Student Data Privacy

Dropdown Arrow
Data Privacy (5/8)

From Mining to Minding Student Data

Student data privacy is top of mind for everyone, from companies to parents. 2015 proved to be the biggest legislative year yet for this hot topic
Student Data Privacy Legislation (‘14-’15)
Greater attention has been placed on student data privacy legislation with 47 states having proposed legislation in 2015

The term “big data” exploded into our world around 2011. The idea is that by scrutinizing the vast amounts of data about our behavior we create by interacting with technology, we can learn about our habits and maybe even improve our lives. In education, big data seemed to hold a few promises: help teachers better understand which concepts made students stumble, help edtech companies develop more useful and relevant products, and help students learn faster and better.

What's your role related to Edtech?
(Your voice helps us to determine what’s ACTUALLY important to our readers. Check it out!)

Select your role


In 2015, however, educators, parents, legislators, and companies began moving from mining student data for insights to minding who could see and use student data and for what purpose.

Here’s why.

Education advocates spotted the power of data early: In 2011, the Gates Foundation, Carnegie Corporation and others began what became a $100 million project called InBloom that promised to deliver to school districts a powerful data warehouse for collecting and analyzing student data. When InBloom was publicly unveiled in early 2013, it ignited debate among parents and privacy advocates about who “owned” data on students. Other new stories amplified those fears. Former CIA analyst Edward Snowden revealed the US government’s extensive phone and internet surveillance activities in 2013, exacerbating longtime privacy concerns about Big Brother-like policies. Breaches of corporate databases—from Target in 2013 to Morgan Stanley in 2014—added to parents’ worries about whether any centralized database could be secure.

Such concerns helped shutter InBloom in 2014. At the same time, parents and privacy advocates began pushing harder to compel school districts and state legislators to weigh how edtech tools—especially, “free” tools—collect data and what they did with it.

In 2014, 110 bills were introduced in state legislatures aiming to protect student data. In 2015, 188 more bills popped up. By the end of the year, 15 states had passed 28 student data privacy laws, outlining stricter rules around how to handle student data. On January 1, 2016, California and New Hampshire became the first two states to go live with stricter student privacy laws. Delaware and Oregon are expected to follow suit in July and other states in 2017. Implementing these laws will provide many lessons for the other states (Experts do not expect to see sweeping national legislation on student data privacy.) If 2014 was a year of haziness, confusion, and frankly, fear around the misuse of student data, then 2015 brought common language around how to safeguard student data privacy.

Companies and schools began grappling with the implications of the new laws:

  • What data should be collected and by whom?
  • What can and should schools, companies and the government do with student data?
  • Who “owns” it—and so can demand it be deleted?
  • Who could grant permission to use student data?
  • Who was responsible for safeguarding it?
  • And how different would the various states address these questions?
Privacy is not a project that we get through to something else. We are never, ever done with privacy as long as we are using data and tech in education to support student learning
Going forward, collaboration will be the touchstone. The Consortium for School Networking (CoSN), working with education partners and 25 school districts, is due to soon release its Trusted Learning Environment seal, aimed at moving from mere compliance to building a “culture of trusted learning” around using data.

And questions around equity continue to grow. “There are some pretty compelling arguments that privacy is a manifestation of affluence and privilege if you look at what software gets rolled out in which schools, who gets alpha level software and why and who gets products with porous terms,” contends Bill Fitzgerald, Director of Privacy Evaluation at Common Sense Media.

This much is certain: privacy is “not a project that we get through to something else. We are never, ever done with privacy as long as we are going to use data and tech in education to support student learning,” says Aimee Guidera, President and Chief Executive Officer of the Data Quality Campaign.

How important is Data Privacy to you?
Not ImportantNot SureVery Important





Common Sense Kids Action is a branch of Common Sense Media with a mission of helping kids thrive in a world of media and technology
Getting to Privacy 2.0

The issue of student data privacy is a stew of competing interests. Parents should be able to make choices about what happens with their children’s information. Schools should be able to use student data to improve instruction, services, and school management. Private service providers should be able, with limitations, to use the data to improve their programs and develop innovative solutions. There must be strong safeguards that ensure vigilant and appropriate security, privacy, and data management practices. And everyone needs to be aware of what constitutes appropriate use of student records, and act accordingly.

It is hard to referee the competing interests, however, until there is a better understanding of the “what, when and how”—which has been the thrust of most state laws in recent years. It has been a period for the creation of version 1.0 type of laws that establish basic ground rules around student privacy and data use for key actors, including the State Board of Education, Department of Education, local districts, and the vendors serving schools. While there is some consensus around clearly inappropriate behaviors and necessary rights, this is still a work in progress. The potential for unintended consequences abound.

In recognition of these new efforts, private service providers are not sitting idle. They are doing their part to clarify the bounds of their acceptable behavior with the creation of the Student Data Privacy Pledge. The Pledge lays out, in plain language, what service providers do and do not do with the student data they collect. It has proven useful for policymakers as they consider all of the competing interest and develop the new laws.

The efforts have been productive. Today, there is a far better understanding of the issues at play then just three years ago. Most states now have (or will soon have) version 1.0 rules in place, and these will help policymakers and practitioners get to a place where they can have richer privacy-2.0-type discussions.

For the Greater Good

Educators see the importance and value of both safe data practices and using data to improve the learning environment. A 2015 Houghton Mifflin Harcourt survey of 1,000 teachers and administrators found that 58% were “very” or “somewhat” concerned about student data privacy. However, while teachers are wary of data privacy concerns, that hasn't stopped them from seeing the value in leveraging data to improve teaching and learning. “Without these edtech tools, we wouldn’t have made as many strides, we wouldn’t have as many research-based teaching strategies, we wouldn’t be able to adjust learning,” says Kerry Gallagher, Digital Learning Specialist at St. John's Prep.


With a flurry of new legislation passed at the state-level in 2015, navigating student data privacy can be incredibly confusing for educators. Some states have new laws (like California’s SOPIPA) that “place the burden on the vendor to follow the law, not the school or the teacher or the districts,” says Craig Cheslog, Co-Director and Vice President for California Policy at Common Sense Kids Action. However, even with these laws in place to put the responsibility on companies, educators are often still responsible for communicating to parents how the tools they use protect student privacy. In some districts, administrators are able to share an approved list of tools that meet privacy standards. But in many cases, schools are still figuring out how to best support teachers—according to a 2014 Project Tomorrow survey of over 44,000 teachers and librarians, only 25% of teachers report receiving instruction or information about what their district is doing to protect student data. Many teachers are left to navigate how tools meet school or district privacy standards on their own.

Digital Learning Specialist at St. John’s Prep
“Without these edtech tools, we wouldn’t have as many research-based teaching strategies, we wouldn’t be able to adjust learning.”
Digital Citizenship is the Name of the Game

With an increased focus on data privacy, educators spend more time teaching students about data safety. Teachers focus on teaching students how to be upstanding and savvy digital citizens, avoid cyberbullying and preserve their online reputations. According to Kayla Delzer, second grade teacher in West Fargo, North Dakota, “while media specialists teach [digital citizenship] skills, it is essential that classroom teachers are embedding it into their classroom curriculums as well as soon as students are online.”

How important will Data Privacy be in the next few years?
Not ImportantNot SureVery Important
Get this report as a PDF: