Guidance Issued on Protecting Student Privacy While Using Online Educational Services

The Department of Education released model terms of service guidance and a training video aimed at helping schools and districts protect student privacy while using online educational services and applications. The guidance offers examples of terms of service provisions to help school officials identify which online educational services and applications have strong privacy and data security policies and practices.

Among the recommendations:

• Marketing and Advertising: Terms of service agreements should be clear that data may not be used to create user profiles for the purposes of targeting students or their parents for advertising and marketing, which could violate privacy laws.
• Data Collection: Agreements should include a provision that limits data to only what is necessary to fulfill the terms.
• Data Use: Schools and districts should restrict data use to only the purposes outlined in the agreement.
• Data Sharing: While providers can use subcontractors, schools and districts should be made aware of these arrangements, and subcontractors should be bound by the limitations in the terms of service.
• Access: Federal student records laws require schools and districts to make education records accessible to parents. A good contract will acknowledge the need to share student
• Security Controls. Failure to provide adequate security could lead to a violation of the Family Educational Rights and Privacy Act, which protects student education records.