On September 29, 2014, Governor Brown approved a series of bills to protect against misuse or unauthorized release of students’ personal information. Assembly Bills 1442 and 1584 add privacy requirements to the Education Code for school districts using a program or third-party provider to gather or store personal student information. Senate Bill 1177 adds restrictions under the Business and Professions Code for Internet operators in possession of personally identifiable student information, so that private companies may now share in the responsibility to protect this information. The legislation goes into effect January 1, 2015.
SB 1177 Restricts Private Companies from Exploiting Personal Student Information
Under existing law, the federal Family Educational Rights and Privacy Act (“FERPA”) prohibits a person, agency, or organization that has been permitted access to educational records from disclosing information in a student record without parental consent or a judicial order, unless disclosure is expressly authorized by statute. In most respects, California law mirrors FERPA. (See Education Code §§ 49073-49079.7.) In committee hearings on AB 1584 and SB 1177, legislators expressed concern that FERPA’s protections apply only to schools, not to third parties that operate K-12 websites, services, or applications. These gaps mean FERPA cannot be enforced against private businesses that receive FERPA-regulated data.(Sen. Com. on Judiciary, Analysis of Sen. Bill No. 1177 (2013-2014 Reg. Sess.) as amended Apr. 21, 2014.)
SB 1177, the “Student Online Personal Information and Privacy Act,” closes loopholes in state law and FERPA by restricting private companies from exploiting personal student information. The Act prohibits the operator of an Internet website, online service, online application, or mobile application that is used for the K-12 setting from using or disclosing a student’s personal information or “persistent unique identifiers,” acquired through use of the operator’s site, for any unauthorized purpose. (Sen. Bill No. 1177 (2013-2014 Reg. Sess.) as approved Sept. 29, 2014.) For example, when a student uses a third-party K-12 website to log in or create an account as part of his or her schoolwork, that third party cannot compile personal information about the student except for a K-12 school purpose. Online operators are also prohibited from marketing or advertising products or services to a K-12 student who uses the site, service, or application.
The Act is not intended to hamper innovation of technology in the K-12 context. It specifies that operators of K-12 technologies can use “de-identified” student information (information that cannot be used to identify an individual student) to further marketing or improve effectiveness of its educational products.
AB 1584 Focuses Student Privacy Regulation on Third Party Contracts
AB 1584 addresses weaknesses in FERPA by focusing on contracts between school districts and third-party service providers. AB 1584 authorizes school districts to enter into contracts with third parties for the digital storage, management, and retrieval of student records and requires the contracts to include specified provisions about the security, use, ownership, and control of the records.
FERPA’s “studies exception” allows disclosure of educational records to entities conducting studies for the school district. (See also Education Code § 49076(a)(2)(E).) Legislators noted that school districts typically use this exception when contracting with entities for instructional software or programs. (Assem. Com. on Education, Rep. on Assem. Bill No. 1584 (2013-2014 Reg. Sess.) April 9, 2014, p. 4.) AB 1584 requires these contracts to describe specific steps parties will take to ensure compliance with FERPA, and describe the means by which students can retain possession over their own student-generated content (such as essays or account information). It also prohibits third parties from using any information in the student record for advertising.
AB 1442 Protects Student Privacy in Districts Engaged in Social Media Monitoring
AB 1442 addresses the privacy implications of social media monitoring, a function school districts use to address problems of “cyber-bullying” by contracting with a private company to monitor services such as Facebook, Twitter, and Instagram. Social media monitoring involves flagging any words that suggest bullying, abuse, or hate speech circulating among students. (Assem. Com. on Judiciary, Rep. on Assem. Bill No. 1442 (2013-2014 Reg. Sess.) as amended Mar. 25, 2014.) Opportunities for cyber-bullying have increased as students spend more time communicating with each other through mobile devices and social network applications. Despite monitoring’s perceived benefits, personalized student information in the hands of the private monitoring service might be disclosed without the student’s consent or obtained by hackers who gain access to the information.
