Guidance Issued on Protecting Student Privacy While Using Online Educational Services

Archived Information

Guidance Issued on Protecting Student Privacy While Using Online Educational Services

Model Terms of Service Offer Direction on Guarding Student Data
February 26, 2015

The U.S. Department of Education today released model terms of service guidance and a training video aimed at helping schools and districts protect student privacy while using online educational services and applications.

The guidance offers examples of terms of service provisions to help school officials identify which online educational services and applications have strong privacy and data security policies and practices.

"Reading and understanding terms of service agreements is tough, even for lawyers. We hope this guidance will help school officials identify privacy-friendly apps and online services and avoid providers that might abuse student information," said Kathleen Styles, the U.S. Department of Education's chief privacy officer.

"This guidance will help schools and districts evaluate potential agreements and offer direction regarding terminology frequently used in these agreements," Styles said. "By understanding commonly used provisions in these agreements, schools and districts will be better able to decide whether to consent to the terms for online educational services and applications."

Additionally, school officials can check to see if the company in question has signed the Student Privacy Pledge from the Future of Privacy Forum and The Software & Information Industry Association.

Among the recommendations:

  • Marketing and Advertising: Terms of service agreements should be clear that data may not be used to create user profiles for the purposes of targeting students or their parents for advertising and marketing, which could violate privacy laws.
  • Data Collection: Agreements should include a provision that limits data to only what is necessary to fulfill the terms.
  • Data Use: Schools and districts should restrict data use to only the purposes outlined in the agreement.
  • Data Sharing: While providers can use subcontractors, schools and districts should be made aware of these arrangements, and subcontractors should be bound by the limitations in the terms of service.
  • Access: Federal student records laws require schools and districts to make education records accessible to parents. A good contract will acknowledge the need to share student
  • Security Controls. Failure to provide adequate security could lead to a violation of the Family Educational Rights and Privacy Act, which protects student education records.

The document also provides links to the Privacy Technical Assistance Center and other resources that offer additional best-practice recommendations related to terms of service agreements.

In addition, a 9½-minute training video has been produced by the Education Department, intended to help K-12 school officials better protect student privacy while using online educational services and applications.

The video offers a summary of the issue and provides examples to help educators identify which online educational services and applications are privacy-friendly and protect student data from improper use and disclosure.