ACLU Says Massachusetts Schools Have Weak Data Privacy Policies


The American Civil Liberties Union of Massachusetts (ACLU) has revealed that several schools in the state that employ digital technologies to monitor student performance and collect information about their education cannot adequately protect or guarantee student privacy.
The ACLU researchers analyzed 35 school districts and found that a majority of the schools lacked a student data protection strategy. The ACLU report titled ‘Back to the Drawing Board: Student Privacy in Massachusetts K-12 Schools’, shows that there’s no transparency as to the processes followed when schools are collecting, using and storing sensitive information.

The report says it’s crucial to protect student data so that students accessing technologies and devices at school and after school hours don’t get their sensitive information compromised. Almost one in two school districts use a third-party vendor to manage student personal information. Almost two in every three districts can inspect student devices without student consent.

As the report reveals, in almost every district students have no expectation of privacy when using the Internet on school premises. Teachers and administrators in many districts can inspect student devices even if there’s no real suspicion, Louise Kennedy reports for Learning Lab.

One factor that leads to inadequate control over student privacy is the weakening of student privacy rules that essentially allow schools in various scenarios to share sensitive student information without parental control, the researchers highlighted.

Student privacy regulations in Massachusetts haven’t been updated since 2006. In the almost ten years since, many schools have integrated third-party technologies to monitor, collect and store student data. The researchers call for an update of these regulations to safeguard “student and parent confidentiality.”

Many districts that use third-party applications can collect and share sensitive student data with these companies without neither parents’ nor students’ consent.

The Mystic Valley Charter School was the only one that did not share student data with third-parties, and only the Uxbridge District had a data policy that clearly states that inspections are only allowed when there’s genuine reason for a search, My reports.

Several districts also use software that monitor digital student activities outside of school hours. The researchers said that when schools draft their contract terms with the help of private corporations, then the policies are in favor of student privacy as opposed to when the contracts are written by organizations and signed by schools.

In response to the ACLU report, the state department of elementary and secondary education said it had offered support and guidance to schools and districts that form student data policies.

The ACLU researchers give guidance to students and parents on how to use school-issued devices and urge them not to use these for personal communication. Students and their families are also advised to read their school’s privacy policies to better understand what the use of school-issued devices entails.

The ACLU has published online legislation models that are based on other states’ laws to help schools and districts update and expand their privacy policies, The Milford Daily News reports.