This Week in Student Privacy: 10/7
Interested in getting "This Week in Student Privacy" in your inbox? Sign up here.
This update was compiled by Hannah Offer. Hannah is a senior at the Crossroads School for Arts & Sciences and a research assistant for the Student Privacy Initiative.
California Passes Groundbreaking Student Privacy Bills
Last week, California Governor Jerry Brown signed into law the Student Online Personal Information Protection Act (SOPIPA), “a sweeping measure aimed at restricting the use of students' educational data by third-party vendors.” The bill “prohibits operators of online educational services from selling student data and using such information to target advertising to students or to ‘amass a profile’ on students for a non-educational purpose.” In addition, Governor Brown “signed into law a related bill that would require districts' contracts with vendors to include certain privacy-related provisions.” Darrell Steinberg, sponsor of SOPIPA, released a fact sheet that explains the bill in greater depth. For more information on this story, visit the Center for Democracy & Technology (CDT) or the Center for Digital Government.
Last week, “security researchers disclosed yet another critical code flaw with the capability to negatively impact the Internet.” The bug—known commonly as Shellshock—“could be exploited to compromise millions of servers and other devices worldwide,” according to MIT, and “allows an attacker much more power” than the Heartbleed bug. Shellshock has “the potential to pose a unique set of difficulties for schools,” as many schools and have recently “abandoned running their own servers in favor of adopting cloud-based tools,” some of which run on UNIX frameworks.
- Last week, EdSurge published “6 Questions Districts Should Ask Companies to Protect Student Data,” which provides background on the Children’s Online Privacy Protection Act (COPPA) and encourages “districts … [to] be proactive in asking key questions from online operators and sites made available to students.”
- CITEworld reports on Marist College’s efforts to increase graduation rates by using an “open source academic ‘early alert’ system created last year.” The system “collects and mines data from a number of sources, including student aptitude data, learning management system event-log data and digital gradebook data.” As far as student privacy is concerned, Marist Vice President and CIO Bill Thirsk “says the predictive analytics model anonymizes student data up until when they are flagged for being at risk, at which point they are identified to their instructor.”
- iTnews reports on the privacy “concerns” around Western Australia schools’ “Microsoft Office for Education cloud email service.” The service “allows teachers to access the mailboxes of any of the state’s 265,000 public school students.”
- Last week, the Consortium for School Networking (CoSN) unveiled an updated Privacy Toolkitthat addresses all major federal privacy laws. In addition, CoSN released “two infographics that empower school leaders to discuss the critical issue of student privacy.” Both resources can be found here.