Protecting Student Privacy while using Online Services- Is your school protected?
As a leader in providing federally compliant and secured software to schools, we wanted to provide a helpful resource for online educational tools’ Terms of Service Agreements. As the tech industry continues to grow, so does the threat of divulging student data. We hope the following information will help you (or refresh your memory) to decide whether or not accept a software provider’s agreement.
For the sake of brevity, we have provided a chart with examples of provisions, as well as recommendations for best practices based on the PTAC and DOE.
1. The “GOOD!” column contains best practice recommendations for TOS privacy provisions.
The “Explanation” column provides context to help you interpret the rationale behind the provisions.
In a traditional contract, a customer and business mutually agree on a set of terms, and then sign a contract to legally endorse such terms. Many software providers of online educational services instead rely on a TOS (Terms of Service) agreement that requires a user to click to accept the agreement in order to access the service or application for the first time. Commonly called “Click-Wrap” agreements, once a user at the school clicks “I agree”, the terms will likely dictate what information the software provider may collect regarding students, usage of such data, and with whom it can b shared.
Click-Wrap agreements may lead to violations of the Family Educational Rights and Privacy Act, the Protection of Pupil Rights Amendment, as well as privacy best practices.
Schools should always be thorough when reviewing any TOS agreements, and ensure that the service or application is legally appropriate with the school’s policies and procedures. Knowing common provisions, schools will be able to determine whether to agree to a Click-Wrap or other TOS agreement for online services, preventing you from potentially jeopardizing data on your school’s server.
Terms of Service & Privacy
When evaluating a TOS agreement, make sure the agreement explicitly describes how the software provider may use and share student data.
The definition of “Data”
“Data includes all Personally Identifiable Information (PII) and other non-public information. Data includes, but is not limited to, student data, metadata, and user content.”
The definition of data should include a broad range of information to which providers may have access in order to ensure much information as possible is protected in the agreement, which is precisely what the above definition implies. On the contrary, be weary of provisions that limit the definition of protected data, such as the following example:
“Data includes user information knowingly provided in the course of using this service.”