As cloud-based technology moves into schools, it puts more data about your children onto remote servers. Here’s what to know and do to safeguard that information.
Public school districts across the country are rapidly turning to private online data companies to store and manage large quantities of student data, and few rules govern the activities.
What’s a concerned parent to do? In light of increasing privacy concerns surrouding school district cloud computing, here are five steps to take as a parent to stay on top of data-sharing activities while maintaining your children’s privacy inside and outside of school:
1. Ask questions
If you don’t know how your child’s school district handles student information, ask.“The number one thing we need parents to do is ask questions in two parts: ‘what data is being collected, and how are you using that data to help my kid?'” said Aimee Rogstad Guidera, the president and CEO for the educational nonprofit Data Quality Campaign.
This is especially important in regards to more sensitive pieces of information, according to Jana Castanon, former spokeswoman for the Columbus, Ohio, credit counseling company Apprisen. “For example, if you are a parent filling out a form for athletics or a dance recital, you need to ask why they need your child’s Social Security number if that is requested and that sort of thing,” she said.
Social Security numbers are the most commonly used piece of information by identity thieves targeting children, so requests for a child’s Social Security number in particular should be questioned, as most schools shouldn’t need that piece of information, according Federal Trade Commission privacy attorney Lisa Schifferle.
However, if the school really does need it, “Find out who has access to your child’s personal information and verify that the records are kept in a secure place,” she said.
2. Understand your legal rights
The Federal Educational Rights and Privacy Act outlines the rights you have to control the release of your child’s information by his or her school district.
In general, FERPA requires schools to have written parental consent before releasing any student information, except when requested by legal authorities, accrediting organizations, financial aid institutions or the receiving school of a transferring student.
Schools may also disclose student directory information without consent, but only after parents are given an opportunity to request their child’s information be withheld. Similarly, the Protection of Pupil Rights Amendment gives parents the right to view survey materials before they are distributed to students.
As of July 2016, FERPA contains no guidelines restricting or allowing the undisclosed release of student records for third-party online database storage and other cloud computing services, so you may or may not receive information about such activities.
If after reviewing your rights you believe you are missing an information release disclosure, contact school district administrators.
3. Read everything your child brings home
Public school districts are required to send annual notices that explain your personal information privacy rights under FERPA and PPRA, according to the Federal Trade Commission. If your school district doesn’t automatically send these notices, ask for them.
There may be lots of homework, parent notes and art projects in the mix, but diligently going through everything that comes home may also alert you to the addition of new cloud-based services within your child’s school district. Doing so will give you an opportunity to learn more and ask questions, but also alert you to areas of concern and the options you have to protect your child’s information.
4. Transmit online information securely
Whether you are managing your child’s school lunch account, registering him or her for the school year or helping to set up an online homework account, consider not only what information you are sharing but how, according to experts.
“If parents are putting information into any sort of electronic-based system, they need to make sure they are transmitting it using a secure website that has the https or lock symbol in the address bar,” Schifferle said. “It’s also important to transmit it using a secure device, like a computer with up-to-date anti-virus software and not through a mobile device on a Wi-Fi hot spot.”
Technology safeguards help, but security also falls back on the parent to make judgment calls on how much to actually share about their child.
“Think of it this way: If you wouldn’t put your personal information out there, why would you put your children’s information out there?” Castanon said.
5. Talk to your children
Parents play a big role in keeping their children safe, especially during the school-aged years, but experts suggest that the children can help, too.
“Everybody should be concerned about their identity, whether it is an adult or a child,” Castanon said. “Parents need to be talking to their child, especially as they get older, about the importance of securing personal information.”
For younger children, this could mean encouraging them to bring all school notices home and teaching them what pieces of personal information they shouldn’t share with strangers. For older children, the lessons could cover safe social media and other online website use both inside and outside of school.
“Go to the school or district’s webpage and review the information there about student online activity,” said Kathleen Styles, chief privacy officer of the U.S. Department of Education. “Most importantly, talk to your children about what they are doing online, and about online safety.”
Lastly, regardless of who shares the information and how, the overarching message is, “Be conscious of what you are putting out there,” Castanon said.