Updating FERPA, after all it’s only 40 years old
This week Congress talked about improving legislation to protect student privacy. The Subcommittee on Early Childhood, Elementary and Secondary Education conducted a hearingto discuss updating FERPA and it is important that student privacy is being discussed in Congress to raise awareness of this issue.
FERPA was enacted in 1974 and what this session made clear is that the 40 year old law can’t keep up with the rapidly developing education technology industry. So yes, FERPA needs a facelift. The discussion is moving beyond attempts to prevent the collection of data to become a dialogue involving students, parents, educators and industry leaders. Now, I am not saying it’s all good and we have nothing to worry about but I am encouraged when listening to testimony acknowledging the challenges ahead and the desire to present Congress with facts and information that will help them make informed decisions. More importantly, I feel Congress asked some of the right questions – what is the role of third party vendors, what data should we collect, what does it mean to have an SLDS and how long should we retain the data? The underlying problem is how to support and improve FERPA without shutting the system down. The hearing was not about overreach. It was about finding a balanced approach to updating a law to protect student information.
I found particularly interesting Joel Reidenberg’s proposition of data minimization: how much data should we really collect and do we need to collect every detail of a child’s educational journey? We ought to critically examine what data is required to improve education and serve each learner’s particular needs. And it’s complicated. As Shannon Siever pointed out – do we need to do a biometric scan on a student in order to deliver school lunch? No. But biometric data can provide valuable insights and benefits for a student undergoing speech therapy. So what do we limit?
Another important point discussed was that of data ownership. We need to define this concept because what data ownership means for industry is not the same as what data ownership means for students. Does one recognize students own their data while still acknowledging that third parties can use that information?
Though much was discussed during this hearing, much has yet to be discussed. If we overhaul FERPA, we must be mindful that we are not limiting our ability to study why some students are being left behind. That we adopt a comprehensive approach to the collection of information but that we protect the information of students with learning disabilities, for example.
This Committee will be well served if it considers parents as partners and not bystanders. Consider who generates the data (students), who holds the data (schools) and how the data is being used (third party vendors) in schools. Strike a balance of personalized learning and safeguarding data.
I urge Congress to be careful when considering changes in FERPA and to think seriously how these changes will impact the ability of schools to use technology to better educate students. In an effort to limit data usage we may limit how we can help students learn.
Without modernizing FERPA innovation will stall. If parents do not feel that we have a law on our side, there will be a constant tension between schools, students and service providers. FERPA needs to be updated to fit what happens in schools and technology today to build trust between all the stakeholders, foster cooperation and provide privacy protection. And don’t forget our students need to have a voice in the process – what do they expect an updated FERPA will deliver to them?
If you missed the hearing, here is the archived webcast – Congressional Hearing