Protecting Students’ Privacy in the Data Age

By Matthew Saleh, Ph.D., JD.


Many school systems collect large amounts of individual data related to your child’s academic performance and behaviors at school Privacy advocates are concerned about the risk of breaches due to inadequate monitoring and poor implementation of privacy protections

In recent years, public schools have increased the amount of information gathered on all students, but particularly those in special education. Data routinely collected and stored runs the gamut from contact information, grades, and standardized test scores to disciplinary actions, student characteristics, and curricular planning.

The purpose of all this information is to improve your child’s education. But the practice and sheer volume of individual-level data being gathered has raised concerns among privacy advocates. Despite state and federal requirements governing the collection, maintenance, and reporting of student special education data, questions remain as to how effective those regulations are, and if they’re robust enough to protect the privacy of your child. 

Implementation Snafus

When it comes to answering those questions, the jury is still out. But privacy advocates agree that red flags abound, including a general lack of oversight. Many state and local education departments sub-contract with independent data-management services to carry out their data gathering programs. In those cases, schools or districts may not be directly overseeing the maintenance or security of student information.

The broader the scope of data collection by schools, the greater the potential for hiccups in the process.

Beyond the risk of data-base hacking similar to that which makes headlines almost daily, education data is subject to other snafus. Among the most blatant concerns are situations such as the following:

  • It is not uncommon for schools to provide student files, parental correspondence, or other documents to a parent who is not authorized to receive such information.
  • Human errors can—and do—result in writing the wrong student’s name on an evaluation or entering student data incorrectly.
  • Budget cuts and fiscal constraints may result in cutting corners on properly protecting data from unauthorized viewing or usage.

The U.S. Department of Education has noted that, “significant confusion in the education field surrounding what are permissible disclosures of personally identifiable student information from education records” has occurred. While the federal government is taking steps to clarify where and how student data should be stored and disseminated, the fact remains that there is significant inconsistency in data systems between schools, districts, and states.

Privacy Protection

The Family Education Rights and Privacy Act (FERPA) is the leading federal law protecting the privacy of personally identifiable information from student education records.

With a few notable exceptions (e.g., emergencies), schools generally must have written permission from the parent or eligible student (18 years or older) to disclose any personally identifiable information from that student’s education record.

In addition, FERPA requires that information about the dissemination of student information must be kept in student records—what information was disclosed, when it was disclosed, and to whom—and parents and eligible students must be able to access information on such disclosures.

Bottom Line

The general rule is that parents must be consulted about the dissemination of student data. They should not hesitate to exercise their right to know when, where, and to whom their child’s data has been provided. However, until the data systems themselves are subjected to greater oversight and legal enforcement, it seems that problems of security and collection are likely to persist.

Matthew Saleh is a Research Associate at Cornell University’s Yang-Tan Institute on Employment and Disability, and an instructor of disability studies coursework at Cornell.

Related Smart Kids Topics