Skip to the main content

This Week in Student Privacy: 2/24

Microsoft “Adopts International Cloud Privacy Standard”
According to info security, “Microsoft has become the first major cloud provider to adopt the first international cloud privacy standard developed by the International Organization for Standardization.” The privacy standard (known as ISO/IEC 27018) “>establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII)” and “calls for mechanisms to allow companies and individuals to remain in control of their data when it’s housed in third-party data storage.” According to OnWindows, “[t]he British Standards Institute (BSI) has now independently verified that in addition to Microsoft Azure, both Office 365 and Dynamics CRM Online are aligned with the standard’s code of practice for the protection of personally identifiable information in the public cloud” and “Bureau Veritas has done the same for Microsoft Intune.”

House Education and the Workforce subcommittee hearing on student privacy
The New England Board of Higher Education wrote about “the Subcommittee on Early Childhood, Elementary, and Secondary Education of the House Committee on Education and Workforce’s recent hearing entitled ‘How Emerging Technology Affects Student Privacy,’” during which “the subcommittee discussed possible revisions to the Family Educational Right and Privacy Act (FERPA).” According to the New England Board of Higher Education, “[t]he main topic of debate was how far Congress should go in blocking schools and third-party vendors from using student data for advertising or for compiling student profiles which advertisers could use to target ads.” More information on the hearing can be found in our newsletter from last week, and on these sites: Center for Digital Education, EdWeek, EPIC,, Microsoft, McClatchyDC, NASBE.


  • PBS Newshour published an “outline of the kind of data being collected on students and a look at who has access” to that data.
  • Colorado’s The Gazette published a piece about how “Colorado parents worry about what government [and] businesses know about their kids.”
  • Rutgers University recently started using ProctorTrack biometric software, “which records face, knuckle and personal identification details during online courses.”
  • CIO published a piece about whether “Student Data [is] at Risk Due to Out-of-Date Privacy Laws.”
  • According to PRWeb, “SchoolMessenger, a leading provider of communication solutions for the education market and a subsidiary of West Corporation,” announced last week that it had signed the Student Privacy Pledge.
  • EdSurge published a piece on how “instead of looking at software for the answer to personalized learning,” K-12 organizations should “look for the answer in the data.”
  • The University of Maryland’s student newspaper The Diamondback published an article about how “[a] bill proposed by state Sen. Ronald Young (D-Frederick) would prohibit colleges and high schools in [Maryland] from mandating access to students’ online social media accounts.” Another Diamondback article on the proposed bill can be found here.
  • According to Information Today, Inc., “Google for Education recently released mobile apps for its Classroom product.”

This update was compiled by Hannah Offer. Hannah is a senior at the Crossroads School for Arts & Sciences and a research assistant for the Student Privacy Initiative.

You might also like

Projects & Tools 01


Student Privacy Initiative

The Student Privacy Initiative-- part of the Center's growing suite of Privacy Initiatives-- aims to surface, identify, and evaluate central privacy issues and opportunities that…