Districts must navigate privacy rights during pandemic responseScott Rothschild
Kansas school districts have been forced to make major operational changes in response to the COVID-19 pandemic, and many of those changes force a closer look at compliance with federal and state privacy laws that remain in force.
The KASB legal staff has prepared a new guide “Student Privacy in the COVID-19 Continuous Learning Plan Model” to help districts protect student and staff privacy while switching to greater reliance on technology. It is available to members of the KASB Legal Assistance Fund through the KASB member portal.
Here are some of the key provisions of state and federal law that must be considered.
Family Educational Rights and Privacy Act. This federal law protects personally identified information in a student’s educational records from disclosure without permission from parents or students 18 and older. This means districts must carefully review how information is shared with online learning platforms and information that can be shared or recorded in online sessions.
Protection of Pupil Rights Amendment. This federal law provides parents with certain rights regarding marketing activities in schools and requires districts to adopt policies about these activities. There is an exception for student information used exclusively for developing, evaluating or providing educational products or services. Districts must ensure that any vendors they work with are complying with this law.
Children’s Online Privacy Protection Act. This federal law applies to commercial websites and online services directed at children and generally requires these sites to obtain verifiable parental consent before collecting personal information from children. One exception is for information collected for the use and benefit of students or schools and for no other commercial purpose. For other purposes, parental consent must be obtained.
Children’s Internet Protection Act. This federal law bars schools and libraries from receiving e-rate discounts unless they provide internet blocking or filtering of materials that are obscene, child pornography or harmful to minors. It also requires they provide monitoring of online activities by minors and educate minors about appropriate online behavior. This raises challenges were students are using the internet to access materials at home.
Student Data Privacy Act. This Kansas law was primarily designed to regulate student data submitted to and maintained by a statewide longitudinal data system, but there are some provisions that could raise issues in a distance learning model. These include a prohibition on collecting biometric data or data concerning student and parental beliefs about certain topics without parental consent. These provisions could raise issues if online learning programs access or record information from the student’s home.
Breach of Privacy. State law defines the crime of breach of privacy, which includes the use of technological devices to intercept or overhear private messages or conversation in places where a person should reasonably expect to be safe from uninvited intrusion or surveillance. This means districts should take precautions when interacting with students in their homes through technology.
Health Insurance Portability and Accountability Act. This federal law concerns the confidentially, security and protection of health information. It requires districts consider any individually identified health information of students or staff members as highly sensitive and that it is only disclosed in accordance with federal and state laws.
The KASB Student Privacy in the COVID-19 Continuous Learning Plan Model guide provides detailed advice on how to address the issues raised by these laws. Members of the LAF may also contact KASB staff attorneys directly with specific questions or concerns.