In a parent perspective on privacy, Olga Garcia-Kaplan writes:
We talk about building trust so that we can work on protecting student data privacy, but it is difficult to protect student privacy only with policy. We need to also advocate for proper encryption of databases and privacy training. Only when we educate users (schools, districts, parents, students) on proper security practices can we be confident that kids’ information will be safe. Setting policy is important. It provides us with guidelines on what set of rules ought to be followed. But rules may be broken, actually, they are commonly broken. Data breaches are happening more and more often in educational institutions. Mostly, because of someone’s negligence or lack of understanding how the system works; which is why it’s so difficult for people to trust their children’s data is being properly secured. Without real consequences for those failures, all the good policies in the world will not protect student privacy. Parents and students put their information in the hands of their schools. Schools in turn put that information in the hands of the third parties they contract with. The responsibility for the data gets passed on. There has to be adequate security protocols in place.
Read more on FERPASherpa.org.