Despite a flurry of congressional activity on student-data privacy during the first half of 2015, the odds of a comprehensive federal law being enacted anytime soon appear slim.
The ongoing uncertainty means that educators and school officials, already wrestling with the more immediate challenges of new classroom technologies and sometimes-onerous new state laws, are likely to spend another school year keeping a wary eye on Washington.
“Schools are already going through a lot of change, and this just adds an additional layer of complexity,” said Amelia Vance, the director of education data and technology for the National Association of State Boards of Education, or NASBE.
“There’s a sense from everyone that something has to be done” at the federal level, Vance said. “But we’ve had 33 states in the past two years pass some sort of [student-data-privacy-related] law, so there’s also a sense that maybe we should let that dust settle.”
One of the primary challenges facing federal lawmakers: deciding whether a new national law should focus on the responsibilities of schools or the responsibilities of vendors with whom schools do business.
Whatever happens, many educators say they hope their voices will be heard. They also hope any new laws will include funding for training and technical support for those people inside schools who will ultimately be responsible for implementing any new law.
Evaluating Federal Proposals
All told, eight federal bills, amendments, or provisions related to student-data privacy have been introduced in 2015.
One of the very few that appear to have even a chance at passage anytime soon is an amendment to the Senate’s proposed reauthorization of the Elementary and Secondary Education Act. That far larger bill, which outlines much of the federal government’s role in K-12 education, could come up for a vote this fall. The data-privacy amendment, introduced by U.S. Sens. Orrin Hatch, R-Utah, and Edward Markey, D-Mass., would take the tentative, and time-worn, approach that legislators often pursue with hot-button topics: creating a committee to study the issue, then make recommendations.
But even that may be too much to expect, given that Congress will be preoccupied this fall with big fights over national security and the federal budget.
If the two chambers can’t agree on a broad ESEA rewrite that President Barack Obama is willing to sign, the Hatch-Markey amendment will likely end up in limbo.
Outside of the ESEA, meanwhile, some federal lawmakers are focused on overhauling the most significant national student-data-privacy law currently on the books, the Family Educational Rights and Privacy Act. Enacted in 1974, FERPA focuses on the responsibilities of schools to safeguard student records. It is widely seen as antiquated and inadequate for the digital age.
The most significant proposal to overhaul FERPA was introduced in Congress in May, when a bipartisan group of leaders from the House education committee introduced a bill that would update the law to expand the definition of a student’s “educational record,” place new obligations on both schools and vendors around the handling of that information, and prohibit the use of such information for most advertising to students.
Two Senate bills introduced in 2015 would also take a crack at updating FERPA, though neither has gained much momentum.
At the same time, other federal lawmakers want a new law that would focus on regulating the companies doing business with schools.
Obama lent his support to that approach during a January speech at the Federal Trade Commission.
In April, U.S. Reps. Luke Messer, R-Ind., and Jared Polis, D-Calif., followed the president’s lead, introducing the Student Digital Privacy and Parental Rights Act of 2015. In addition to prohibiting ed-tech companies from selling student data or using such information for most targeted advertising to children, the Messer-Polis bill would require vendors to meet new requirements related to data security, breach notification, and contracts with third parties. It would also grant enforcement authority to the FTC.
In the Senate, Sens. Richard Blumenthal, D-Conn., and Steve Daines, R-Mont., introduced a broadly similar bill, dubbed the Safe Kids Act, in July.
Insiders say the latter bill has an outside chance of reaching the president’s desk, although lobbyists from both industry and advocacy groups are still seeking to influence the legislative details of the proposal.
“My sense is that senators are eager to do something on data privacy, and if ESEA doesn’t move forward with the Markey-Hatch amendment creating a new committee, then Blumenthal-Daines could be what they’re doing,” said Vance of NASBE.
Unintended Consequences
Following the twists and turns of the federal legislative sausage-making is “extremely challenging” for even the most concerned educators, said Kerry Gallagher, a former history teacher who now works as a technology-integration specialist at St. John’s Preparatory School, in Danvers, Mass.
“I think the vast majority of classroom teachers are somewhat aware the debate is heating up, but I’m not sure they feel comfortable weighing in,” said Gallagher, who volunteers with the Smarter Schools Project, an industry-backed initiative to promote the use of educational technology in the classroom.
But without such frontline input, new student-data-privacy laws can have major unintended and negative consequences inside schools, said Sheryl Abshire, the chief technology officer for the 32,600-student Calcasieu Parish public schools, in Louisiana.
Abshire and others are particularly concerned about bills that come with new requirements for schools but no new funding and time frames that are often “totally unrealistic.”
She pointed to two recently passed state laws in Louisiana that bar schools from sharing students’ personally identifiable information without parental consent and require schools to post on their websites detailed information about their contracts with vendors who deal with student data. Offenders—including teachers and school personnel—can face up to three years in jail and $10,000 fines. The laws were implemented at the start of this school year, causing major headaches on the ground in August and September.
“A lot of other things had to come to a halt to meet this timeline,” Abshire said. “If the community of [school technology] leaders had been involved in the crafting of that legislation, we could have helped them come up with processes that were cleaner and less burdensome.”
Lawmakers’ continued lack of emphasis on providing privacy-related training for frontline educators is also troubling to Paige Kowalski, the vice president of policy and advocacy for the Data Quality Campaign, a Washington-based advocacy group.
A simple example, Kowalski said, is teachers setting their students up with usernames and passwords on new classroom apps. Rather than using the children’s names or initials, teachers can use nonidentifying markers such as “Student1" and “Student2"—an easy strategy that many educators might never be made aware of, she said.
“It’s really just raising awareness of best practices, do’s and don’ts,” she said.
‘Start Conversations’
There are some signs that state lawmakers are listening more closely to educators and thinking through what it will take to implement new laws without unleashing a host of new problems in the process.
The hope, Kowalski and others say, is that federal lawmakers will do the same, whether it’s through a formal student-data-privacy committee established as part of a new ESEA, or further debate around one of the bills that have already been proposed, or via a fresh approach that comes later.
Given the uncertainty in Washington, it’s probably unrealistic to expect educators to pay close attention to that process right now, she said
But that doesn’t mean people in schools should just sit on their hands and wait. “It’s critically important for schools and districts to start conversations now with parents and communities about the information they collect and the technologies kids are using,” Kowalski said. “Right now, that’s just not a conversation that’s happening.”
