By State Representative Kate Lipper-Garabedian
Nearly two decades ago, when I was a teacher in the Atlanta Public Schools, I kept my students’ records in standard manila folders, stored away in a metal file cabinet. Opening one, you might find several examples of student work, parent-signed graded tests, the results of the diagnostic reading test I proctored at the start of the school year, and family contact information. I submitted attendance and report card grades via a monochrome interface on a clunky desktop computer. Otherwise, evidence of teaching and learning was captured exclusively on paper. In the following years, our way of living and working has become increasingly dependent on digital connectivity. I have experienced the seismic shifts in public education driven by digital learning technology as an education attorney, first supporting school districts across the country and then as Chief Legal Counsel at the Massachusetts Executive Office of Education.
During the COVID-19 pandemic, the use of digital solutions in our K-12 schools has been on full display, and families have had front-row seats. I’ve witnessed my oldest son Harrison navigate first and second grades during remote and hybrid weeks, logging into school each morning and creating a data footprint that dwarfed the information my students generated. Anyone visiting a school today can observe the degree to which our education system has embraced the promise of technology in their delivery of instruction.
A review of our education laws, on the other hand, leaves the impression that student records continue to be confined to the four corners of manilla folders. Massachusetts is one of only five states that has not updated its state laws over the last decade to acknowledge the proliferation of digital education data and ensure protections for its students. Other state legislatures have established privacy and security requirements regarding student data, codifying accountability levers and providing families with greater insight into the data collected from their children. Updated laws elsewhere place guardrails around the use of data, prohibiting commercialization and over-collection/over-surveillance. It’s time for Massachusetts to catch up.
That’s why I filed the Student and Educator Data Privacy Act, House Bill 127, with Representative Jeff Roy at the start of 2021. The Act establishes comprehensive requirements for education technology service providers and empowers the Commonwealth, school districts, and schools to assert privacy and security expectations for their students and educators. In crafting H.127, I analyzed and incorporated the best of other states’ legislation, like extending protections to certain data collected from and about teachers and to preschool programs run by public school districts. Informed by national and local education data and legal experts, the bill protects and gives agency to students, educators, and families. The Student and Educator Data Privacy Act requires that education technology service providers adhere to critical security practices and prohibits them from commercializing student and educator data – e.g., targeted advertising, amassing student profiles, and selling private data. To accomplish this, the Act identifies provisions necessary for the agreements between educational entities and third-party technology operators. It includes terms of data ownership, data access, security breach notifications, and data destruction. And it enables individuals and schools to bring civil actions for noncompliance and allows the Commissioner of Elementary and Secondary Education to bar an operator that fails to comply with protocols. On implementation, the Act supports districts and schools by authorizing a Chief Privacy Officer at the Department of Elementary and Secondary Education to develop and provide model agreements, guidance, and technical assistance. School districts likewise will prioritize student and educator data privacy by designating an individual as a data manager. And families will be empowered to review publicly available lists of the student data collected and the operators that have access to that information, fostering greater trust among the community.
There is great promise in harnessing technology to maximize student learning and engagement in both physical and remote classrooms. I imagine how digital applications that exist for today’s students might have complemented my lessons years ago – offering multimodal delivery of curriculum, assisting with necessary remediation, and inspiring self-directed learning. Yet I also have watched Harrison access a math application through school only to learn that it now is the subject of a Federal Trade Commission complaint related to aggressive marketing of fee-based perks.
As I advocate for passage of the Student and Educator Data Privacy Act, I invite you to add your voice to the chorus for modernizing our state law framework. Check in with the students in your life about the education programs and apps they are utilizing. Follow up with school administrators on privacy policies for student learning. Ask about the kinds of data being collected, access to that data, the software pre-installed on school-monitored devices, and the protocols in the event of a security breach.
The Student and Educator Data Privacy Act is about cultivating trust – trust among schools, districts, students, teachers, third-party operators, and families. To ensure technology is employed and leveraged appropriately, Massachusetts law must acknowledge that data are now digital. We must establish high standards of privacy, security, transparency, and accountability regarding collection and use. It’s high time for the Student and Educator Data Privacy Act.