When parents think about school safety, active shooters or assaults are usually the first thing that comes to mind. This means your child's privacy and related US privacy laws may be moved down the school board’s to-do list.
The Education Commission of the States summarizes laws and regulations on K-12 school safety and highlights the necessity for a district safety plan, safety audits to be conducted at school facilities, evacuation, lockdown, active shooter, and emergency response training drills.
Another aspect of safety that should be included in initiatives is protecting data privacy, which we will cover in this article. While this article concerns the schools’ responsibilities toward students, other affected parties who could benefit from it include school boards, administrators, teachers, staff, parents, and the students themselves.
What Measures are Schools Taking to Protect Children's Personal Identity?
Safety measures include
School employee vetting utilizing a criminal record check.
Keyless entry controls and contactless sign-in-and-out procedures to prevent unauthorized access.
Video intercoms at key entry points allow staff to vet visitors before granting access
In 2020, US schools invested $360 million in new security technologies, according to a study by Omdia for the Security Industry Association. According to the National Center for Education Statistics, 91% of US public schools used security cameras in 2019-2020, making CCTV the second most common security measure after controlled access.
CCTV is used to monitor and address bullying; discourage trespassing, theft, and vandalism; deter crime and school violence; and in the event of an emergency, share camera live stream access with emergency responders, as well as provide documentation in the event of an incident.
Camera Surveillance in Schools
When installing cameras, it is always best to use a firm specializing in this. Companies that set up video monitoring focus on creating secure access for parents, so they can install and determine the placement of the cameras, as well as set up parent accounts on an encrypted site for security purposes.
Using an outside company removes some liability in case of unforeseen camera issues. Under no circumstances should unrestricted public access to video feeds be allowed. Parents of children at the facility should be the only ones viewing the footage, and they should only be allowed access to classroom feeds where their children are enrolled. It is illegal to use a live feed for school marketing purposes.
Privacy Law Considerations
Cameras should not be placed where one could reasonably expect privacy, so bathrooms, changing rooms and private offices should be excluded.
Parents and employees should be notified about the cameras. It must be obvious that there is video surveillance and signs to this effect should be posted. Registration documents should include a notification about the cameras and a waiver.
The school should have a set policy regarding the preservation of footage. For example, the facility could store the footage for 30 days and only then record over the footage. Access to view this footage must be limited. Having policies describing who can access security footage and under what circumstances protects student privacy and ensures improved security.
Outdated Privacy Law
Today, more data is being collected than ever. Protecting student PII - including name, birth date, address, phone number, student ID, demographics, and login credentials - is crucial.
In terms of the Children's Online Privacy Protection Act (COPPA,) and Family Educational Rights and Privacy Act (FERPA) that gives students control over their educational records and access to them on request, schools, faculty, and staff should be aware of and comply with student data privacy and online safety regulations, as well as State laws and school policies regarding the use of educational services and products.
Unfortunately, FERPA - introduced in 1974 – is not keeping pace with digital developments. It does not apply to third-party vendors, its enforcement mechanism is inadequate, and families have little redress in case of violation.
Common violations of FERPA include:
Emailing protected student information to all in the class.
Including social security numbers on shared documents
Posting grades and identifying information in public
Publicly disclosing a student athlete's academic status.
It is imperative that teachers follow responsible digital practices, as well as teach safe internet practices and technology use to their students. This includes carefully considering the digital processes and products they incorporate into lessons. If the necessary steps are not taken to ensure students' personal information is secure, schools risk repercussions in the future.
Classroom Technology Update
School- or government-issued laptops and tablets are used more in teaching, examining, and monitoring. Online portals offer access to class information and teacher-created videos, textbooks can be found online, and tests can even be taken online.
School-administered educational cloud services are also being used both inside and outside the school, and parents use those same services to check up on their children and receive feedback from teachers.
The possibilities are infinite. But when schools use this technology, it is not only teachers who can collect data from their students, as the companies that provide it can also collect it. Third-party vendors can collect student communications and metadata about their online behavior while using an app.
Is Your Child's Privacy Being Taken Seriously?
With records such as persistence scores being given as young as seven, the concern is that such predictive and behavioral analysis data may be used to the child's detriment by a college or employer in the future.
As any responsible parent should teach their child, the concept behind "digital permanence" is that once information or photographs are uploaded, posted, or published via a digital device, it is always there.
Likewise, technology is not going anywhere, so we might as well embrace it and bring to the fore data protection issues such as those mentioned below.
Administrators generally rely on education-technology companies to direct privacy and data policy, so knowledge of privacy practices cannot be explained by the school.
Devices are issued to students without informing parents, so parents have little idea about the required apps, how they will be used, and what data they will collect.
Because of the lack of communication, the onus is for parents to seek information from the school administration.
Parents wanting to opt-out of education-technology schemes had limited alternatives, and there were few informative resources to help make those decisions.
All roleplayers wanted more and better training in privacy-focused technology use.
In addition, these privacy measures should be taken by staff to help ensure the safety of both students and the school:
Data privacy policies of tools or applications must meet the school's data privacy requirements.
Sensitive information should be encrypted to limit access.
Data must be securely stored, and "downloads" folder contents be deleted regularly.
Student data should not be left lying around.
Access to student records should be strictly for those with a "Legitimate Educational Need to know."
Fake student data must be used when creating handouts and/or presentations. If live data is necessary, blur the sensitive information using a video redaction tool.
Password-protect computers and learning sites; lock or log out when not in use.
Data Protection Best Practices
One would hope schools have a solid grasp of data protection best practices, but this is not always the case. Teachers and administration staff, many of whom are not tech-savvy, are faced with protecting the masses of digital information created in the school environment, and the repercussions of breaches in privacy measures could be felt by students down the line.
Here is a link to a sample document from the Colorado Department of Education that provides guidelines on what should be covered by the schools’ policies in regard to protecting students’ data.
Redaction is Front Line of Defense for Privacy
Video redaction will likely be necessary for your state soon, if it is not already. If schools are taking footage of pupils, for instance, on surveillance cameras, they will need to reduce the risk of data privacy exposure if video is released to other pupils wanting to see the footage or law enforcement, for example, if there is an incident, such as theft or fighting at school. With redaction tools at hand, they can ensure that other students' faces and personally identifiable information are no longer recognizable.
Sighthound's redaction software is an easy-to-use, affordable method of eliminating personal information from video, manually or automatically blurring faces, vehicles, license plates, and other confidential information.
Child privacy and online data protection should be every school's priority. Ensure your school's compliance with privacy legislation with Sighthound Redactor.