Blog: Student Data Privacy ArticlesPractical tips, best practices, and useful student data privacy resources.https://educationframework.com/resources/blogNY State Educators Approach July 1st Deadline to Demonstrate Compliance with Ed Law 2-d Part 121https://educationframework.com/resources/blog/PostId/48/ny-state-educators-approach-july-1st-deadline-to-demonstrate-compliance-with-ed-law-2-d-part-121New York Privacy LawsSun, 14 Jun 2020 12:48:43 GMT<h1><strong>NY State Educators Approach July 1<sup>st</sup> Deadline to Demonstrate Compliance with Ed Law 2-d Part 121</strong></h1> <p><strong></strong></p> <p> All public school districts in New York state have until July 1, 2020 to complete the requirements of Education Law 2-d. The law protects student data privacy and security by limiting access to students’ personally identifiable information (PII) in all public schools and education agencies throughout the state. The New York Board of Regents adopted additional regulations outlined in <strong><a href="http://www.nysed.gov/common/nysed/files/programs/student-data-privacy/proposed-part-121-for-pii.pdf" title="NYS Ed Law 2-d Part 121 Terms">Part 121</a></strong> in January, 2020, and the law is in effect July 1, 2020.</p> <p>Three key regulations that need to be met by the July 1 deadline include:</p> <ol> <li>Education agencies must adopt a data security and privacy policy.</li> <li>A Bill of Rights Policy must be posted on the school district or agency website and notice is provided to officers and employees.  <ul> <li><em>This document must be included in every third-party contract the agency enters into where the contractor receives student data or protected teacher/principal data. </em></li> <li><em>A Bill of Rights Policy must be signed and posted publicly for <span style="text-decoration: underline;">each and every</span> vendor that collects/uses student PII.</em></li> </ul> </li> <li>A Data Privacy Officer is designated to monitor compliance.</li> </ol> <p>Ed Law 2-d, Part 121 applies to the following New York state educational organizations:</p> <ul> <li>New York State Education Department (NYSED)</li> <li>PreK–12 public school districts</li> <li>Each Board of Cooperative Educational Services or BOCES</li> <li>All schools that are: <ul> <li>Public elementary or secondary</li> <li>Universal pre-kindergarten program</li> <li>Approved provider of preschool special education services</li> <li>Schools for the education of students with disabilities</li> </ul> </li> </ul> <h2><strong></strong></h2> <h2><strong></strong></h2> <h2><strong></strong></h2> <h2><strong>NYS </strong><strong>Ed Law 2-d Part 121 Requirements</strong></h2> <table border="1" bordercolor="#ccc" cellpadding="5" cellspacing="0" style="background-color:#e6e6fa;border-style:hidden;" width="809"> <tbody> <tr style="height: 81px;"> <td style="width: 181px; height: 81px;"> <p><strong></strong><strong>Data Security and </strong><br /> <strong>Privacy Policy</strong></p> </td> <td style="width: 627px; height: 81px;"> <ul> <li>Educational agencies are to adopt a policy on data security and privacy <span style="text-decoration: underline;"><strong>by July 1, 2020</strong></span>.</li> </ul> </td> </tr> <tr style="height: 139px;"> <td style="width: 181px; height: 139px;"> <p><strong>Protection of PII</strong></p> </td> <td style="width: 627px; height: 139px;"> <ul> <li>Educational agencies must ensure that every use of PII by the educational agency benefits students. Additionally, educational agencies cannot sell or disclose PII for commercial purposes.</li> <li>Educational Agencies must ensure PII is not included in public reports or other documents.</li> </ul> </td> </tr> <tr style="height: 171px;"> <td style="width: 181px; height: 171px;"> <p><strong>Bill of Rights for Data Privacy and Security</strong></p> </td> <td style="width: 627px; height: 171px;"> <ul> <li>A Bill of Rights for Data Privacy and Security must be published on the website of each educational agency and must be included with every contract an educational agency enters into with a third-party contractor that receives PII.</li> <li>Educational agencies are required to post information about third-party contracts on the agency’s website with the Bill of Rights.</li> </ul> </td> </tr> <tr style="height: 121px;"> <td style="width: 181px; height: 121px;"> <p><strong>Designation of Data Protection Officer</strong></p> </td> <td style="width: 627px; height: 121px;"> <ul> <li>Each educational agency must designate a Data Protection Officer to be responsible for the implementation of the policies and procedures required in Education Law 2-D.</li> <li>The designee will also serve as the point of contact for data security and privacy for the educational agency.</li> </ul> </td> </tr> <tr style="height: 71px;"> <td style="width: 181px; height: 71px;"> <p><strong>NIST Cybersecurity Framework</strong></p> </td> <td style="width: 627px; height: 71px;"> <ul> <li>Educational agencies are to adopt a policy on data security and privacy that aligns with the <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf">National Institute of Standards and Technology</a> (NIST) Cybersecurity Framework.</li> </ul> </td> </tr> <tr style="height: 131px;"> <td style="width: 181px; height: 131px;"> <p><strong>Third Party Contracts</strong></p> <p><strong></strong></p> </td> <td style="width: 627px; height: 131px;"> <ul> <li>Applies to any person or entity, other than an educational agency, that receives student data or teacher or principal data from an educational agency pursuant to a contract or other written agreement for purposes of providing services to such educational agency, including but not limited to data management, conducting studies, or evaluation of publicly funded programs.</li> </ul> </td> </tr> <tr style="height: 71px;"> <td style="width: 181px; height: 71px;"> <p><strong>Annual Employee Training</strong></p> </td> <td style="width: 627px; height: 71px;"> <ul> <li>Educational agencies shall annually provide data privacy and security awareness training to their officers and employees with access to personally identifiable information.</li> </ul> </td> </tr> <tr style="height: 111px;"> <td style="width: 181px; height: 111px;"> <p><strong>Unauthorized Disclosure Complaint Procedures</strong></p> </td> <td style="width: 627px; height: 111px;"> <ul> <li>Educational agencies must establish and communicate to parents, eligible students, principals, teachers, and other staff of an educational agency procedures to file complaints about breaches or unauthorized releases of student data and/or protected teacher or principal data.</li> </ul> </td> </tr> <tr style="height: 71px;"> <td style="width: 181px; height: 71px;"> <p><strong>Incident Reporting and Notification</strong></p> </td> <td style="width: 627px; height: 71px;"> <ul> <li>Educational agencies shall report every discovery or report of a breach or unauthorized release of student, teacher or principal data to the Chief Privacy Officer and notify impacted stakeholders.</li> </ul> </td> </tr> </tbody> </table> <p> </p> <h2><strong>How EdPrivacy Can Help</strong></h2> <p>New York state public schools and educational agencies will soon be legally liable to protect all identifiable student data. That is why schools and districts need to feel confident that the digital resources and applications they are using are compliant with state and federal privacy laws.</p> <p>Education Framework's student data privacy management service, EdPrivacy, includes a database of over 12,500 digital applications and resources, commonly used in classrooms, that have been thoroughly reviewed and vetted to meet local, state and federal privacy specifications. </p> <p>Using machine learning-based artificial intelligence, EdPrivacy's proprietary scoring system helps educators and administrators quickly and easily determine which service providers respect and protect student data privacy. <strong>EdPrivacy is the only privacy management solution available to K–12 school districts that provides <a href="https://educationframework.com/resources/blog/what-is-app-vetting-and-why-is-it-important" title="EdPrivacy by Education Framework - data privacy protection for K-12 school districts">on-demand privacy vetting</a>.</strong> With so much at stake, district leaders enjoy student data privacy peace of mind with EdPrivacy. </p> <p><strong></strong></p> <p><strong>Additional Resources</strong></p> <ul> <li><a href="https://educationframework.com/resources/student-privacy-laws/state-laws/nys-education-law" title="NYS Education Law 2-d ">How EdPrivacy Supports <strong>NYS Education Law 2-d</strong> Updates and Additions</a></li> <li><a href="https://riconedpss.org/documents/Part121Overview.pdf" title="Part 121 of the Commissioner's Regulations">Infographic overview of NY State education law</a></li> <li><a href="http://www.nysed.gov/data-privacy-security/frequently-asked-questions-about-data-privacy-and-security" title="Frequently Asked Questions About Data Privacy and Security">New York State Education Department FAQs</a></li> </ul> 48How Technology in the Classroom Impacts Student Data Privacyhttps://educationframework.com/resources/blog/PostId/47/technology-in-the-classroom-impacts-student-data-privacyPartner DistrictsWed, 04 Mar 2020 18:45:00 GMT<p>Until a parent voiced a concern about one of the digital programs used in River Forest (IL) School District 90, teachers had been able to use any app they chose in their classrooms. However, a parent inquiry sent Kevin Martin, director of technology, on a quest that led to major changes in how the district investigates and vets applications and websites for use.</p> <p dir="ltr">River Forest is a 1:1 iPad district with two K-4 elementary schools and one middle school. In January 2016, district teachers were using approximately 700 apps in their classrooms. After the parent inquiry, the superintendent was concerned enough about how technology in the classroom impacts student privacy, that he asked Martin to investigate how the district might better manage and protect student data. <b id="docs-internal-guid-52110a20-7fff-ef33-f94c-bfd722ec9829"> </b></p> <p dir="ltr">Martin quickly determined that having lawyers review the privacy policies of 700 apps was impractical and expensive, and he did not have the time required to do it himself. Martin investigated the available options and found Education Framework. Co-founder Jim Onstad told Martin that Education Framework partners with districts and acts as a clearing house for educational online resources and applications by reviewing their privacy policies. </p> <p dir="ltr">River Forest began using EdPrivacy, the privacy management database by Education Framework, and almost immediately discarded around 300 apps because their privacy rating was so low. What this meant in practical terms was that Martin and his team had to meet with teachers to tell them they could no longer use these applications and that they needed to understand the importance of the individual privacy policies and how they protect the use of student data.