In the wake of the shooting at Marjory Stoneman Douglas High School in Parkland, Florida last year, state lawmakers and other education stakeholders introduced new measures and recommendations to prevent further violence and ensure students’ safety. While the need for protective measures is clear, all education stakeholders should understand the serious risks to privacy in Florida’s most recent school safety proposals.
Shortly after the shooting, Florida passed a sweeping school safety law, the Marjory Stoneman Douglas High School Public Safety Act, in March 2018. This law not only raises the age to purchase a gun, allows certain teachers and school resource officers (SROs) to carry guns in school, and provides for school hardening measures, but it also requires districts to collect sensitive mental health information from students as a registration requirement for the new academic year.
Taking advantage of funding provided by the law, Broward County Schools, the district of Marjory Stoneman Douglas High School, has invested $11 million in security cameras in the past year and now shares the video data in real time with the county sheriff’s office. The district is also negotiating a contract for “artificial video analytics,” that uses artificial intelligence to monitor students. None of these initiatives include privacy protections or specify how the data collected will be stored, retained, and ultimately deleted.
Early this year, two new school safety proposals emerged. After holding meetings and hearings on what occurred prior to and during the Parkland shooting and to generate recommendations to prevent another mass shooting, the Marjory Stoneman Douglas High School Public Safety Commission released its report on January 2. And in February, the Florida Senate introduced the bill SB7030, “School Safety and Security,” also designed to prevent violence in schools. Both the report and the proposed legislation call for schools to share increased information about students; similar to the 2018 law, neither includes any privacy guardrails for the proposed information-sharing.
Increased Information-Sharing with School Resource Officers
The Marjory Stoneman Douglas Commission recommends a “high level of information sharing between school resource officers (SROs) and school administrators.” The report also states that “the SRO or applicable law enforcement agency shall have access to educational/disciplinary records provided by the school.” The Family Educational Rights and Privacy Act (FERPA) does allow student information to be shared with law enforcement under particular circumstances; for example, schools can share this information when the SRO acts as a school official (meaning the SRO has a legitimate educational interest in the information and is not allowed to redisclose it without consent) or when there is a health and safety emergency.
But the report’s recommendation is ambiguous: does the commission mean that schools must share all student education records with the SRO, which would raise serious privacy questions? Or does it mean that schools should proactively decide which records to share with SROs and then ensure the officers’ access to those records? If the commission means the former, this could encourage the officers to proactively examine every record in an attempt to guess which students might be “threats.” One risk is that the officers’ personal biases could influence that assessment, leading to increased discrimination against minority students or students with disabilities. People should have access to students’ personal information only when they need it to do their job.
In addition to recommending information-sharing so that law enforcement can determine appropriate action, the report states that those actions should be “solely within the discretion of law enforcement officers” and that school administrators should not interfere with “law enforcement decisions.” This could enable law enforcement to treat discipline, which is traditionally handled by the school, as a criminal matter. Law enforcement involvement poses serious, lasting consequences for students. Even a record of an arrest without charges filed can prevent a student from attending college. Most incidents that happen during a school day do not constitute “criminal conduct.” Forcing schools to cede control of the disciplinary process to law enforcement ensures that more students will enter the criminal justice system and that educators and administrators will have less control over their schools.
Increased Information-Sharing for Threat Assessments
Both the commission and SB7030 also recommend increased sharing in the context of threat assessments. Threat assessments are designed to evaluate students who have been identified as potential safety threats, either because of an overt threat they have made or behavior that may lead to violence. Multidisciplinary teams of school officials generally make these assessments to provide early intervention services to troubled students and prevent escalations in behavior.
SB7030 changes how threat assessments are performed, by requiring the state to develop a new threat assessment tool that would be used by every district. The tool would assess not only students but also “family, and school and social dynamics.” This wide focus likely represents a “whole-child” approach to threat assessments, but the legislature has not provided practical guidance on this. The new process will probably require schools to collect an enormous amount of sensitive data from unspecified sources. We’ve already seen that if the legislature mandates schools to collect sensitive information, like mental health histories, some schools will implement it without considering community feedback, what the data collected will be used for, or how it will be kept private.
