Attention School Board Members. Have you Budgeted in Legal Expenses for Data Privacy Protections?
The National School Board Association (a private organization) has released a guide for local school boards to deal with data gathering and privacy issues the local boards have thrust upon them as part of the four assurances contained in the State Fiscal Stabilization Fund:
The State Fiscal Stabilization Fund (SFSF) program is a new one-time appropriation of $53.6 billion under the American Recovery and Reinvestment Act of 2009 (ARRA). Of the amount appropriated, the U. S. Department of Education will award governors approximately $48.6 billion by formula under the SFSF program in exchange for a commitment to advance essential education reforms to benefit students from early learning through post-secondary education, including: college- and career- ready standards and high-quality, valid and reliable assessments for all students; development and use of pre-K through post-secondary and career data systems; increasing teacher effectiveness and ensuring an equitable distribution of qualified teachers; and turning around the lowest-performing schools.
Here’s what the NSBA press release says about the local school board responsibilities in having to guard private student data:
Posted: 28 Apr 2014 02:00 PM PDT
As school districts increasingly move to cloud computing instead of on-site data storage, the National School Boards Association (NSBA) and its Council of School Attorneys (COSA) have released a guide for school boards introducing the legal issues associated with protecting student data and suggesting best practices.
The guide, “Data in the Cloud,” seeks to raise awareness of student data privacy concerns, and to provide a framework for comprehensive student data privacy approaches in school districts.
The guide notes that cloud computing applications offer ease of use and accessibility, but come with the potential for loss of privacy and increased liability, as personal information is transferred to the application.
“School boards should consider starting a discussion with school district staff and their communities about building a comprehensive student privacy protection program,” said NSBA Executive Director Thomas J. Gentzel. “This guide is a helpful tool for school boards as they review and potentially rethink policies related to data and student privacy.”
The guide uses a question-and-answer format to explain the relevant terminology, recent academic research, the breadth of software offerings, important legal requirements, and additional resources available to school board members and school lawyers.
“The legal requirements that could potentially govern student data privacy are still evolving,” said Greg Guercio, COSA Chair. “The school law requirements section of this guide is a key asset for school districts and their attorneys. Current laws still leave plenty of room for interpretation on student privacy, making it is essential for district leaders to ask the right questions and understand potential problems.”
Recommendations for school boards include:
• Identify an individual district-wide Chief Privacy Officer (CPO), or a group of individuals with district-wide responsibility for privacy;
• Conduct a district-wide privacy assessment and online services audit;
• Establish a safety committee or data governance team that includes the school or district’s Chief Privacy Officer to work with the school community, recommend policies and best practices, and serves as the liaison between the school district and the community on privacy issues;
• Regularly review and update relevant district policies and incident response plans;
• Consistently, clearly, and regularly communicate with students, parents, and the community about privacy rights and district policies and practices with respect to student data privacy;
• Adopt consistent and clear contracting practices that appropriately address student data; and
• Train staff to ensure consistent implementation of school district’s policies and procedures.
Read between the lines. These mandates are going to cost school boards money. Possibly a lot of money. A Chief Privacy officer should be designated for all school districts to guard the data the governor agreed to provide and additional time will have to be spent in training staff on data gathering and privacy. Note that school boards didn’t agree to assume this chore; it has been mandated to do it via the state fiscal stabilization fund agreement. So much for your local school board members representing its local constituents. It’s being advised what to do by private national school board organization that is not protecting the local control of school boards.
The NSBA news release isn’t telling you everything that’s contained in the “Data in the Cloud” report. According to Politico, data gathering and keeping the data private is described as “it’s a legal minefield”. Won’t that mean more business for school lawyers or the necessity to hire lawyers whose specialty is data privacy law?
(click on graphics to enlarge)
School Board members should take note on page 2 of the NSBA document on what’s in store for them in the next few years. They need to budget in extra cost for legal counsel:
The press release didn’t mention this tidbit from the endnotes in the report:
This is what districts are going to have to do: hire lawyers and chief privacy officers. It’s no wonder the Missouri Department of Elementary and Secondary Education isn’t worried about data gathering and protection. It’s the districts’ responsibility and liability. Who is going to bear the cost of lawsuits when/if a student can prove that his/her identity was stolen because of personal information was accessed via school districts by external entities? And what do you want to wager most Missouri (and other states) districts HAVE NO IDEA on this increase of cost, responsibility and liability for data gathering they may not even believe is necessary?
Arne Duncan confirms the NSBA’s report. School boards will need to assume more cost to protect data gathering. More from the Politico link:
— Secretary Duncan weighed in on privacy concerns in a new “Ask Arne” video. He, too, sounded a cautionary note. Tempting as it may be for teachers to download cool apps or sign up for online services, they must make sure that they and their districts are on top of privacy issues before they start clicking, Duncan said. “With all the excitement around innovation, we simply cannot compromise student privacy. That has to be first, that has to be foremost, that has to be absolutely paramount,” he said. “It’s so important that districts… maintain the trust of the public and of parents. A misstep here would be very, very costly to districts or to states.” The video: http://1.usa.gov/1e6l2aj.