AB 1442 reflects two points of consensus reached by the Assembly and Senate in earlier hearings related to the general security of digital information: (1) government agencies should collect only as much information as necessary to complete a transaction; and (2) people should know what, when, how, and why their personal data is being collected. AB 1442 requires a school district that gathers from social media and maintains information about a student to: notify parents and provide an opportunity for public comment before adopting such a program; limit the information it collects to that which pertains to student or school safety; and destroy the information when it is no longer needed. AB 1442 also expressly prohibits a private company from selling, sharing, or disclosing the information to any entity other than the school district, the student, or his or her guardian.
Other AALRR Blogs
Recent Posts
- AALRR’s 2024 Title IX Virtual Academy
- Unmasking Deepfakes: Legal Insights for School Districts
- How to Address Employees’ Use of Social Media
- How far is too far? Searching Students’ Homes and Remote Test Proctoring
- Making Cybersecurity a Priority
- U.S. Department of Education Issues Proposed Amendments to Title IX Regulations
- Inadvertent Disability Discrimination May Lurk in Hiring Software, Artificial Intelligence and Algorithms
- Students and Social Media – Can Schools Discipline Students for Off-Campus Speech?
- Fact Specific Analysis is Key when Restricting on Employee Expression
- Monitoring Students’ Online Activities
Popular Categories
- (55)
- (12)
- (81)
- (96)
- (43)
- (53)
- (22)
- (40)
- (11)
- (22)
- (6)
- (4)
- (3)
- (2)
- (3)
- (2)
- (4)
- (1)
- (1)
- (1)
- (1)
- (1)
- (1)
- (1)
Contributors
- Steven J. Andelson
- Ernest L. Bell
- William M. Betley
- Mark R. Bresee
- W. Bryce Chastain
- J. Kayleigh Chevrier
- Andreas C. Chialtas
- Georgelle C. Cuevas
- Scott D. Danforth
- Alexandria M. Davidson
- Mary Beth de Goede
- Anthony P. De Marco
- Peter E. Denno
- William A. Diedrich
- A. Christopher Duran
- Amy W. Estrada
- Jennifer R. Fain
- Eve P. Fichtner
- Paul S. Fleck
- Mellissa E. Gallegos
- Stephanie L. Garrett
- Karen E. Gilyard
- Todd A. Goluba
- Jacqueline D. Hang
- Davina F. Harden
- Suparna Jain
- Jonathan Judge
- Warren S. Kinsler
- Nate J. Kowalski
- Tien P. Le
- Alex A. Lozada
- Kimberly C. Ludwin
- Bryan G. Martin
- Paul Z. McGlocklin
- Stephen M. McLoughlin
- Anna J. Miller
- Jacquelyn Takeda Morenz
- Kristin M. Myers
- Katrina J. Nepacena
- Adam J. Newman
- Anthony P. Niccoli
- Aaron V. O'Donnell
- Sharon J. Ormond
- Gabrielle E. Ortiz
- Beverly A. Ozowara
- Chesley D. Quaide
- Rebeca Quintana
- Elizabeth J. Rho-Ng
- Todd M. Robbins
- Irma Rodríguez Moisa
- Brooke Romero
- Alyssa Ruiz de Esparza
- Lauren Ruvalcaba
- Scott J. Sachs
- Gabriel A. Sandoval
- Peter A. Schaffert
- Constance J. Schwindt
- Justin R. Shinnefield
- Amber M. Solano
- David A. Soldani
- Dustin Stroeve
- Constance M. Taylor
- Mark W. Thompson
- Emaleigh Valdez
- Jonathan S. Vick
- Jabari A. Willis
- Sara C. Young
- Elizabeth Zamora-Mejia
Archives
2024
2022
2021
2020
2019
2018
- December 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- January 2018
2017
- November 2017
- October 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
2015
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
2014
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
2013
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
2012
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012