Presentation is loading. Please wait.

Presentation is loading. Please wait.

Student Privacy in an Ever-Changing Digital World

Published byBrendan Evans Modified over 6 years ago

Similar presentations

Presentation on theme: "Student Privacy in an Ever-Changing Digital World"— Presentation transcript:

1 Student Privacy in an Ever-Changing Digital World
Scott D. Schafer University Privacy Officer March 9, 2017

2 Overview Changing landscape of education technology
Privacy and student data used in online educational services Best practices for protecting student privacy

3 Goals Provide faculty, staff and students with cutting-edge learning tools Protect privacy when using the tools Strive to accomplish both goals 3 Goals Equip faculty, staff and students with cutting-edge technologies and solutions Protect Privacy when using these technologies Ideal – we accomplish both of these goals at same time

4 Online Educational Services at Penn
How are Online Educational Services Being Used?? Student information systems Educational applications Productivity applications Online Educational Services at Penn Student Information Systems – Access to records, career services Educational Applications – facilitate educational discussions or sharing of ideas Productivity Applications Fundamental University Services – Fundamental University services

5 What Are Online Educational Services?
Computer software, apps, or web-based tools Provided by a third-party to Penn Accessed via Internet by students, faculty, and/or staff Used as part of a University activity NOT online services or social media used in a personal capacity They are web-based apps, tools, or platforms Provided by 3rd party Accessed by Internet Part of the educational experience at Penn NOT – Online services (social media) used in a personal capactiy

6 Challenge of Online Educational Services
3rd Parties perform University functions New types of data and more of it! Many online services do not utilize the traditional 2-party written contractual business model Concerns about monetization of personal information and behavioral marketing Use data effectively and appropriately but still protect privacy Challenges – Third parties are providing these services – less control They collect or record new types of data – not just data provided, but data on how the services is used, clicks, where they go – who owns that data??? Offer just click-through agreement people just accept – not based on a two-party negotiated contract model - restrictions use of data is not negotiated Data is truly the New Gold!! - It’s a valuable commodity – and lots of entrepeneurs in the online educational space recognize this. Want to use it for their own purposes (behavioral marketing, maybe even sell it) Significant Implications on student privacy – Penn’s obligations to protect student privacy So they are offering Higher Ed new, innovate services

7 FERPA Family Educational Rights and Privacy Act Federal law that:
Protects the privacy of students’ education records Provides students the right to inspect their education records Law protection student privacy is FERPA Love acronyms – Protects privacy of student records Also gives students to inspect their educational records

8 FERPA And Your Role As members of the Penn Community, we have a responsibility to protect education records in our possession. Members of Penn community have an obligation to protect student education records in our possession EVEN if services offered to us are attractive, really convenient, or offered to us for FREE

9 Sharing “Education Records” – Student Consent
General Rule: Education records may not be shared without student written consent -- though important exceptions exist. General rule under FERPA – Cannot disclose student records WITHOUT PRIOR WRITTEN CONSENT BUT there are some really important exceptions

10 Sharing “Education Records” – Student Consent
What is an “Education Record”? Any information or data directly related to a student maintained by Penn What Is NOT an “Education Record”? Records of a law enforcement unit of the University Medical & mental health treatment records Alumni data not connected to student status Employment records not connected to student status BEFORE I talk about those exceptions – let’s talk about what is an EDUCATION RECORD Any information directly relating to a student maintained by Penn BUT NOT: Law enforcement records (Penn Police) Health or mental health records Alumni records Employement records

11 Key Exceptions to Consent Requirement
Two exceptions to the consent requirement are most relevant when using education technology: Directory Information Exception School Official Exception FERPA has many exceptions to the consent requirement BUT the two most relevant to online education services: Directory Information Exception School Official Exception

12 Directory Information Exception
Directory information may be shared provided the student has not “opted out” of allowing such sharing. Directory information includes: Student’s name Address (local, home, ) Telephone number DOB Penn ID Major, dates of attendance, degrees awarded field of study Directory Information is not considered FERPA data requiring consent – as long as student has not opted out of sharing info. This type of data may be shared with an online educational service provider WITHOUT STUDENT CONSENT – As long as student has not opted out.

