Since the beginning of the one-room schoolhouse, schools have been collecting information about their students, locking this private data away in metal filing cabinets. As schools became more modern, computers were used to store this information, but now, ultra-modern schools are turning to the cloud. The problem is that student data, including race, gender, economic status, biometric data, health status, test scores, attendance and more, is being accessed by non-educators who want to apply principles of big data analysis to it.

This collection effort has mostly good intentions as researchers want to identify patterns in the data and use it to improve how students learn. However, many school districts lack the technical expertise to create and effectively manage these databases. Oftentimes, schools outsource this job; in other words, they hire contractors.

Even though these contractors must adhere to the same rules as school officials when handling student data, plenty could go wrong, ranging from damaging information about a child’s medical condition or behavioral issues being leaked or exposed by hackers to using student data for commercial purposes. Besides, there doesn’t seem to be anyone regulating these contractors to ensure the rules are followed properly and that the data is adequately protected. And, the penalties for student data abuse are minimal.

In response, the Electronic Privacy Information Center (EPIC) has proposed the Student Privacy Bill of Rights, modeled after the Consumer Privacy Bill of Rights in 2012.

Tomorrow’s follow up: what parents/guardians can do now to protect their children’s privacy at school.