How Schools Can Manage COPPA Compliance June 21, 2019By Katie Onstad Student Privacy Laws coppa School districts are aware of the need to maintain the privacy of student information but are overwhelmed by the enormity of the task. Federal laws like the Children’s Online Privacy Protection Act (COPPA) are in place to ensure that student data is only used for authorized purposes. However, school and district leaders are adopting new learning technologies so quickly, that their limited resources—human and systemic—are not able to ensure COPPA compliance with fidelity. COPPA was enacted to put parents in control of the information that is collected from their children under the age of 13. COPPA law applies to mobile apps, websites, digital learning products, and other online services available to children. Understanding Privacy Policies: A Key Factor of COPPA The importance of understanding the privacy policies of each piece of technology used by the district cannot be overstated. Privacy policies reveal how the data is being used, by whom, for what purpose, and for how long. Districts are using hundreds, even thousands of apps and other software. School districts do not have the staff to monitor and manage all the privacy policies manually to ensure COPPA compliance. Properly evaluating online technologies, continuously vetting third party vendors, and giving educators tools they need to make informed decisions minimizes the risk of inadvertently exposing student data to misuse or abuse. This process is tedious, takes time, and is subject to human error or accidental or unintentional mismanagement. EdPrivacy can help. It is a K–12 data privacy management solution that takes the guesswork out of managing student data privacy and offers an additional layer of security, providing peace-of-mind for those tasked with protecting student information. Specifically, EdPrivacy helps districts comply with COPPA law by: · Curating all privacy policies and terms of use links · Reviewing and vetting privacy policies of approved technology for safety and security · Posting online resources for parents to view Vetting and Scoring School Vendors for COPPA Compliance The EdPrivacy proprietary scoring system is used to answer specific questions about vendors’ privacy policies and its compliance with COPPA law and other regulations. · Is data being collected from users? · Is the user under 13? · Is the user’s personal identifiable information used for any commercial, non-educational purpose? This includes targeted advertising, social profile building, data sales/rentals/leases/licenses. By reading and digesting vendor privacy policies, EdPrivacy determines if a school district and/or parents remain in control of personally identifiable student data, and whether or not the vendor provides them with access to review and delete that data. Machine Learning AI - The Tech Behind EdPrivacy In compliance with COPPA law and other state and federal legislation, EdPrivacy consistently vets online technologies using machine learning AI to facilitate the process of evaluation and monitoring changes in the privacy policies over time. EdPrivacy clarifies questions about data collection, data use, data retention, data integrity, data security, data privacy, and data deletion. These questions align with different parts of COPPA law and other regulations. EdPrivacy automates the entire process of COPPA compliance by distilling the decision-making process into a simple-to-understand “yes” or “no” statement on the privacy quality scoring dashboard. It includes an approved technology list customized for each district and publicly posts approved online resources for parents to view. It also includes an easy-to-access searchable library with data privacy scores for more than 10,000 applications, websites, and online learning technologies. Learn more about how EdPrivacy can demystify all the privacy policy legalese associated with COPPA compliance with a free trial Related Posts Helping School Districts Address FERPA Compliance Meeting FERPA regulations and ensuring FERPA compliance is no easy task. Learn the solutions that schools use to manage student privacy. Student Data Privacy Policy for Schools—How to Ensure Your Data Stays Private Keeping students’ PII can be complicated - learn how to create a student data protection policy for your school today. NY State Educators Approach July 1st Deadline to Demonstrate Compliance with Ed Law 2-d Part 121 Public school districts in New York state have until July 1, 2020 to complete the requirements of Education Law 2-d Part 121. The law protects student data privacy and security by limiting access to students’ personally identifiable information (PII) in all public schools and education agencies throughout the state. Learn how EdPrivacy helps district leaders quickly and easily identify safe technologies for the classroom and meet their obligations under the law. What is PII? What Districts and Families Need to Know Personally identifiable information, or PII, is any data point that can be used to identify a specific individual. Understanding how to protect student PII begins with knowing what data is being collected. Learn more about the federal and state data privacy laws that govern the protection of student information, and how EdPrivacy helps districts proactively protect PII. What is App Vetting and Why is it Important? School district leaders are tasked with protecting student data. Here we share the importance of reading the privacy policy and vetting apps for privacy before approving them for student use, and explore the benefits of outsourcing the vetting process to data professionals. Managing Student Data Privacy: How One District is Doing it Right Learn how a school district in Georgia is effectively supporting their student data privacy policy with EdPrivacy, a comprehensive privacy management tool that vets vendor privacy policies, monitors policies for changes, and protects sensitive student information.