What DCSD employees need to know about the Student Transparency & Security Act
Last year, Colorado passed the Student Transparency and Security Act (HB - 16 - 1423). This new law requires greater scrutiny of online vendor terms of agreement, such as apps used in classrooms, that collect student data and greater transparency with the public as to which vendors are utilized by a school district and what data is being collected by students.
Please read on to see how this law impacts you.
What is the Student Transparency and Security Act?
This new state law identifies new student data privacy requirements for school districts, schools and personnel. It requires all of us to become more aware of how apps, software and tools utilize and collect student data, and take precautions to protect this data. Additionally, it requires companies and developers to become more transparent on the use of that data.
Why is this important for me to know about?
Technology tools and apps are making it possible for educators and students to collaborate, create, and share ideas more easily than ever. When schools and teachers use technology, students’ data—including some personal information—may be collected by educators and the companies that provide apps and online services. With this law, it will become mandatory for you to review what applications you are bringing into the classroom for safe data privacy practices. Additionally, for children 13 and younger, parental consent will be required for the use of apps, websites, and software that collect student data.
How will I be able to review apps and websites I use in my classroom to make sure I am conforming with the law?
DCSD is assembling a master technology list of cleared providers for those that are processed by the Strategic Sourcing department. The vendors will be required to agree upon specific data collection terms in their contractual agreements with the District. This list will be posted and teachers will be able to handily cross-check the apps they plan to use in the classroom with this list.
There are many applications, however, that do not require approval with Strategic Sourcing, because they are or under the fiscal thresholds set by policy (some are free) and therefore do not require an RFP process. For these "click-through contracts," teachers and staff will need to adopt a practice of maintaining tight controls on any applications that collect student data.
DCSD is providing resources, including the stop light to the right, which should help recognize language in click-through contracts that may be cause for concern because of the level of data the vendor is asking for.
Additionally, training will be offered so that staff considers the impacts of sharing information from otherwise secured apps. For example, students and teachers can store student data in Google Apps. However, the sharing permissions of the individual documents must be controlled so that only people with a legitimate educational need have access to that student information.
Ultimately, whether you use an app with one child in one classroom or with all children in a school, efforts must be taken to ensure to ensure that students' personally identifiable information is kept secure.
When will this go into effect?
School districts must adopt a student information privacy and protection policy by December 31, 2017. The law is effective as of that date.
What about just anonymizing student data for my more basic apps that only collect student names?
Student data can be anonymized in apps— for example, instead of entering in a student’s name, you instead create names likes “Blue Bunny.” However, this could become unwieldy for you as a teacher to keep track of which student is “Blue Bunny” and which is “Red Rover.”
Are there any resources you can provide me to make this as simple as possible?
District staff are taking on most of the heavy lifting the spring, summer and fall with the goal of making this law as easy as possible for school staff and teachers to understand and follow. Trainings will be set up in the beginning of the 2017-2018 school year. A web page will be set up for teachers and the public to view the master technology list, and a one-stop resource web page will be built for teachers that will help you identify apps that are riskier or safer to use. View Boulder Valley’s page as an example. DCSD has also begun building a page, which will be continually updated through the summer.
We’re all in this together! We will continue to be in touch in THINK and other avenues this Spring to help you understand this new law.