</p> <p dir="ltr">"We had some difficult conversations with our teachers because some of the apps had been in use for multiple years,” said Martin. “But once we began educating our teachers on the importance of protecting personally identifiable information (PII), and then, with EdPrivacy, helped them find replacement apps that passed the privacy test, they really got on board. It was a great learning opportunity.”</p> <p dir="ltr">River Forest is now using approximately 400 apps in their district that have all been vetted for privacy. There is a defined process and workflow for teachers to send in a request for approval, and they have a way to submit vendor improvement requests when needed. </p> <p dir="ltr">When teachers find new apps at conferences, they now ask potential vendors about their privacy policies and explain their district is using EdPrivacy to approve applications for use. Most vendors now have an awareness that they need to improve their privacy scores as a result of recent developments in privacy law. Teachers occasionally push back, but most feel a high level of confidence in using the app in their classrooms, especially when it has been reviewed in the EdPrivacy database. Martin reports that he has to say “no” to teachers much less frequently as they now understand the importance of protecting student data privacy.</p> <p dir="ltr">The district has <a href="https://www.district90.org/about/instructional-technologystudent-data-privacy-resource-guide">created a page</a> that details the privacy and acceptable use policies for parents. The resource guide outlines how EdPrivacy uses a privacy quality scoring system based on 5 main components: </p> <ol dir="ltr"> <li>Data privacy – what information is collected from students and what are the purposes for collecting that student data; </li> <li>Data deletion - the ability of parents/guardians to review and/or delete personal information collected from their children; </li> <li>Data security - whether data transferred over the Internet is encrypted and whether there are security policies and procedures that are reasonably designed to protect personal student information against risks, such as unauthorized access or unintended or inappropriate destruction, modification, or disclosure; </li> <li>Data integrity - whether student data is backed up on a regular schedule; and </li> <li>Data retention - whether there is a data retention policy stating that data will only be retained for as long as it serves an educational purpose. </li> </ol> <p dir="ltr">The District ultimately decides whether or not to use the particular website, software or app based on the privacy quality score provided by EdPrivacy and any other relevant information. Other relevant information may include consideration about the group of individuals who will be using the website, software or app, the manner in which the website, software or app will be deployed, and the intended reasons for use.<b></b></p> <p dir="ltr">During the student registration process, parents are asked to agree to let the district act as an agent for their student in this area. Martin said, “we look specifically for education apps that are not selling student data, and we explain that to parents in our policy.”</p> <p dir="ltr"><b id="docs-internal-guid-52110a20-7fff-ef33-f94c-bfd722ec9829"> </b>"Now that teachers understand our privacy policies, having the assurance that EdPrivacy has rated them as good to use makes them feel more positive about using the programs in their classrooms,” said Martin.</p> <p dir="ltr"><b id="docs-internal-guid-52110a20-7fff-ef33-f94c-bfd722ec9829">How EdPrivacy Can Help Your District</b></p> <p dir="ltr">EdPrivacy from Education Framework provides a <a href="https://educationframework.com/services/edprivacy">K–12 privacy management solution</a> that vets the security and safety of all online applications based on their compliance with FERPA, COPPA, and state privacy laws. EdPrivacy’s proprietary rating system provides student data privacy peace of mind as it allows users to see at a glance whether or not the apps they are using are in compliance with state and federal data privacy laws. </p> <p dir="ltr">EdPrivacy has a searchable database of more than 10,000 vetted online applications, and expertise districts can rely on when it comes to FERPA, COPPA, and state data privacy requirements. With EdPrivacy, districts can review a privacy scorecard for any vendor and quickly determine the safety of the application. Further they can understand whether or not the district can grant consent on behalf of the parents for each individual online resource.  </p> <p dir="ltr">For a free trial or to learn more about EdPrivacy by Education Framework, visit <a href="https://educationframework.com/">here</a>.<b></b></p> 47The California Consumer Privacy Act Bolstering Student Data Privacy Goes into Effecthttps://educationframework.com/resources/blog/PostId/46/CCPA-the-california-consumer-privacy-act-bolstering-student-data-privacy-goes-into-effectPrivacy Management,CA Privacy LawsTue, 31 Dec 2019 15:56:00 GMT<p>The start of the new year brings big changes to the privacy landscape in California. Effective January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) becomes law. The CCPA protects the personal information of all California residents collected by any company doing business in the state of California. Edtech companies that collect <a href="https://educationframework.com/resources/blog/what-is-pii">PII</a> from California students are also bound by this new law.</p> <p dir="ltr">The big takeaway for school districts and edtech companies is that while <a href="https://educationframework.com/resources/student-privacy-laws/federal-laws">COPPA </a>regulates information privacy for children up to age 13, CCPA extends that protection to children up to age 16. This means that students’ PII is protected from preschool through most of high school—so companies and districts should align their compliance plans for the entire PK–12 student population.</p> <p dir="ltr">Much like the European GDPR security law, the CCPA expands the definition of personal information to include things like IP addresses, geolocation information, and inferences drawn from personal data to create a data profile of a consumer. “While all consumers have the right to ‘opt out’ of a sale of their information, consumers under the age of 16 must ‘opt in’ before their personal data is sold. (If the user is under the age of 13, the student’s parent or guardian must opt in.)”[1]<b id="docs-internal-guid-4d1cac9f-7fff-285f-9db8-890b3d56c50f"> </b></p> <p dir="ltr">It is important to note that the CCPA does not supplant the existing <a href="https://educationframework.com/resources/student-privacy-laws/state-laws/California-statutes">California Student Online Personal Information Protection Act (SOPIPA).</a> How the two laws will co-exist remains to be seen as CCPA is designed for general consumer protection (and students fall within that category), whereas SOPIPA is focused on students exclusively. Most data elements categorized as “covered information” under SOPIPA are already protected as PII under federal laws, such as FERPA and COPPA.[2]<b id="docs-internal-guid-4d1cac9f-7fff-285f-9db8-890b3d56c50f"> </b></p> <h2 dir="ltr">How Do School Districts Navigate the Requirements of Multiple Laws?</h2> <p dir="ltr">The various federal and state laws are intended to prevent violations of student data privacy with newer laws enacting stricter privacy guidelines. But how the laws overlap or work together presents a complicated picture as the CCPA is in effect on January 1st and is retroactive to January 1, 2019. Protecting student privacy, understanding how edtech vendors and service providers are currently handling data, and monitoring their privacy policy changes over time is a monumental task for districts. Keeping track of the details of how new legislation impacts current practice is also a challenge. </p> <p dir="ltr">Managing process and policies for protecting student PII is a challenge for any sized district, but especially ones with limited resources. EdPrivacy presents a solution. EdPrivacy utilizes machine learning-based artificial intelligence to create privacy scores for more than 10,000 apps and digital resources used in classrooms. The scores help educators and administrators quickly identify safe online technologies and easily determine which service providers respect and protect student data privacy. With EdPrivacy, school district leaders better understand school privacy laws for students, and enjoy student data privacy peace of mind. </p> <p dir="ltr">Benefits of EdPrivacy include:</p> <ul> <li>Partner with trusted experts in school student data privacy.</li> <li>Access a database of privacy scores for more than 10,000 of the most-used online education resources.</li> <li>Understand which education technologies respect and protect sensitive student information.</li> <li>Instill parent confidence that the district is proactively protecting student information online.</li> <li>Publish and maintain a list of safe-to-use technologies approved for use in the classroom. </li> <li>Reduce risk of data breach and ensure compliance with FERPA, COPPA, and state privacy laws.<b id="docs-internal-guid-4d1cac9f-7fff-285f-9db8-890b3d56c50f"> </b></li> </ul> <p>For a free trial, visit <a href="https://edprivacy.educationframework.com/preregister.aspx">here</a>.