13 School Official Exception
School Officials Faculty Staff 3rd party service provider performing work under University supervision With Legitimate Educational Interests Information is needed for school official to perform duties Other Exception – School Official Can share student data WITHOUT CONSENT if the party is a SCHOOL OFFICIAL with a LEGITIMATE EDUCATIONAL INTEREST in receiving the information.

14 School Official Exception
Third-party service provider is a school official if: Performs a service for which Penn would otherwise use its own employees Is under the direct control of Penn regarding use education records Does not re-disclose or use education records for its own or unauthorized purposes 3rd Party Service Provider can be a “School Official” if performing services for University Doing a Service that University would otherwise use its own employees Must be acting under direction of University regarding use of student data Does not use student data for its own purposes

15 Question 1: Is student information used in online educational services protected by FERPA?

16 Answer: It depends! Some data may be protected by FERPA:
Enrollment Information Grade Information Evaluation of coursework Other data may not be: Directory Information (unless student has opted out) Need to evaluate on a case by case basis to determine if FERPA-protected information is implicated.

17 Question 2: What does FERPA require if a student’s education record is disclosed to a third-party service provider?

18 Answer: Consent for the disclosure; OR
Disclosure under “School Official” exception Direct control Use for authorized purposes only Limitation on re-disclosure

19 Question 3: What about metadata?
Are there restrictions on what providers can do with metadata about students’ interactions with their services?

20 What is Metadata? Metadata are pieces of information that provide context to other data being collected: Activity date and time Number of attempts How long the mouse hovered before clicking an answer Before I give you the answer – how many people know what META DATA IS? Pieces of information the provide context to other data being collected – what pages were visited, click information, how many times logged in – remember when we talked about the challenges and we talked about new types of data – well this is one – it focuses on behavior

21 Answer: Properly de-identified metadata may be used by providers for other purposes Stripped of all direct and indirect identifiers School name and other geographic information can be indirect identifiers YES – But only if stripped of all identifiers – direct or indirect Can include school name or geographic location

22 Privacy Challenges Online educational services:
Offer free or low-cost services to gain access to student data No contract necessary – or just a click-through agreement So what are the privacy challenges we are seeing with ONLINE EDUCATIONAL SERVICES Attractive – offer free or low cost services Gives them the entry to the student data They often don’t require a contract -- just a click through agreement

23 Privacy Challenges Online educational services:
Seek to monetize or use student data for their own purposes by having the students agree to Terms of Service or a Privacy Policy Part of the click through – they have students or the users – agreeing to TERMS OF SERVICE OR PRIVACY POLICIES that allow them to use the data for their OWN PURPOSES

24 Privacy Challenges Problem:
University educational services are conditioned upon students agreeing to allow a third-party to use their data for its own purposes What if the student does not wish to consent? Is an alternative offered?  If no alternative, is the student providing “voluntary” consent to third-party’s use of its data?  Problem: When UNIVERSITY SERVICES are CONDITIONED upon AGREEING TO A THIRD-PARTY TERMS OF SERVICE What is student doesn’t agree – what do we do? Will there be an alternative? If no alternative, is that really consent from student perspective? PUTS US IN A CONUNDRUM

25 Best Practices When possible, use a written contract or legal agreement with provisions addressing: Security Data collection Data use, disclosure, and destruction Remember FERPA “school official” requirements: Direct control Authorized use Limits on redisclosure BEST PRACTICES Get a contract in place with third-party provider of online educational service – NO CLICKTHROUGHS Designate as a school official Set parameters on data use and limits redisclosure

26 Best Practices Be aware of how online educational services intend to use student data Provide University Services - OK Market to Students - NO Sell Student Data - NO Understand how student data will be used – Provide University Services – OK Sell Data or Market to Students – Not OK

27 Best Practices If online educational services want consent from students to use data for other purposes: Must be fully transparent with students Obtain meaningful, informed consent Provide students a choice to say “NO” and still receive the education service Ensure Terms of Service regarding data use cannot be changed without notice to student Online Educational Services might really push to want to use data for their own purposes – Service needs to be upfront and transparent with student on how data will be used Need to obtain explicit, informed prior consent with students Students NEED TO HAVE A REAL CHOICE - -Ability to say NO. No Change in Terms of Use without NOTICE

