Dive Brief:

• The U.S. Department of Education recently found that the Pennsylvania-based Agora Cyber Charter School violated the Family Educational Rights and Privacy Act (FERPA) when it made the use of third-party services that shared students' data with unauthorized parties a requirement for enrollment, EdSurge reports.
• The original complaint was filed in 2012, and claimed parents had to agree to policies put in place by third-party service providers as part of their children's acceptance into the virtual school.
• EdSurge highlights a terms of use policy from K12 Inc. that stated the company and its affiliates had "the right to use, reproduce, display, perform, adapt, modify, distribute, have distributed, and promote" identifiable information students were required to provide "in any form, anywhere and for any purpose.”

Dive Insight:

Student data privacy has been a major sticking point for many amid the increasing digitization of the nation's classrooms — and for good reason. Parents don't want their child's identifiable data sold for use in targeting advertising or for other purposes, and adults have a hard enough time trying to prevent identity theft without the still-being-established identities of their children open to potential compromise, as well. 

FERPA requires vendors contracted with a school system to adhere to the same data handling guidelines as schools and districts. In 1998, the Children's Online Privacy Protection Act (COPPA) added to those original protections passed in 1974 by updating the law to account for tech vendors like Microsoft or Google that might acquire data through a digital tool used in the classroom.

The Education Department's ruling against Agora now clearly states that the waiver of rights under laws like FERPA can't be a condition for a student's enrollment in a school or for the receipt of educational services, and it could be a sign that the department will be more proactive in addressing complaints in this area.

With that in mind, administrators must remain ever-vigilant in ensuring any procurement process comes with a thorough examination of all potential vendors' data privacy policies and practices.