California Protecting Student Digital Privacy: Legal Updates in Education

What is privacy in the digital age?  While platform adoption and creation increases, state and national governments race to keep up.  Two particular populations have received the most significant attention in the legislature, including employees and students.

I live in California, where a number of bills have been proposed and successfully passed which protect a number of rights for students, ranging from middle school through college.  Last year I wrote, “Legal Look Out: Where Higher Education & Social Media Collide.”  I discuss cases and laws that educators need to know about.  Two of these related to California include AB 1844 (Employer Use of Social Media) and SB 1349 (Social Media Privacy: Postsecondary Education).

California Senate Bills 1349

Senate Bill 1349 called Social Media Privacy: Postsecondary Education (2012) was specifically written to protect students in postsecondary institutions. It keeps higher education employers or representatives from requesting or requiring any student (current or applicant) or student group to give social media information. Schools cannot threaten students for access, nor take action if students or students’ groups refuse access. The bill acknowledges that evolving technologies and social media capacities creating challenges to protect students,

“It is the intent of the legislature that public postsecondary educational institutions match compliance and reporting requirements for private nonprofit and for-profit educational institutions imposed in this act” (2012, p. 1).

It also adds a requirement that requires nonprofit and for-profit institutions to post their social media privacy policy on their website.

California Assembly Bill 1844

At the same time California AB 1844 was passed, called Employer Use of Social Media (2012).  Included in this bill states California employers are not allowed to require, or even request, applicants or employees social media log in information. This bill applies to Division Two of the Labor Code and protects employees from being fired (or threatened) for not providing such information.


9931421_ml

2o14 Updates

Recently California has moved forward with a number of additional measures to protect student privacy online.  This includes SB 117 (Privacy: Students), AB 1442 (Pupil records: social media) and AB 1584 (Pupil records: privacy: 3rd party contracts: digital storage of services and digital educational software).  All of these bills relate to education, especially K-12.  One must wonder if California’s next move is to include postsecondary students and institutions in the next round of proposals.

I have included content directly from each of these bills.  At the end of this post, please find additional resources to explore state and national laws that may relate to your location.

California Assembly Bill 1442

This bill appears to be in response to the flood of companies approaching schools to monitor students.  While schools have the best intentions to prevent bullying and possible self harm, the vast amount of data that is collected on students must be cared for.  This bill requires that a parent would be notified when a school is collecting student data and the policies in place to do so.  Students are given the right to review their collected information.  Data is then destroyed one year after a student turns 18.

In colleges we see this in athletics, where students must hand over their personal accounts.  These companies charge top dollar for these services and end up with a lot of data.   While the bill passed successfully, it doesn’t cover these college students.  As stated in the Assembly Bill 1442, Pupil records: social media, found (here):

“Existing law requires school districts to establish, maintain, and destroy pupil records according to regulations adopted by the State Board of Education. This bill would, notwithstanding that provision, require a school district, county office of education, or charter school that considers a program to gather or maintain in its records any information obtained from social media, as defined, of any pupil enrolled in the school district, county office of education, or charter school to first notify pupils and their parents or guardians about the proposed program, and to provide an opportunity for public comment at a regularly scheduled public meeting before the adoption of the program.

The bill would require a school district, county office of education, or charter school that adopts a program pursuant to these provisions to, among other things, gather and maintain only information that pertains directly to school safety or to pupil safety, provide a pupil with access to any information about the pupil obtained from social media, and destroy the information gathered from social media and maintained in its records, as provided. If a school district, county office of education, or charter school contracts with a 3rd party to gather information from social media on an enrolled pupil, the bill would prohibit the 3rd party from using the information for purposes other than to satisfy the terms of the contract, prohibit the 3rd party from selling or sharing the information with any person or entity, except as provided, and would provide additional restrictions on the destruction of the information by the 3rd party, as specified.”

AB 1442 appears to have been proposed in harmony is SB 1349 that also protect social media privacy of students.  However these bills do not include university students.  Another bill that also fits into these efforts is California Assembly Bill 1584.

