districts adopt policies and implementation plans for the adoption and use of cloud services that involve student data.
The Fordham Center on Law and Information Policy (CLIP) was founded to make significant contributions to the development of law and policy for the information economy and to teach the next generation of leaders. CLIP brings together scholars, the bar, the business community, technology experts, the policy community, students, and the public to address and assess policies and solutions for cutting-edge issues that affect the evolution of the information economy.
This project was supported by a gift from Microsoft.