<b></b><meta charset="utf-8" /><b id="docs-internal-guid-fcdb6238-7fff-4209-738e-7299b2a7e74f"></b></p> <hr /> <p dir="ltr"><span style="font-size:10px;">[1] Retrieved from <a href="https://www.edsurge.com/news/2018-09-21-golden-state-gdpr-what-the-edtech-industry-should-know-about-ca-s-new-privacy-rules">https://www.edsurge.com/news/2018-09-21-golden-state-gdpr-what-the-edtech-industry-should-know-about-ca-s-new-privacy-rules</a></span><br /> <span style="font-size:10px;"><b></b></span><span style="font-size:10px;">[2] Retrieved from <a href="https://fpf.org/wp-content/uploads/2016/11/SOPIPA-Guide_Nov-4-2016.pdf">https://fpf.org/wp-content/uploads/2016/11/SOPIPA-Guide_Nov-4-2016.pdf</a></span><b></b></p> 46What is PII? What Districts and Families Need to Knowhttps://educationframework.com/resources/blog/PostId/45/what-is-pii-what-districts-and-families-need-to-knowStudent Privacy LawsThu, 19 Dec 2019 12:55:00 GMT<p>New student data privacy laws are changing the landscape for school districts, educators, and parents. For themselves and for their students’ families, districts are faced with growing concerns about data privacy leading to the question—what is PII? Otherwise known as personally identifiable information. Once defined, districts need to know how to protect it.</p> <p dir="ltr">PII is any data point that can be used to identify a specific individual. In K–12 schools, the most common pieces of student PII include:</p> <ul dir="ltr"> <li>Student’s full name</li> <li>Date of birth</li> <li>Social security number</li> <li>Home address</li> <li>Home telephone number</li> </ul> <p dir="ltr">This information is usually stored in a school’s student information system (SIS). In many districts, the SIS is now linked to other programs in a network ecosystem where information is accessible through a single sign on (SSO)—eliminating the need for countless user names and passwords for log-in. SSO vendors, such as <a href="https://www.classlink.com/">Classlink</a>, act as a connector between the school’s SIS and other digital programs. Not only does the SSO allow users to log-in with just one user name and password to access approved programs on the network, but it means that teachers’ class rosters are automatically populated, or “rostered” by the SIS<span style="font-size:10px;"><sup>1</sup></span>.<b></b></p> <p dir="ltr">With all digital programs linked together, network security becomes paramount in addition to ensuring that PII is protected. Unless applications or digital resources have been developed by the district itself, these digital programs are provided by third party vendors. These vendors are collecting user data—or student PII. There are federal and state privacy laws that limit what information vendors can collect, how long they can keep it, and what they can use it for. However, it falls to the school district to understand vendors’ privacy policies, negotiate terms, and monitor the vendors for continued compliance. </p> <p dir="ltr"><a href="https://educationframework.com/resources/blog/is-your-school-district-at-risk-for-a-data-breach">District data breaches</a> are more and more common, and student PII is being sold on the dark web. If this happens, it could take years for a student or her family to become aware that the information has been compromised and sold. In the meantime, debt and false records accrue in that student’s name or are tied to the student’s social security number. <b></b></p> <h2 dir="ltr"><b id="docs-internal-guid-644a8644-7fff-c164-ed9c-9bcb54345f86">COPPA and FERPA Use Different Definitions of PII</b></h2> <p dir="ltr">The Children’s Online Privacy Protection Rule (COPPA) protects children under 13 and spells out exactly what online operators and third party vendors must do to protect children. </p> <p dir="ltr">Each of the following is considered personal information (PII) under COPPA:</p> <ul dir="ltr"> <li>Full name</li> <li>Home or other physical address, including street name and city/town</li> <li>Online contact information like an email address or other identifier that permits someone to contact a person directly—screen name, or user name where it functions as online contact information</li> <li>Telephone number</li> <li>Social security number</li> <li>A <strong>persistent identifier </strong>that can be used to recognize a  user over time and across different sites, including a cookie number, an IP address, a processor or device serial number or unique device identifier</li> <li>A photo, video, or audio file containing a child’s image or voice</li> <li>Geolocation information sufficient to identify a street name and city/town</li> <li>Other information about the child or parent that is collected from the child and is combined with one of these identifiers<span style="font-size:10px;"><sup>2</sup></span>.</li> </ul> <p dir="ltr">The Family Educational Rights and Privacy Act (FERPA) considers to be any information that can be used to distinguish or trace an individual’s identity either <a href="https://studentprivacy.ed.gov/content/personally-identifiable-information-pii#glossary-node-210">directly</a> or indirectly through linkages with other information. Direct identifiers include a student’s or other family member’s name, and indirect identifiers, can be a student’s date of birth, place of birth, or mother’s maiden name<span style="font-size:10px;"><sup>3</sup></span>.<b></b></p> <p dir="ltr">One thing that causes confusion is that <strong>persistent unique identifiers</strong> are considered PII under COPPA but not under FERPA. Schools are required to comply with both of these <a href="https://educationframework.com/resources/student-privacy-laws/federal-laws">federal privacy laws</a>, in addition to any state or local laws, but as a practical matter, school districts often adopt the more comprehensive COPPA definition of PII to ensure compliance.<b></b></p> <p dir="ltr">As you can see, compliance with state and federal student data privacy laws is complicated. However, it is now a driving <a href="https://educationframework.com/resources/blog/student-data-privacy-policy-for-schools-best-practices">concern of school district administrators</a>—and not just those in charge of technology. Understanding how to protect student privacy requires reading each vendor’s privacy policy and <a href="https://educationframework.com/resources/blog/what-is-app-vetting-and-why-is-it-important">vetting the technologies</a> for their level of security. Then, as privacy policies change frequently, districts need to monitor the policies over time to ensure they stay informed of any changes.<b></b></p> <h2 dir="ltr"><b id="docs-internal-guid-644a8644-7fff-c164-ed9c-9bcb54345f86">How EdPrivacy Provides Data Privacy Peace of Mind</b></h2> <p dir="ltr">EdPrivacy from Education Framework provides a <a href="https://educationframework.com/services/edprivacy">K–12 privacy management solution</a> that vets the security and safety of all online applications based on their compliance with FERPA, COPPA, and state privacy laws. EdPrivacy’s proprietary rating system provides student data privacy peace of mind as it allows users to see at a glance whether or not the apps they are using are in compliance with state and federal data privacy laws. If there are changes in the law, districts receive notification from EdPrivacy.<b></b></p> <p dir="ltr">EdPrivacy has a searchable database of more than 10,000 vetted online applications, and expertise districts can rely on when it comes to FERPA, COPPA, and state data privacy requirements. With EdPrivacy, districts can review a privacy scorecard for any vendor and quickly determine the safety of the application. Further they can understand whether or not the district can grant consent on behalf of the parents for each individual online resource.  </p> <p>For a free trial, visit <a href="https://edprivacy.educationframework.com/preregister.aspx">here</a>.<b> </b></p> <p>____________________</p> <p><span style="font-size:8px;"><b id="docs-internal-guid-388d42fe-7fff-e442-722d-382a24700f98"><sup>1</sup>EdPrivacy works with SSO programs, such as Classlink, G-Suite for Education, and Microsoft Office 365 for Education.</b></span><br /> <span style="font-size:8px;"><meta charset="utf-8" /><b id="docs-internal-guid-0df55529-7fff-ba15-89da-5202a41aa04c"><sup>2</sup> Retrieved from <a href="https://www.ftc.gov/tips-advice/business-center/guidance/childrens-online-privacy-protection-rule-six-step-compliance#step1">https://www.ftc.gov/tips-advice/business-center/guidance/childrens-online-privacy-protection-rule-six-step-compliance#step1</a> </b></span><br /> <span style="font-size:8px;"><meta charset="utf-8" /><b id="docs-internal-guid-dfb2468b-7fff-1cc3-c71b-af23ddc66c5d"><sup>3</sup>Retrieved from <a href="https://studentprivacy.ed.gov/content/personally-identifiable-information-pii#glossary-node-210">https://studentprivacy.ed.gov/content/personally-identifiable-information-pii#glossary-node-210</a> </b></span></p> 45Is Your School District at Risk for a Data Breach?https://educationframework.com/resources/blog/PostId/44/is-your-school-district-at-risk-for-a-data-breachCompliance Best PracticesWed, 06 Nov 2019 20:47:00 GMT<p><span style="font-weight: 400;">Cybercrime continues to increase across all industries, and education is no exception. Criminals are hacking into school district databases and stealing student and faculty personal information. District data can be accessed directly from the district, but it can also be captured through third-party software. That exact situation made news headlines in late summer of this year.</span><span style="font-weight: 400;"> </span></p> <p><a href="https://techcrunch.com/2019/07/31/education-software-maker-pearson-says-data-breach-affected-thousands-of-accounts-in-the-u-s/"><span style="font-weight: 400;">A major education data breach</span></a><span style="font-weight: 400;"> was announced in July by Pearson through their AIMSweb monitoring and assessment program. More than 13,000 schools were affected and the private data of thousands of students was compromised. Although Pearson did not share many of the details, the things we know provide a cautionary tale for districts. </span></p> <p><span style="font-weight: 400;">Pearson did not even realize that the hack had taken place in November 2018. They were informed by the FBI in March, 2019—four months later. This means that Pearson did not have systems in place to secure the data or even to be able to detect a data breach themselves. After Pearson was informed of the breach, they took another four months to notify the affected schools.</span></p> <p><span style="font-weight: 400;">The data was from students using AIMSweb between 2011 and 2016. The data that was stolen included students’ first and last names, date of birth, student identification numbers and, of course, school name and district. Even though social security numbers were not included, it is information valuable enough to be sold, even though there is no evidence of that as yet. It does raise the question of how long it is appropriate for an education vendor to keep student data when active use of the vendor software has ended.  </span></p> <p><span style="font-weight: 400;">It’s important to know how the vendor handles and ensures the security of student data throughout its life cycle:</span></p> <ul> <li>How do they store it and when, and how do they plan to dispose of it?<span style="font-weight: 400;"></span></li> <li><span style="font-weight: 400;">How do they keep track of the data, and how are they notified if there is a breach?</span><span style="font-weight: 400;"></span></li> <li><span style="font-weight: 400;">Do they have the ability to remove the data on request?</span><span style="font-weight: 400;"></span></li> <li><span style="font-weight: 400;">How are they protecting the data from unauthorized users?</span></li> </ul> <p><span style="font-weight: 400;">Read more about how to </span><a href="https://educationframework.com/resources/blog/student-data-privacy-policy-for-schools-best-practices"><span style="font-weight: 400;">keep student data private</span></a><span style="font-weight: 400;"> and about </span><a href="https://educationframework.com/resources/blog/district-challenges-in-executing-a-student-data-privacy-policy"><span style="font-weight: 400;">best practices</span></a><span style="font-weight: 400;"> that help districts manage the safety of their data with vendors. One important takeaway is that because of the amount of private information that is at risk, it is not just the responsibility of the IT team to manage student data, it is everyone’s responsibility – including teachers, administrators, and parents. </span></p> <p><i><span style="font-weight: 400;"></span></i><i><span style="font-weight: 400;">Education Framework provides student data privacy peace of mind for district administrators, teachers, and parents through EdPrivacy, its expert K-12 data privacy management solution. EdPrivacy offers an intuitive platform that consistently vets the safety and security of online applications based on compliance with FERPA, COPPA, and state privacy requirements.</span></i></p> <p><span style="font-weight: 400;">Sign up for a </span><a href="https://edprivacy.educationframework.com/preregister.aspx"><span style="font-weight: 400;">free trial</span></a></p> 44What is App Vetting and Why is it Important?https://educationframework.com/resources/blog/PostId/42/what-is-app-vetting-and-why-is-it-importantPrivacy ManagementFri, 11 Oct 2019 23:33:00 GMT<p>Digital resources and tools add richness to classroom learning experiences. Many tools can even help create transforming learning experiences for students. However, just as school and district leaders need to evaluate and approve the content of these resources, they must also evaluate them for compliance with federal and state privacy laws that protect students’ personally identifiable information (PII). </p> <p dir="ltr">The process of app vetting begins with a thorough review of an application’s privacy policy and terms of services agreement. Evaluating the policies of an application, website, or digital resource enables districts to verify whether a vendor has taken the necessary steps to adequately protect sensitive student information. It is of critical importance that the app vetting is executed and compliance with state and federal student privacy laws is verified and done for every online resource in use in the district. <b> </b></p> <p dir="ltr">The essential core of student data privacy is the completion of privacy policy vetting and the ongoing monitoring of any changes to vendors’ privacy policies over time. While calls for student privacy protection are mounting, the immensity of the task is overwhelming districts. It is a huge effort to evaluate compliance with existing privacy legislation for every single digital tool used in the district—often numbering in the thousands – and education leaders are seeking ways to improve their efforts and properly manage this process.</p> <p dir="ltr">There are three ways that districts can get this job done:<b id="docs-internal-guid-a622b0c0-7fff-5dcf-626a-1a632a7f9706"> </b></p> <ol dir="ltr"> <li><strong>Crowdsourced vetting</strong>—there are a number of consortia that “pool” their knowledge once one of the members has evaluated a contract. The focus of this approach is based on establishing model contracts. However, this type of vetting can be limited in scope.</li> <li><strong>Solo vetting</strong>—the district itself does the work of evaluating all the privacy policies. As the use of digital apps and resources continues to grow, so does the time required to evaluate the privacy policies of each. Then once cleared for use, privacy policies must be monitored for changes over time to ensure continued compliance with all applicable laws. This type of vetting can be time and labor-intensive.</li> <li><strong>Outsourced vetting</strong>—the district hires an outside party to vet online applications for privacy. EdPrivacy by Education Framework is the only edtech vendor that provides vetting for 100% of a district’s apps, applications, and websites with a searchable database and on-demand privacy vetting. EdPrivacy also monitors changes in privacy policies over time. Other outsourced vetting options include lawyers and Certified Information Privacy Professionals (CIPP) who can be hired to provide software vetting services to districts. </li> </ol> <p dir="ltr">Software privacy policies are written using legalistic language. They can sometimes be opaque and difficult to understand. But it is necessary to have someone evaluate them for your district, as it is the only way to determine the safety of the online applications you are using with your students.</p> <p dir="ltr"><b id="docs-internal-guid-a622b0c0-7fff-5dcf-626a-1a632a7f9706">Providing Districts Student Data Privacy Peace of Mind</b></p> <p dir="ltr">EdPrivacy from Education Framework provides a <a href="https://educationframework.com/services/edprivacy">K–12 privacy management solution</a> that vets the security and safety of all online applications based on their compliance with FERPA, COPPA, and state privacy laws. EdPrivacy’s proprietary rating system provides student data privacy peace of mind as it allows users to see at a glance whether or not the apps they are using are in compliance with state and federal data privacy laws. </p> <p dir="ltr"><b></b><b id="docs-internal-guid-a622b0c0-7fff-5dcf-626a-1a632a7f9706">Privacy Quality Scoring System</b></p> <p dir="ltr">EdPrivacy includes a searchable database of 10,000+ apps, websites and online resources that have been thoroughly vetted for data privacy, safety and security. EdPrivacy generates a Privacy Quality Score (PSQ) for each online resource and enables district leaders to quickly and easily determine the safety and usability of an application. <b id="docs-internal-guid-a622b0c0-7fff-5dcf-626a-1a632a7f9706"> </b></p> <p dir="ltr">The easy-to-understand privacy ratings system is based on the following criteria:</p> <ul dir="ltr"> <li>The privacy policy is posted clearly on the vendor’s website.</li> <li>The app is for school use only.</li> <li>Parents can request the deletion of data.</li> <li>Student data transfer is encrypted.</li> <li>Data is retained for educational purposes only.</li> <li>Student data is securely protected.</li> </ul> <p dir="ltr">With EdPrivacy, districts can review a privacy scorecard for any vendor and quickly determine the safety of the application. Further they can understand whether or not the district can grant consent on behalf of the parents for each individual online resource.  </p> <p dir="ltr">Outsourcing the vetting of all privacy policies to a data professional makes good sense for district IT teams who feel overwhelmed by the task of doing it themselves. EdPrivacy can help, enabling district leaders to streamline the privacy management process and quickly determine which online applications are safe for student use.</p> <p dir="ltr">For a free trial, visit <a href="https://edprivacy.educationframework.com/preregister.aspx">here</a>. </p> 42Managing Student Data Privacy: How One District is Doing it Righthttps://educationframework.com/resources/blog/PostId/41/managing-student-data-privacy-how-one-district-is-doing-it-rightPrivacy ManagementTue, 10 Sep 2019 21:59:00 GMT<p>Every school district is faced with a choice about how to protect student data. As districts have implemented more technology to support digital learning, student privacy in schools has become a critical issue. It can be a huge undertaking to vet and manage the privacy policies of all of the online resources used in a district. Even with good intentions, most districts do not have adequate protection and are vulnerable to a data breach. These breaches are becoming more common as districts struggle to keep up with technology. Here is the story of one district that is doing it right. They are effectively supporting their student data privacy policy with a comprehensive privacy management tool.</p> <h2 dir="ltr">Forsyth County Schools</h2> <p dir="ltr">District administrators and school board members in Forsyth County, Georgia were committed to protecting the data privacy of their nearly 50,000 students. They were actively searching for an enterprise data privacy solution that would allow their teachers and schools to be autonomous in finding and selecting safe applications for use in the classroom. They were specifically looking for a tool that would give local school personnel the ability to independently find online resources that are FERPA and COPPA compliant. The district team learned about EdPrivacy by Education Framework when it was featured as a<b> </b><a href="https://educationframework.com/about-us/news/edprivacy-selected-as-nsba-education-technology-innovation-showcase-winner">2018 NSBA Education Technology Innovation Showcase</a><b> </b>award winner at the <a href="https://www.nsba.org/">National School Board Association</a><b> </b>annual conference. <b id="docs-internal-guid-eec9352c-7fff-fb24-f1c1-015ad0112c02"> </b></p> <p dir="ltr">Like most districts, Forsyth County Schools does not have a large enough IT staff to conduct the labor intensive evaluation of every digital tool and learning resource used in classrooms throughout the district. District leaders and school board members were already searching for a comprehensive, cost-effective solution to automate this process when they learned about EdPrivacy. After watching a demo, Forsyth knew EdPrivacy was the solution they were looking for, but they needed it to integrate with their SSO solution—Classlink.