California Assembly Bill 1584

Assembly Bill 1584 (Pupil Records Pupil records: privacy: 3rd-party contracts: digital storage services and digital educational software) provides additional measures on students privacy and data.  In this bill it explicitly talks about third-party contracts and providing rights to pupils and parents to give consent.

This bill is associated with the educational institutions and third-party vendor contracts.  Procedures are outlined for parents and students, as well as how third parties must comply with FERPA legislation and prohibits these vendors to from using identified information to target ads toward students.

As included in the bill (found here):

“Existing law prohibits a school district from permitting access to pupil records to any person without parental consent or without a judicial order, except to specified persons under certain circumstances, including to a contractor or consultant with a legitimate educational interest who has a formal written agreement or contract with the school district regarding the provision of outsourced institutional services or functions by the contractor or consultant.

This bill would authorize a local educational agency, as defined, pursuant to a policy adopted by its governing board or governing body, as appropriate, to enter into a contract with a 3rd party, as defined, to provide services for the digital storage, management, and retrieval of pupil records, as defined, or to provide digital educational software, or both. The bill would require the contract to include specified provisions, including a statement that the pupil records continue to be the property of and under the control of the local educational agency, a description of the actions the 3rd party will take to ensure the security and confidentiality of pupil records, and a description of how the local educational agency and the 3rd party will jointly ensure compliance with the federal Family Educational Rights and Privacy Act. The bill would require that a contract that fails to comply with the requirements of this bill be rendered void if certain conditions are satisfied.”

California Senate Bill 1177

Finally, Senate Bill 1177 places privacy policies to operatives of internet websites including online services and mobile applications especially as it relates to K-12.  This protects student information including the inability to sell student information or advertise to a student based upon their data.  However, in this bill it does allow the site to disclose a student’s information when required by law.  In addition, these sites CAN use de-identified student data for promotion, effectiveness and improvement of their sites.

As written, “Existing law, on and after January 1, 2015, prohibits an operator of an Internet Web site or online service from knowingly using, disclosing, compiling, or allowing a 3rd party to use, disclose, or compile the personal information of a minor for the purpose of marketing or advertising specified types of products or services. Existing law also makes this prohibition applicable to an advertising service that is notified by an operator of an Internet Web site, online service, online application, or mobile application that the site, service, or application is directed to a minor.

This bill would prohibit an operator of an Internet Web site, online service, online application, or mobile application from knowingly engaging in targeted advertising to students or their parents or legal guardians, using covered information to amass a profile about a K–12 student, selling a student’s information, or disclosing covered information, as provided. The bill would require an operator to implement and maintain reasonable security procedures and practices appropriate to the nature of the covered information, to protect the information from unauthorized access, destruction, use, modification, or disclosure, and to delete a student’s covered information if the school or district requests deletion of data under the control of the school or district. The bill would authorize the disclosure of covered information of a student under specified circumstances.”  Find more about this bill (here).

Final Thoughts

Many of these bills only include protection and policies for secondary education.  It gives higher education a peek into what could be next.  Are you using monitoring services at your institution, collecting data and usage of your athletes or other student populations?  Edtech start-ups and monitoring services, as well as social media strategy vendors in education are on the rise.  As you look to these vendors and services, ensure you are reading the fine print and referring to your state legislature that may relate to K-12, that you can apply to your practices in post-secondary.

Finally, in higher education we should be setting the bar on student privacy, not waiting for a state or national law to direction our practices.  What are the practices in place to meet the challenges of privacy in the digital age?

Interested in what social media related laws exist in your state?  Check out theses resources here!

http://www.ncsl.org/research/telecommunications-and-information-technology/employer-access-to-social-media-passwords-2013.aspx

http://brodyandassociates.com/tennessee-14th-state-to-enact-social-media-password-law/

http://technology.findlaw.com/modern-law-practice/understanding-the-legal-issues-for-social-networking-sites-and.html

http://technology.findlaw.com/modern-law-practice/understanding-the-legal-issues-for-social-networking-sites-and.html#sthash.hXUqg9rT.dpuf

http://www.centerdigitaled.com/news/A-National-Look-at-Student-Data-Privacy-Legislation.html

Comments are closed.

, , , , , , , , , ,