At Yahoo Tech, columnist Dan Tynan discusses children’s privacy and how their data is used by schools:
Every student in every school district generates hundreds of data points each year — from their race and gender to their economic status, behavioral issues, biometric data, health status, and more. This tsunami of data is then absorbed and stored by school districts, state databases, educational service providers, websites, and app makers.
Of course, schools have been collecting data on students since there have been schools. In the past, though, this information was squirreled away in filing cabinets or just on computers used in district offices. Now it lives in the cloud, and it’s being accessed by non-educators who want to apply the principles of big data analysis to it.
What could go wrong? Plenty. Potentially damaging information about your child’s medical conditions or behavioral issues could accidentally leak or be exposed by hackers. Private companies could decide to use the information for commercial purposes. Potential employers, insurance companies, or other government agencies may someday lobby to get their hands on this data. […]
Here’s where it gets sticky. Many school districts lack the technical expertise to create and manage these databases, so they outsource the job to professional geeks. This is why, in 2008 and 2011, Congress amended the Family Educational Rights and Privacy Act (FERPA) to allow authorized third parties to access sensitive student data.
Contractors have to follow the same rules as school officials when handling this data — which means they can’t sell it or use it for non-educational purposes. But it’s not clear that anyone is making sure these third parties are actually following the rules or protecting the data adequately, and the penalties for abusing the data are minimal. […]
Most parents, meanwhile, don’t know what information is being collected, who has access to it, how it’s being protected, or if it’s even accurate.