<b id="docs-internal-guid-eec9352c-7fff-fb24-f1c1-015ad0112c02"> </b></p> <p dir="ltr">Education Framework welcomed the opportunity to partner with Forsyth and developed the integration they needed for Classlink, which is now available to all districts that use Classlink as their SSO software. Forsyth educators now have access to more than 10,000 digital resources in the EdPrivacy database, and can order a privacy evaluation for new digital tools and programs at any time. New evaluations are provided within 24-48 weekday hours of each request.</p> <p dir="ltr">Since the EdPrivacy database has such an extensive library of approved educational resources, the district has been able to give teachers guidelines and greater latitude in choosing tools and learning resources to support their curriculum. Also, the district’s professional development program has spurred adoption and implementation of EdPrivacy throughout the district. <b id="docs-internal-guid-eec9352c-7fff-fb24-f1c1-015ad0112c02"> </b></p> <h2 dir="ltr">Highlights after EdPrivacy’s first year in Forsyth include:</h2> <ul dir="ltr"> <li>1,112 teachers are using the system</li> <li>8,356 searches have been completed in the EdPrivacy database</li> <li>Users are advocates as they help teachers and administrators use the system</li> <li>Vendor privacy policies are vetted and continuously monitored for changes </li> <li>Quick turnaround on new edtech privacy vetting requests </li> <li>80% return on investment (ROI) on Forsyth’s student data privacy efforts </li> </ul> <h2 dir="ltr"><br /> Forsyth’s ROI for Protecting Student Data Privacy</h2> <p dir="ltr">The time spent on vetting the privacy of each online resource varies from 30 minutes for a trained person to multiple hours for an untrained individual. Using 30 minutes as a conservative calculation, Forsyth’s 8,356 searches in the EdPrivacy database saved them the equivalent of two FTE, or two full-time employees, using the district’s average salaries. If the vetting activity averaged an hour each, then the district has saved the equivalent of four full time employees. After one school year, Forsyth has experienced an 80% return on their investment in EdPrivacy.</p> <p dir="ltr">In addition to this significant savings, Forsyth now has confidence that they have ensured the ongoing protection of their student’s personally identifiable information. Forsyth educators benefit from the expanding database of approved digital resources and the monitoring of privacy policies on an ongoing basis. And districts are notified via automatic updates of any changes in the privacy policies.</p> <p dir="ltr">School data breaches are becoming more common, so there is an urgency for districts to do everything they can to safeguard student information. The protection that EdPrivacy provides educators in Forsyth County is unique. No other student data security platform uses machine learning-based artificial intelligence to vet vendor privacy policies and ensure that they are continually monitored for changes. This 24/7 protection assures districts and school boards that they are providing the most comprehensive protection available for their students’ personal data.</p> <p dir="ltr"><b id="docs-internal-guid-eec9352c-7fff-fb24-f1c1-015ad0112c02"> </b></p> 41Optimize Student Data Protection with this EdPrivacy Checklisthttps://educationframework.com/resources/blog/PostId/39/optimize-student-data-protection-with-this-edprivacy-checklistPrivacy ManagementFri, 30 Aug 2019 13:09:00 GMT<p style="margin-bottom: .0001pt; margin: 0in 0in 8pt;"><span style="font-size: 14px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="color: black;"></span></span></span></span></p> <p style="margin-bottom: .0001pt; margin: 0in 0in 8pt;"><span style="font-size: 14px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="color: black;">Now is a great time to review your current technologies and ensure your districts' privacy efforts are in order. Make sure that you are taking full advantage of the data privacy and security benefits that EdPrivacy provides. Use the following checklist<b> </b>to set your district up for a successful school year:</span></span></span><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"></span></span></span><br /> <span style="font-size: 11pt;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-size: 12.0pt;"></span></span></span></span></p> <p style="margin: 0in 0in 8pt;"><span style="font-size: 16px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><b><span style="color: black;">____Review the digital resources currently used in your district and update your approved technology list. </span></b></span></span><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-size: 12.0pt;"></span></span></span><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"></span></span></span><br /> <span style="font-size: 11pt;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-size: 12.0pt;"></span></span></span></span></p> <ul> <li style="margin-top: 0in; margin-right: 0in; margin-bottom: .0001pt; margin: 0in 0in 0.0001pt 0.5in;"><span style="font-size: 14px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-size: 12.0pt;"></span><span style="color: black;">Understand which online technologies are currently in-use in your district. Review the Privacy Quality Score for each application to ensure compliance with COPPA, FERPA, state and local privacy laws.</span></span></span><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="color: black;"></span></span></span><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="color: black;"></span></span></span><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="color: black;"></span></span></span><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="color: black;"> </span></span></span></span></li> <li style="margin-top: 0in; margin-right: 0in; margin-bottom: .0001pt; margin: 0in 0in 0.0001pt 0.5in;"><span style="font-size: 14px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="color: black;">Revise your approved technology list to only include resources that have been vetted by EdPrivacy and approved for student use. Remove all old or unneeded resources from the list.</span></span></span></span><span style="font-size: 11pt;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-size: 12.0pt;"></span></span></span></span></li> </ul> <p style="margin-bottom: .0001pt; margin: 0in 0in 8pt;"><span style="font-size: 16px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><b><span style="color: black;">____ Determine which technologies are safe for students under 13 and monitor vendor privacy policies for changes.</span></b></span></span></span> </p> <ul> <li style="margin-top: 0in; margin-right: 0in; margin-bottom: .0001pt; margin: 0in 0in 0.0001pt 0.5in;"><span style="font-size: 14px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-family: Wingdings;"></span><span style="color: black;">Check the privacy dashboard to see if you’ve received any messages informing you of a change to a vendor privacy policy. If so, determine whether the change threatens student safety.</span></span></span></span></li> <li style="margin-top: 0in; margin-right: 0in; margin-bottom: .0001pt; margin: 0in 0in 0.0001pt 0.5in;"><span style="font-size: 14px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="color: black;"></span></span></span><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-family: Wingdings;"></span><span style="color: black;">If changes affect personally identifiable information (PII), decide whether the application should remain in the curriculum or should be replaced with a solution that is better at protecting student privacy. </span></span></span><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="color: black;"></span></span></span></span></li> </ul> <p style="margin-bottom: .0001pt; margin: 0in 0in 8pt;"><span style="font-size: 14px;"><span style="font-size: 16px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><b><span style="color: black;">____Vet new online resources for privacy <u>BEFORE</u> approving them for student use.</span></b></span></span></span><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-size: 12.0pt;"></span><span style="color: black;"><span style="font-size: 14px;"></span></span></span></span></span></p> <ul> <li style="margin-top: 0in; margin-right: 0in; margin-bottom: .0001pt; margin: 0in 0in 0.0001pt 0.5in;"><span style="font-size: 14px;"><span style="font-size: 14px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="color: black;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="color: black;">When adopting new technologies for your district, check the Privacy Quality Score for each new application, website, and digital resource. Request privacy reviews for all new EdTech tools considered for the classroom and receive results within 24-48 weekday hours. </span></span></span></span></span></span></span></span></li> <li style="margin: 0in 0in 8pt 0.5in;"><span style="font-size: 14px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="color: black;">Add only resources that have been vetted for privacy to your approved technology list. Prioritize those technologies that do not collect any student data and are compliant with COPPA, FERPA, state, and local privacy requirements.</span></span></span><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="color: black;"></span></span></span></span></li> </ul> <p style="margin-bottom: .0001pt; margin: 0in 0in 8pt;"><span style="font-size: 14px;"><span style="font-size: 16px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="color: black;">____<b>Communicate your privacy management efforts to parents and your district community.</b></span></span></span></span></span><span style="font-size: 14px;"></span><span style="font-size: 14px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-size: 12.0pt;"></span></span></span></span></p> <ul> <li style="margin-top: 0in; margin-right: 0in; margin-bottom: .0001pt; margin: 0in 0in 0.0001pt 0.5in;"><span style="font-size: 14px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-size: 12.0pt;"></span><span style="color: black;">Inform your district community of your data privacy management efforts. Publicly post your approved technology list to your district web page.