Public schools around the country are adopting web-based services that collect and analyze personal details about students without adequately safeguarding the information from potential misuse by service providers, according to new research.
A study, which is expected to be released on Friday, by the Center on Law and Information Policy at Fordham Law School in New York, found weaknesses in the protection of student information in the contracts that school districts sign when outsourcing web-based tasks to service companies.
Many contracts, the study found, failed to list the type of information collected while others did not prohibit vendors from selling personal details — like names, contact information or health status — or using that information for marketing purposes.
“We found that when school districts are transferring student information to cloud service providers, by and large key privacy protections are absent from those arrangements,” said Joel R. Reidenberg, a law professor at Fordham who led the study. “We’re worried about the implications for students over time, how their personal information may be used or misused.”
Schools have adopted programs like automated student assessment or online homework management systems with the idea that digital, data-driven education could ultimately lead to better test scores, grades and graduation rates. Education technology software for prekindergarten to 12th grade is an estimated $8 billion market, according to the Software and Information Industry Association.
But some privacy specialists, industry executives and district officials say that federal education privacy rules and local district policies are not keeping up with advances like learning apps that can record a child’s every keystroke or algorithms that classify academic performance. Without explicit prohibitions on the nonacademic use of the information, specialists warn that unflattering data could hypothetically be shared with colleges or employers, to the detriment of the student.