Technology has transformed the way in which students are learning. Schools increasingly integrate IoT devices and third-party applications into the everyday delivery and management of education. This incorporation of education and technology, or EdTech, increases the amount of student data that is collected, stored, shared,and used—making student data privacy an issue of critical importance to educational institutions and their stakeholders.
Understanding the landscape of education law & EdTech: FERPA, COPPA and Other Considerations
Technology has transformed the way in which students are learning. Schools increasingly integrate IoT devices and third-party applications into the everyday delivery and management of education. This incorporation of education and technology, orEdTech, increases the amount of student data that is collected, stored, shared,and used—making student data privacy an issue of critical importance to educational institutions and their stakeholders.
The term student data refers to personally identifiable information (PII) collected for educational purposes that can be used to identify, contact, and locate a student. Student PII includes:
- Demographic information including name, home address, and telephone number
- Social security number and other unique identifiers
- Academic records
- Health records
- Disciplinary records
- Biometrics data
To empower parents with data control, student privacy laws provide certain rights o the parents or guardians directly regarding the collection, use, and sharing of their children’s PII. Generally, these rights transfer to the student, referred to as eligible students, at the age of 18.
Three key federal laws and many evolving state laws govern the use of student data in education. The most prominent federal student data law is theFamily Educational Rights and Privacy Act (FERPA). It provides parents and eligible students access and disclosure rights to their educational records including the right to:
- Prevent disclosure of certain PII in the student’s education record
- Request amendment to records they believe are inaccurate or misleading
- Review the student’s education record
The second federal law data privacy law is theProtection of Pupil Rights Amendment (PPRA) of 1978. PPRA requires schools conducting federally funded surveys and evaluations to obtain consent from parents and eligible students. Consent is needed before students are asked to reveal sensitive information including but not limited to political affiliations, mental and psychological problems, sex behaviors and religious practices, beliefs and affiliations.
The third federal student privacy law, the Children Online Privacy Protection Act (COPPA), enacted in 1998, applies to operators collecting personal information of children under the age of 13. Companies must provide clear privacy policies and obtain parental consent before gathering information from a minor child.
In education, COPPA is implicated when educational institutions consent to a third-party website or application collection, use or disclosure of personal information from students. However, in order to get consent from the school, the online operator must provide the school with the required COPPA notices and upon request access to the information collected about the students as well as control over deletion and termination of data collection.
While FERPA and PPRA are longstanding student data privacy regulations, recently, states have been focusing on data privacy regulation in education. In fact, 41 states have passed 126 laws affecting education between 2013 and 2019. These state laws provide additional safeguards for student data reflecting the trends and student privacy concerns that arise with modern technology use in education.
Navigating through the body of student data privacy law is complex. Collecting, using, sharing and storing student data presents legal and ethical implications and a robust data security infrastructure. Beckage is an experienced team that can help educational institutions of all sizes navigate this fast-moving legal landscape.
Attorney Advertising: Prior results do not guarantee a similar outcome. The content contained herein should not be considered legal advice and is for informational purpose only.
If you waited until the last minute to develop a data privacy program, well now it is required in New York. Signed into law on July 26, 2019 by Governor Cuomo, the Stop Hacks and Improve Electronic Data Security (SHIELD) Act requires businesses to implement safeguards for the “private information” of New York residents and broaden New York’s security breach notification requirements.
With only a few months left before the landmark California Consumer Protection Act (CCPA) takes effect, yesterday the California Attorney General announced Proposed Regulations implementing the CCPA. By way of background, the CCPA comes into effect January 1, 2020 and will put some of the strictest guidelines the US has seen regarding the collection and processing of personal information of California residents. While the law addresses the processing of personal information of California residents, the CCPA is likely to have far reaching impacts on businesses across the nation, including New York-based businesses. The text of the CCPA can be found here.
Officially known as unmanned aerial vehicles or unmanned aerial systems, drones are now mainstream. The Federal Aviation Administration (FAA), who enforces federal drone laws, forecasts rapid growth in the commercial drone industry. New, non-recreational drone registrations are expected to exceed 800k in 2023. Businesses are using drones to augment business logistics, reduce shipping costs, automate certain business operations, increase customer satisfaction and advance socially beneficial ventures. As drone uses are expanding, drone operators, especially in commercial applications, must be aware of drone flying laws.
What Are Drone Laws in The United States?
As legislators struggle to keep up with evolving drone uses, drone laws around the U.S. remain tough to navigate. In addition to the FAA’s Part 107 drone regulation, many state and local municipalities have enacted measures that mean any business with multiple locations should be conscious of varying laws. Currently, state laws alone cover a range of considerations, including regulation on:
- registration of drones
- renewal of drone operation licenses
- training required to fly drones
- inspection of drones to ensure airworthiness
- time and place for flying drones
- the height and speed for operating drones
Some of these rules may not always apply. Businesses may be exempt or may qualify for a waiver from one or more of these legal requirements. Therefore, business owners should seek expert advice before, during and after incorporating drone technology in their business operations.
Who Uses Drones: Company Utilization of Unmanned Aerial Systems
According to the FAA, top industries for commercial drone use include education, agriculture and construction. However, investment and research and development in healthcare, manufacturing and in retail industries are expanding.
- Drones in healthcare can be used for delivering medication, equipment and supplies. Drones can be used to collect and deliver blood and to locate lost and injured people. Drone exploration in healthcare is also aimed at reducing the time to deliver care and reaching patients with limited access to health providers.
- In education drones are being used for academic research, instruction and data collection.
- Drones in agriculture, manufacturing and infrastructure can be used to collect data, inspect facilities, track project progress and improve communication among workers.
- In retail drones deliver packages.
What about Drones’ Data?
Drones are mapping and measuring buildings, taking and transmitting photographs, generating readings of geographies, delivering medicines and otherwise performing tasks that create, process and distribute data of wide variety – including highly sensitive data. When implementing drone usage, whether by contract or in-house, businesses must consider the implications around data management and how to balance the rewards of drone use with the responsibility for the data drones generate and utilize.
Drone technology is expected to flourish across industries. Businesses should monitor and explore the trends of drone applications in their industries. While keeping an eye on drone market trends, companies should have legal experts on their team to navigate the legal drone landscape and assess proper data management protocols for drone data.
Have questions? Our team at Beckage is uniquely positioned to advise on emerging technology and privacy laws at both the state and national level. Contact us today for a consultation.
*Attorney Advertising: Prior results do not guarantee a similar outcome.Share