</span></span></span></span></li> <li style="margin-top: 0in; margin-right: 0in; margin-bottom: .0001pt; margin: 0in 0in 0.0001pt 0.5in;"><span style="font-size: 14px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-size: 12.0pt;"></span></span></span><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-size: 12.0pt;"></span></span></span><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-size: 12.0pt;"></span><span style="color: black;">Send parents a direct link to view your approved technology list and inform them of the efforts you are making to protect sensitive student information.</span></span></span></span></li> </ul> <p style="margin-bottom: .0001pt; margin: 0in 0in 8pt;"><span style="font-size: 14px;"><span style="font-size: 16px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><b><span style="color: black;">____Train new staff on EdPrivacy.</span></b></span></span></span><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-size: 12.0pt;"></span></span></span><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"></span></span><br /> <span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-size: 12.0pt;"></span></span></span></span></p> <ul> <li style="margin-top: 0in; margin-right: 0in; margin-bottom: .0001pt; margin: 0in 0in 0.0001pt 0.5in;"><span style="font-size: 14px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-size: 12.0pt;"></span><span style="color: black;">Get your team up to speed right away! Share these </span><a href="https://bit.ly/2khgEM3" style="color: blue; text-decoration: underline;"><span style="color: #1155cc;">short training videos</span></a><span style="color: black;"> with new team members to help acquaint them with the EdPrivacy database and encourage existing users to review the training videos as a quick refresher.</span></span></span></span></li> <li style="margin-top: 0in; margin-right: 0in; margin-bottom: .0001pt; margin: 0in 0in 0.0001pt 0.5in;"><span style="font-size: 14px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-size: 12.0pt;"></span></span></span><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-size: 12.0pt;"></span></span></span><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="font-size: 12.0pt;"></span><span style="color: black;">Consider meeting briefly with your entire team to emphasize the importance of student data privacy management in your school district. </span><span style="font-size: 12.0pt;"></span></span></span><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"></span></span></span></li> </ul> <p style="margin-bottom: .0001pt; margin: 0in 0in 8pt;"><span style="font-size: 14px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="color: black;">The start of the year is a great time to review vendor data privacy policies, reaffirm district privacy management procedures, update your approved technology list, and communicate your privacy management efforts to parents and your district community. Follow this simple checklist to enhance your data protection program and get the year off to a smart start.</span></span></span></span><span style="font-size: 14px;"></span><span style="font-size: 14px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"><span style="color: black;"></span></span></span></span></p> <p style="margin-bottom: .0001pt; margin: 0in 0in 8pt;"><span style="font-size: 14px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;">Questions? Please <a href="https://educationframework.com/">contact us</a>!</span></span></span></p> <p style="margin-bottom: .0001pt; margin: 0in 0in 8pt;"> </p> <p style="margin-bottom: .0001pt; margin: 0in 0in 8pt;"><span style="font-size: 14px;"><span style="line-height: normal;"><span style="font-family: Calibri,sans-serif;"></span></span></span></p> <p style="margin-bottom: .0001pt; margin: 0in 0in 8pt;"> </p> 39EdPrivacy by Education Framework: Student Data Privacy Peace of Mind [Video]https://educationframework.com/resources/blog/PostId/38/edprivacy-by-education-framework-student-data-privacy-peace-of-mind-videoPrivacy ManagementWed, 21 Aug 2019 16:59:00 GMT<p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"><span style="font-size: 11pt;"><span helvetica="" neue="">Protecting K-12 data privacy is a big challenge for U.S. school districts. Learn how EdPrivacy helps simplify and streamline the student privacy management process, protecting student data and providing privacy peace of mind.</span></span></span></span></span><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"><strong><span style="font-size: 11pt;"><span helvetica="" neue=""></span></span></strong></span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"> <span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"><strong><span style="font-size: 11pt;"><span helvetica="" neue=""></span></span></strong></span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span><strong><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span></strong><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"><strong><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;">Watch video here: <a href="https://www.youtube.com/watch?v=X5cbtg8834Y&feature=youtu.be">EdPrivacy by Education Framework - Student Data Privacy Peace of Mind</a> [Video]</span></span></span></strong></span></span></span><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"><strong><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span></strong></span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"><strong><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span></strong></span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"><strong><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span></strong></span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;">As a Director of Technology, is managing student data privacy giving you a headache? We get it!</span></span></span><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;">Federal and state student data privacy laws demand online resources used in school districts be reviewed and approved, and it's a lot to keep up with!</span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;">We know that keeping student data private is a big concern for districts, but with so many vendor policies to vet, it's become extremely time-consuming. </span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;">That's why we created Education Framework! </span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"> </p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;">Education Framework provides student data privacy peace of mind through an easy-to-use K through twelve data privacy platform called EdPrivacy. This solution consistently vets the safety and security of online applications based on FERPA, COPPA, and state privacy requirements.</span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"> </p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;">The EdPrivacy platform has:</span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span></p> <ul> <li class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;">A searchable database of over ten thousand applications most-often used in schools that have been vetted by data privacy experts.</span></span></span></li> <li class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;">An easy to understand and consistent <a href="https://educationframework.com/services/edprivacy">rating system of vendor privacy policies</a> called Privacy Quality Scores. </span></span></span></li> <li class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"> And a quick and easy way to request a vendor’s Privacy Quality Score if it is not already in the privacy database, with new evaluations completed in twenty-four to forty-eight weekday hours! </span></span></span></li> </ul> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;">Let Education Framework be your trusted partner to answer questions, decipher complicated privacy policies and protect student data. </span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;"></span></span></span></p> <p class="Body" style="border: none; margin: 0in 0in 0.0001pt;"><span style="font-size: 11pt;"><span helvetica="" neue=""><span style="color: black;">Learn more and visit <a href="https://educationframework.com/">EducationFramework.com</a> today!</span></span></span></p> 38District Challenges in Executing a Student Data Privacy Policyhttps://educationframework.com/resources/blog/PostId/37/district-challenges-in-executing-a-student-data-privacy-policyCompliance Best PracticesFri, 02 Aug 2019 20:47:00 GMT<p>In a recent <a href="https://www.forbes.com/sites/nishacharya/2019/06/23/why-ed-tech-is-finally-reaching-its-potential/#7f5f11ce3367">Forbes</a> article about how edtech is finally reaching its potential, expert Nish Acharya reported on the annual June ISTE conference. The association reported attendance of approximately 20,000 educators and vendors who were drawn to <a href="https://www.iste.org/">ISTE</a> by their interest in edtech’s AI-driven learning programs, analytics of student performance, and enterprise software solutions for classrooms and administration. Despite shared enthusiasm about learning technology, many edtech companies have struggled to scale their solutions, and districts have learned to be cautious about bringing new technology into their districts.</p> <p dir="ltr">Acharya notes that ISTE sees itself playing a role to help bridge the gap between school districts and edtech companies. One of the most serious edtech challenges faced by both districts and edtech vendors centers on the protection of student data, and ISTE has launched an initiative to help implement best practices around data management in districts. Given the challenge that districts face in executing a uniform student data privacy policy, it is useful to understand that protecting student data privacy is a challenge for both edtech vendors and districts. </p> <p dir="ltr">There is no doubt that there has been vendor misuse of student data – more unintentionally than intentionally. However, Achara writes:</p> <p dir="ltr"><b> </b><em>“The lack of training that school districts have in data management is as big a problem, if not bigger, than the misuse of student data by private companies. <u>Most districts don’t have the resources or training to protect, manage or analyze large data sets effectively.