Privacy

iKeepSafe Intros California Student Privacy Product Assessment Program

• By Dian Schaffhauser
• 12/07/15

A national non-profit working on online student safety has taken upon itself the work of creating a set of digital badges to identify education technology products that adhere to privacy laws. Until this week, the Internet Keep Safe Coalition (iKeepSafe) offered badges to companies that underwent its assessment for the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA) and the Protection of Pupil Rights Amendment (PPRA). Now the organization has introduced a new badge, this one focused specifically on the unique privacy laws that exist in the state of California.

The iKeepSafe California Student Privacy assessment provides a standard for ed tech companies to follow in demonstrating that their products adhere to the federal laws as well as regulations in California.

A biggie is the Student Online Personal Information Protection Act. SOPIPA, as it's called, becomes operative on January 1, 2016. This bill prohibits operators of a Web site, online service, online application or mobile app from "knowingly engaging in targeted advertising to students or their parents or legal guardians." It also stops them from compiling data that could be used to build profiles of students, selling data or disclosing it. Operators need to use "reasonable security procedures and practices" to protect the data from those unauthorized to access it and to destroy the data if the school or district requests.

Another California law covered under the assessment is Assembly Bill No. 1584, which modified the state's education code. This one adds specific provisions to contracts schools and districts sign with third parties related to the storage, management and retrieval of student data and educational software and who ultimately controls those student records (the school does). Any contract missing that language and signed after January 1, 2015, when the regulation became active, can be rendered void.

The assessment process also evaluates software against California regulations tied to the collection of student information from social media and the federal Health Insurance Portability and Accountability Act (HIPAA).

The news about the new digital badge and its assessment came during an annual gathering of the California Educational Technology Professionals Association (CETPA), whose membership of IT professionals work in schools. CETPA members helped iKeepSafe develop the framework for assessing products' adherence to California's specific privacy laws.

"California's new legislation is important, but the best way to strengthen student data privacy protections is more and better information for local education leaders who choose ed tech products for their students and schools," said Steve Carr, chief technology officer for the Ventura County Office of Education and President-Elect of CETPA. "iKeepSafe's new privacy badge is an important tool to help educators and ed tech leaders meet new student privacy regulations in California."