The bill also authorizes a committee to explore how to best store the information in a state-wide threat assessment database. There is no explicit explanation about why this information needs to be kept by the state, how long it will be kept, and when it will be deleted. Students and their families have no method of challenging the accuracy of these assessments, and no window into how the information will ultimately be used. The legislature also instructs the committee to develop data-sharing agreements with law enforcement, with no restrictions on how law enforcement may use the data.
The Marjory Stoneman Douglas High School Public Safety Commission report likewise called for a state-provided threat assessment tool, along with recommendations concerning standing team members and the involvement of district leadership. But the commission went further than SB7030, calling for school personnel to be sanctioned for not reporting behaviors requiring a threat assessment. Fear of such sanctions could increase the number of students who are inappropriately referred to threat assessment teams.
Moreover, because the commission also recommended increased law enforcement involvement in general, threat assessments could become punitive if law enforcement (rather than school leaders) decides whether students should be referred to the criminal justice system. Instead of providing an avenue for educational interventions, threat assessments could worsen the school-to-prison pipeline.
Threat Assessment Recommendations Pose Special Risks for Students with Disabilities
The commission also recommends that “students with IEPs that involve severe behavioral issues should be referred to and evaluated by the threat assessment team” and that “threat assessment teams and IEP committees must coordinate information.” First, “severe behavioral issue” is not a clinical term and has no precise meaning. Any school official with access to medical records and IEPs, which includes SROs, could therefore decide that students with debilitating depression or a severe learning disability fall into this category, even if their disabilities pose no threat to others.
Second, this recommendation increases the stigma associated with disability and could prevent students from receiving equal educational opportunities. In Oregon, a student was asked not to attend school for days at a time over the course of a year, as well as subjected to searches of his locker and backpack. He eventually fell so far behind that he had to transfer to night school in order to continue his education. The process was opaque, and the parents had no idea why the school acted in this manner. If children receiving special education services are scrutinized by assessment teams that are incentivized to identify students as threats, parents will be less likely to seek the services their children need, and students will be less likely to seek help and support from school counselors or other school officials. Research has also shown that children with disabilities are more likely than their non-disabled peers to be arrested. Adopting this recommendation will only increase this disparity.
When performed correctly, threat assessments allow schools to intervene before a student becomes violent. These interventions are usually designed to be non-punitive and to successfully reintegrate troubled students into the school community. Florida’s latest proposals turn threat assessments into methods of excluding students from their communities. And since there are no recommendations for minimizing the data collected or guidance on when to delete it, students may continue to be penalized long after assessments are performed. The database recommend by SB7030 and the Marjory Stoneman Douglas Commission would create a longitudinal history of the worst moments in a child’s life––even if assessment teams find nothing wrong––and provide absolutely no privacy guardrails around this history.
Calls for Changes to Federal Law
The Marjory Stoneman Douglas Commission understood that not all of its recommendations can be implemented without changes to federal law. Their report echoes the Federal Commission School Safety Report’s call to overhaul FERPA in light of recent school shootings. It is unclear whether these lobbying efforts will be effective, or which laws will ultimately be targeted, but we do know that amid the urgency to take action to protect students, privacy concerns are often not part of the conversation.
Policymakers at all levels should ask two questions: 1) How effective will these new school safety policies be? and 2) Can policies and recommendations achieve the same or similar results without infringing on students’ privacy?
Right now, we have no data around the effectiveness of most of these technologies, or if increased data sharing between agencies actually prevents violence. However, we do know that anonymous reporting apps, which collect much less data and pose fewer privacy risks, have been shown to prevent both planned attacks against schools, as well as student suicide. Because these apps are anonymous, students feel more at ease with reporting their concerns; and since it does not require additional data collection, the privacy concerns are minimal. While there is potential for anonymous reporting apps to be used for harassment, the apps that have been deployed usually have processes to detect and report abuse. State legislatures and district should first consider less privacy-invasive measures such as anonymous reporting apps before the more extreme policies that have been outlined here.
Parents also play an important role in these policy discussions. Parents should ask schools to identify the safety measures they have undertaken and disclose how student data will be used. This includes advocating for transparency in the threat assessment process, knowing which student information SROs can access, and the logic justifying that access.
Students have the right to feel safe in school. Part of that security includes being able to trust that their schools will be good stewards of information.
Sara Collins is a Policy Counsel for the Education Privacy Project at the Future of Privacy Forum.