</u>”</em></p> <p dir="ltr"><em></em><em></em></p> <p dir="ltr"><meta charset="utf-8" /><b id="docs-internal-guid-73eb2643-7fff-0954-2694-e2a0774d1031"></b></p> <h2 dir="ltr"><b id="docs-internal-guid-73eb2643-7fff-0954-2694-e2a0774d1031">The Overall Challenge In Maintaining a Student Privacy Policy </b></h2> <p dir="ltr">From the district’s perspective, the key to protecting student data is understanding how third party online resource providers are utilizing the data they have access to and having the ability to communicate this information in a clear and concise manner to parents, teachers, administrators, board members, and policy makers.</p> <p dir="ltr">Districts must develop a comprehensive K-12 student information system data security policy which first involves: </p> <ul dir="ltr"> <li>knowing what the vendor does with the data they collect </li> <li>understanding how they store it </li> <li>whether or not they share it </li> <li>how they plan to dispose of it</li> </ul> <p dir="ltr">This type of review needs to happen for each and every online technology (app, website, learning program) suggested for use in the classroom <em>before</em> it is approved for use by students. And once it has been determined that it is safe for use in the classroom, continual monitoring is necessary so you know if and when privacy policies change, which they can, and often do.</p> <p dir="ltr">Yet despite this being the cornerstone to protecting student data privacy, it’s often viewed as a burdensome task that nobody wants to do.</p> <h2 dir="ltr"><b id="docs-internal-guid-73eb2643-7fff-0954-2694-e2a0774d1031">5 Student Data Privacy Policy Best Practices</b><b id="docs-internal-guid-73eb2643-7fff-0954-2694-e2a0774d1031"> </b></h2> <p dir="ltr">Understanding the safety and privacy of online technologies is often a full-time job. It’s important to remember that protecting student data is an ongoing effort that requires regular checks and balances. Because edtech vendors often alter their contracts after the fact— leaving student data exposed for misuse or abuse— remembering to regularly monitor policies for changes is an important part of properly protecting student data privacy.</p> <p dir="ltr"><b id="docs-internal-guid-73eb2643-7fff-0954-2694-e2a0774d1031">Here are 5 best practices to ensure your district has a strong student data privacy policy in place:</b></p> <ol dir="ltr"> <li><b id="docs-internal-guid-73eb2643-7fff-0954-2694-e2a0774d1031">You have a clearly defined, year-round strategy. </b>How regularly do you review vendor privacy policies to ensure they haven’t changed? Is it something you address every so often, once or twice a year, or possibly not at all? Or do you have a system in place that <a href="https://educationframework.com/services/edprivacy">monitors vendor policies for changes on a regular on-going basis</a>, enabling you to know immediately if and when a change occurs?<br /> <b></b></li> <li><b id="docs-internal-guid-73eb2643-7fff-0954-2694-e2a0774d1031">You engage parents in the privacy conversation. </b>Providing a method to engage parents in the privacy conversation helps keep them current with what is happening in the classroom and informed about their child’s technology usage while at school.<br /> <b></b></li> <li><b id="docs-internal-guid-73eb2643-7fff-0954-2694-e2a0774d1031">You have formal structures in place to check for privacy. </b>Knowing the privacy of online learning technologies used by students in schools offers an added level of safety and security, and provides an extraordinary level of insight into the effectiveness of your technology initiatives.  <br /> <b></b></li> <li><b id="docs-internal-guid-73eb2643-7fff-0954-2694-e2a0774d1031">You have a formal method to obtain parental consent. </b>While utilizing paper forms is an acceptable method, online, paperless options are far less wasteful and easier to keep track of. <br /> <b></b></li> <li><b id="docs-internal-guid-73eb2643-7fff-0954-2694-e2a0774d1031">You know why student privacy matters. </b>Having a clear sense of goals and expectations is critical to achieving successful privacy outcomes. Understanding what you want to do, how you plan to do it, and who is going to help you along the way are all hallmarks of a solid student privacy plan.</li> </ol> <p dir="ltr">Use these best practices to create a roadmap for your district on developing student privacy policies. Protecting student privacy is no one’s job, it’s everyone’s job.</p> <p dir="ltr"><em>Education Framework provides student data privacy peace of mind for district administrators, teachers, and parents through EdPrivacy, its expert K-12 data privacy management solution. EdPrivacy offers an intuitive platform that consistently vets the safety and security of online applications based on compliance with FERPA, COPPA, and state privacy requirements.<b></b></em></p> <p dir="ltr">Sign up for a <a href="https://edprivacy.educationframework.com/preregister.aspx">free trial</a><b></b></p> <p dir="ltr"><b id="docs-internal-guid-73eb2643-7fff-0954-2694-e2a0774d1031"> </b></p> <p dir="ltr"><em></em></p> 37Student Data Privacy Policy for Schools—How to Ensure Your Data Stays Privatehttps://educationframework.com/resources/blog/PostId/34/student-data-protection-policy-for-schools-best-practicesCompliance Best PracticesTue, 25 Jun 2019 13:22:00 GMT<p>Keeping students’ personally identifiable information (PII) private is a complicated initiative for most school districts. And one that, up until now, has been the responsibility of IT departments. However, the expanding volume of technology being used by schools and the increasing risk of security disruptions have put data protection policy for schools front and center for everyone.<br /> <br /> Data protection guidance for schools requires districts to: </p> <ul> <li>establish clearly defined roles</li> <li>make thoughtful plans that incorporate transparency and accountability</li> <li>establish data protection training for schools </li> </ul> <p>Teachers, administrators, and staff need training, tools, and support to be successful at protecting student privacy. <br />  </p> <h2>5 Best Practices for Creating a School Data Privacy Policy </h2> <p><strong>The following best practices can provide a road map for data protection guidance for schools.</strong><br />  </p> <ol> <li>  Understand the privacy landscape and your legal obligations.<br /> New state regulations are regularly enacted across the country. It is critical for schools and districts to be current on these legal requirements in addition to federal laws such as FERPA and COPPA.<br />  </li> <li>  Conduct a comprehensive technology audit.<br /> Establish a baseline of all technology being used in classrooms and school and district offices. Once there is an understanding of what technology is in use throughout the district, the next step is to conduct a privacy evaluation for each online technology to ensure student data is private and protected.<br />  </li> <li>  Establish a data governance plan and data protection training for schools.<br /> Make a plan that addresses the full life cycle of data, from acquisition to disposal. Use written contracts to outline security and data collection, data deletion, data use, data retention, data disclosure and data destruction. Determine who has authority to review and purchase and define the scope and limitations of that authority. Districts need to conduct a security awareness program that provides data protection training for schools’ faculty and staff.<br />  </li> <li>  Communicate your plan and engage parents in the privacy conversation.<br /> Post information about your student data policies, practices, and usage on a public web page. Be explicit about the information you collect about your students and what the information is used for. Explain what, if any, PII is shared with third party service providers and how that information is safeguarded. Be sure to let parents know how they can get additional information. <br />  </li> <li> Monitor privacy policies for changes and repeat this five-step process.<br /> Once all privacy policies are reviewed, ongoing monitoring is required to ensure the effectiveness of security controls and compliance. Without data protection training, schools and users may not fully understand their roles in implementing security protections.</li> </ol> <h2> <br /> 5 Keys to a Comprehensive School Policy </h2> <p>For those districts concerned that their data protection policy for schools is comprehensive enough, here are some key questions to ask: </p> <ul> <li><strong>Data privacy: </strong>do you have the ability to keep track of data and understand what happens to it during its lifespan?</li> <li><strong>Data deletion:</strong> do you have the ability to remove the data upon request?</li> <li><strong>Data security:</strong> can you protect the data from unwanted or unauthorized users?</li> <li><strong>Data integrity:</strong> do you have the ability to maintain the accuracy and consistency of data over its entire life cycle?</li> <li><strong>Data retention:</strong> do you understand that the data is to be used only for its intended educational purposes and should be disposed when no longer needed?</li> </ul> <p> <br /> <em>Education Framework provides student data privacy peace of mind for district administrators, teachers, and parents through <a href="https://educationframework.com/services/edprivacy">EdPrivacy, its expert K-12 data privacy management solution</a>. EdPrivacy offers an intuitive platform that consistently vets the safety and security of online applications based on compliance with FERPA, COPPA, and state privacy requirements.</em><br />  <br /> Sign up for a <a href="https://edprivacy.educationframework.com/preregister.aspx">free trial</a></p> 34How Schools Can Manage COPPA Compliancehttps://educationframework.com/resources/blog/PostId/33/how-schools-can-manage-coppa-complianceStudent Privacy LawsFri, 21 Jun 2019 18:45:00 GMT<p>School districts are aware of the need to maintain the privacy of student information but are overwhelmed by the enormity of the task. <a href="https://educationframework.com/resources/privacy-laws/federal-laws">Federal laws like the Children’s Online Privacy Protection Act (COPPA)</a> are in place to ensure that student data is only used for authorized purposes. However, school and district leaders are adopting new learning technologies so quickly, that their limited resources—human and systemic—are not able to ensure COPPA compliance with fidelity.