Right now, the Federal Trade Commission is collecting comments from the public about how their oversight of the use of personal data by commercial enterprises can be improved. As you know, many parents are rightly concerned that too many vendors that collect personal student data at the behest of schools and districts have recklessly allowed that data to breach, and/or have used it for advertising, sale, or other commercial purposes. The comment period to the FTC has been extended through this Monday, Nov. 21, 2022, and we encourage all parents to submit comments by the end of that day.
Since the pandemic, the risky use of digital programs and apps in schools has soared. Most of these programs are operated and owned by for-profit companies who have been collecting personal student data without parental consent, sufficient oversight, restrictions, and/or security protections. As a result, the number of student data breaches has exploded.
This is in part because the existing data security provisions in federal law are weak or non-existent. The Children’s Online Privacy Protection Act, or COPPA, only requires “reasonable” security without the FTC having defined that term, while FERPA does not specify any security standards at all. And too many vendors are using personal data to target ads to students or their families, and/or to build new programs and services around, which are clearly commercial and not educational purposes.
We encourage you to submit your comments here; no later than this Monday at 11:59 pm. Let the FTC know that they should use all their authority to ensure that student data is safe and secure and used ONLY for educational purposes. A sample email is below, but please edit it any way you like. MOST important is for you to add any examples of when your children’s data was breached or improperly used. Please also share any such experiences with us, to aid us in our work going forward, by emailing us at [email protected]
A sample email message is below. Thanks!
______
To the FTC:
I am a parent and am very concerned about how the number of student data breaches has skyrocketed in recent years, through hacking, ransomware, and other cybersecurity events. Moreover, too often school vendors are also using and abusing student data for commercial uses. I urge you to require enforceable contracts that require encryption, as well as other strong security standards for the collection, disclosure, and use of student data. Also, these contracts must prohibit vendors from accessing or using any data they do not need for the purposes of carrying out their contracted services, and the information they do collect should be deleted as soon as possible, preferably at the conclusion of each school year or at the very least, when students graduate or leave the district.
I also urge you to strongly prohibit the use of student data for any commercial purpose, including allowing vendors to sell it, to use it to target ads, and/or to use it to develop new products or services.
Yours sincerely [ add your name here].
—
And have a great Thanksgiving!
Leonie Haimson & Cassie Creswell, co-chairs
Parent Coalition for Student Privacy
124 Waverly Pl.
New York, NY 10011
[email protected]
Follow @parents4privacy
Subscribe to Parent Coalition for Student Privacy newsletter at https://www.studentprivacymatters.org/join-us