28 Resources www.upenn.edu/privacy Penn Privacy Website Email
Penn’s FERPA Policy FERPA FAQs Protect Yourself Policies and Guidance Privacy Topics A to Z

Download ppt "Student Privacy in an Ever-Changing Digital World"

Similar presentations

FERPA - Sharing Student Information

FERPA - Sharing Student Information
Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
FERPA: Family Educational Rights and Privacy Act

FERPA: Family Educational Rights and Privacy Act
Family Educational Rights and Privacy Act (FERPA) Basics For Faculty and Staff.

Family Educational Rights and Privacy Act (FERPA) Basics For Faculty and Staff.
Information for Students MGH Institute of Health Professions Use your down arrow or click your mouse to advance through the presentation.

Information for Students MGH Institute of Health Professions Use your down arrow or click your mouse to advance through the presentation.
The Family Educational Rights and Privacy Act

The Family Educational Rights and Privacy Act
FERPA for Students What Every MSU Student Should Know Prepared by the Office of the Registrar.

FERPA for Students What Every MSU Student Should Know Prepared by the Office of the Registrar.
F amily E ducational R ights and P rivacy A ct University of Nebraska at Kearney.

F amily E ducational R ights and P rivacy A ct University of Nebraska at Kearney.
FERPA What You Need to Know as a Wayne State Student Prepared by the Office of the Registrar.

FERPA What You Need to Know as a Wayne State Student Prepared by the Office of the Registrar.
1 Office of the General Counsel FERPA  Family Educational Rights and Privacy Act (20 U.S.C § 1232g)

1 Office of the General Counsel FERPA  Family Educational Rights and Privacy Act (20 U.S.C § 1232g)
FERPA: WHAT YOU SHOULD KNOW ILASFAA April 18, 2008 Amy Perrin Director of Financial Aid Elgin Community College.

FERPA: WHAT YOU SHOULD KNOW ILASFAA April 18, 2008 Amy Perrin Director of Financial Aid Elgin Community College.
FERPA: Family Educational Rights and Privacy Act.

FERPA: Family Educational Rights and Privacy Act.
FERPA Skidmore College Family Education Rights & Privacy Act What is FERPA? It is the Family Educational Rights and Privacy Act of 1974. Is also referred.

FERPA Skidmore College Family Education Rights & Privacy Act What is FERPA? It is the Family Educational Rights and Privacy Act of Is also referred.
What is FERPA? Family Educational Rights and Privacy Act.

What is FERPA? Family Educational Rights and Privacy Act.
2/16/2010 The Family Educational Records and Privacy Act.

2/16/2010 The Family Educational Records and Privacy Act.
FERPA 2008 New regulations enact updates from over a decade of interpretations.

FERPA 2008 New regulations enact updates from over a decade of interpretations.
FERPA Family Educational Rights and Privacy Act Presented by Bridget Blanshan Interim AVP for Student Affairs & Dean of Students Ext. 4935.

FERPA Family Educational Rights and Privacy Act Presented by Bridget Blanshan Interim AVP for Student Affairs & Dean of Students Ext
1 FERPA and Student Privacy in Records of University Research ECURE March 1, 2005 Richard Rainsberger, Ph.D. Consultant, Education Records Law and Privacy.

1 FERPA and Student Privacy in Records of University Research ECURE March 1, 2005 Richard Rainsberger, Ph.D. Consultant, Education Records Law and Privacy.
FERPA Overview for CANR Business Managers Rob Kent, MSU Assistant General Counsel October 7, 2014.

FERPA Overview for CANR Business Managers Rob Kent, MSU Assistant General Counsel October 7, 2014.
The Family Educational Rights and Privacy Act (FERPA) The Importance of Protecting Student Records This session will help you better understand the law.

The Family Educational Rights and Privacy Act (FERPA) The Importance of Protecting Student Records This session will help you better understand the law.

Similar presentations

Ads by Google