<br />  <br /> COPPA was <a href="https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions#General%20Questions">enacted to put parents in control of the information that is collected from their children under the age of 13</a>. COPPA law applies to mobile apps, websites, digital learning products, and other online services available to children. </p> <h2>Understanding Privacy Policies: A Key Factor of COPPA</h2> <p>The importance of understanding the privacy policies of each piece of technology used by the district cannot be overstated. Privacy policies reveal how the data is being used, by whom, for what purpose, and for how long. Districts are using hundreds, even thousands of apps and other software. School districts do not have the staff to monitor and manage all the privacy policies manually to ensure COPPA compliance.<br />  <br /> <strong>Properly evaluating online technologies, continuously vetting third party vendors, and giving educators tools they need to make informed decisions minimizes the risk of inadvertently exposing student data to misuse or abuse.</strong> This process is tedious, takes time, and is subject to human error or accidental or unintentional mismanagement.<br />  <br /> EdPrivacy can help. It is a <a href="https://educationframework.com/services/edprivacy">K–12 data privacy management solution</a> that takes the guesswork out of managing student data privacy and offers an additional layer of security, providing peace-of-mind for those tasked with protecting student information.<br />  <br /> Specifically, EdPrivacy helps districts comply with COPPA law by:<br /> ·     Curating all privacy policies and terms of use links<br /> ·     Reviewing and vetting privacy policies of approved technology for safety and security<br /> ·     Posting online resources for parents to view</p> <h2>Vetting and Scoring School Vendors for COPPA Compliance</h2> <p>The EdPrivacy proprietary scoring system is used to answer specific questions about vendors’ privacy policies and its compliance with COPPA law and other regulations.<br /> ·     Is data being collected from users?<br /> ·     Is the user under 13?<br /> ·     Is the user’s personal identifiable information used for any commercial, non-educational purpose? This includes targeted advertising, social profile building, data sales/rentals/leases/licenses.<br />  <br /> By reading and digesting vendor privacy policies, EdPrivacy determines if a school district and/or parents remain in control of personally identifiable student data, and whether or not the vendor provides them with access to review and delete that data.</p> <h2>Machine Learning AI - The Tech Behind EdPrivacy</h2> <p>In compliance with COPPA law and other state and federal legislation, EdPrivacy consistently vets online technologies using machine learning AI to facilitate the process of evaluation and monitoring changes in the privacy policies over time. EdPrivacy clarifies questions about data collection, data use, data retention, data integrity, data security, data privacy, and data deletion. These questions align with different parts of COPPA law and other regulations.<br />  <br /> EdPrivacy automates the entire process of COPPA compliance by distilling the decision-making process into a simple-to-understand “yes” or “no” statement on the privacy quality scoring dashboard. It includes an approved technology list customized for each district and publicly posts approved online resources for parents to view. It also includes an easy-to-access searchable library with data privacy scores for more than 10,000 applications, websites, and online learning technologies. <br />  <br /> Learn more about how EdPrivacy can demystify all the privacy policy legalese associated with COPPA compliance with a <a href="https://edprivacy.educationframework.com/preregister.aspx">free trial</a> </p> 33Helping School Districts Address FERPA Compliancehttps://educationframework.com/resources/blog/PostId/30/understanding-how-edprivacy-helps-school-districts-address-ferpa-complianceStudent Privacy LawsTue, 04 Jun 2019 02:45:00 GMT<p><span style="color:#000000;"><span style="font-size:14px;">The conversation surrounding student privacy often comes down to safety. Parents want assurance that their children are safe while at school, both physically and virtually. They want a greater understanding of what is going on in the classroom, what digital tools are being used, what information is being collected from them, and for what purpose.</span></span></p> <p><span style="color:#000000;"><span style="font-size:14px;">The <a href="https://educationframework.com/resources/privacy-laws/federal-laws">Family Educational Rights and Privacy Act (FERPA) is a federal law</a> written to protect the unauthorized sharing of Personally Identifiable Information (PII) in student education records. It allows parents the right to access their child’s education records, to have those records amended, and to have control over the release of any of their child’s PII. FERPA spells out exactly what schools can and cannot do with student data in their own systems as well as the limitations imposed on third parties, such as edtech vendors, acting on behalf of schools and districts.</span></span></p> <h2><span style="color:#000000;"><strong><span style="font-size:14px;">FERPA Regulations and PII</span></strong></span></h2> <p><span style="color:#000000;"><span style="font-size:14px;">In recent years, in response to parental concerns about information security, many states have passed student data privacy laws that provide greater privacy protections than FERPA does. However, FERPA establishes a minimum federal standard that governs the privacy of education records and the PII they contain for all students in public educational institutions that receive federal funds.[1]</span></span></p> <p><span style="color:#000000;"><span style="font-size:14px;">FERPA regulations contain a “school official exception” for consent. This exception allows school districts to disclose FERPA-protected information for vendor services that would otherwise be performed by school employees. However, these edtech vendors must have “a legitimate educational interest, be under the direct control of the school, and not use the information for any other reason than for which it was disclosed.”[2]</span></span></p> <p><span style="color:#000000;"></span></p> <p><span style="color:#000000;"><span style="color:null;"></span></span></p> <p><span style="color:#000000;"></span></p> <p><span style="color:#000000;"></span></p> <p><span style="color:#000000;"><span style="font-size:14px;"></span></span></p> <p><span style="color:#000000;"><strong><span style="font-size:14px;">Managing Student Privacy</span></strong></span></p> <p><span style="color:#000000;"><span style="font-size:14px;">Ensuring FERPA compliance and managing student privacy is no simple task. Implementing a successful student privacy initiative takes a lot of work. It involves considerable amounts of time, commitment, and resources— three things most schools and districts are already running short of. It is vital that educators understand the importance of student privacy and make concerted efforts to ensure student information is safe, secure and protected.</span></span></p> <p><span style="color:#000000;"><span style="font-size:14px;">Fortunately, there is a tool to help districts manage the process of FERPA compliance, keep student data safe and secure, and ensure that vendors are properly handling sensitive student information. <a href="https://educationframework.com/about-us">Student data privacy experts</a> have developed <a href="https://educationframework.com/services/edprivacy">EdPrivacy</a>, a software platform that vets the safety and security of online applications and digital resources based on compliance with FERPA, COPPA, and state privacy requirements. EdPrivacy takes the worry out of FERPA compliance by managing the entire process for schools and districts.<br />  <br /> Designed to protect students from data abuse, EdPrivacy:<br /> •    Ensures that schools and districts are in complete compliance with federal and state regulations<br /> •    Engages parents in the privacy conversation and ensures their participation<br /> •    Lessens the risk of costly fines and penalties associated with the mismanagement of student information. </span></span></p> <p><span style="color:#000000;"><span style="font-size:14px;">EdPrivacy assists administrators, IT staff and teachers to proactively manage their student privacy obligations with transparency and accountability. Specifically, EdPrivacy helps parents to understand if vendors will allow them to review their student’s data, amend the data, and determine with whom the data is shared. Requests for the data must have the written consent of parents or students over 18. EdPrivacy also maintains records of PII disclosures for school and parental review.</span></span></p> <p><span style="color:#000000;"><span style="font-size:14px;">By working with the trusted data privacy experts at EdPrivacy, schools and districts minimize the risk of violating FERPA and other student data privacy laws. Take a proactive approach to safeguarding your students’ online presence and instill parental confidence that the district is adequately protecting their student’s data.</span></span></p> <p><span style="color:#000000;"><em><span style="font-size:14px;"><strong>Sign up for a free trial at</strong></span></em></span><span style="color:null;"><em><span style="font-size:14px;"><span style="color:null;"> </span><a href="https://educationframework.com/services/edprivacy"><span style="color:null;">https://educationframework.com/services/edprivacy</span></a><span style="color:null;"> </span></span></em></span></p> <p><span style="color:null;"><span style="color:null;"><span style="font-size:14px;">________________________________________<br /> [1] <a href="https://studentprivacy.ed.gov/sites/default/files/resource_document/file/SRO_FAQs_2-5-19_0.pdf" target="_blank">https://studentprivacy.ed.gov/sites/default/files/resource_document/file/SRO_FAQs_2-5-19_0.pdf </a><br /> [2] <a href="http://www.siia.net/blog/index/Post/77426/SIIA-Joins-Other-Organizations-to-Call-for-Guidance-on-Intersection-of-COPPA-and-FERPA--Dec%2026" target="_blank">http://www.siia.net/blog/index/Post/77426/SIIA-Joins-Other-Organizations-to-Call-for-Guidance-on-Intersection-of-COPPA-and-FERPA--Dec%2026</a></span></span></span></p> <p> </p> 30