Search form

Ensuring Student Privacy on the Internet
By Nancy Willard Technology

The Children's Internet Protection Act requires that school districts develop an Internet safety plan addressing the unauthorized disclosure, use, and dissemination of personal identification information regarding minors. School districts need to consider a variety of issues as they attempt to comply with this safety plan requirement. Learn what those issues are and discover how your district can ensure student privacy online.

The Children's Internet Protection Act (CIPA), in addition to requiring districts to monitor student use of the Internet and to implement technology protection measures, mandates the development of an Internet safety plan that addresses the unauthorized disclosure, use, and dissemination of personal identification information regarding minors. School districts need to consider a variety of issues as they attempt to comply with this safety plan requirement. Those issues include the following.

Nancy Willard

Student Records

Under federal and state student privacy laws, districts have an obligation to protect the confidentiality of student records. Many online companies offer services to schools that provide online access to student records. Contracts with those companies must be thoroughly reviewed by the district's school attorney to ensure compliance with student records laws.

Disclosure of Student Information on School Web Sites

Actions that violate the privacy of students include posting students' names, class work, or pictures on a school Web site. Districts should determine the level of student information disclosure that is considered safe and appropriate in accordance with the instructional goals for students at different grade levels. These disclosure standards should be provided to parents for approval or disapproval.

Disclosure of Confidential Student Information in Staff E-Mail

In general, staff members understand their legal responsibilities in regard to confidential student information. Problems can emerge, however, when student information is transmitted via e-mail, which tends to support casual conversation in the form of a permanent record. Staff communication policies should be developed to address this concern.

Disclosure of Confidential Student Information in Student E-Mail

Students may violate the privacy of other students by disclosing personal information via e-mail. Students should learn to respect the privacy of others when communicating electronically and be helped to understand the harm they can cause when they fail to do so. A prohibition against the distribution of personal information about other students should be included in a school's Internet use policy.

Student Self-Disclosure of Personal Information

Students may disclose personal information about themselves in electronic messages or on Web sites. Students should receive instruction in the protection of personal privacy. The Internet use policy should restrict such disclosure in a manner that is appropriate to the age of the students and circumstances of disclosure. Student accounts should be established using a unique student identifier that will disguise students' real names to the outside world.

Third Party Web Sites and Market Research

Some companies offer legitimate online services that benefit the educational needs of students; others are essentially seeking access to a captive population to collect market research data and to advertise. Educators must learn to distinguish between those two purposes -- and help their students make those distinctions as well.

Commercial Web sites targeting children must comply with the Children's Online Privacy Protection Act (COPPA). Compliance with COPPA, however, does not ensure that student privacy is adequately protected. Many educationally oriented companies do not understand this. Recently, a company offering good quality educational services was found to have a (COPPA-compliant) privacy policy that provided that the company would have access to students' full names and other data and could provide that data to third parties for demographic research. When educational standards for student privacy were explained to the company, it changed its policy.

The Federal Trade Commission tells teachers that under COPPA they can act in lieu of parents to grant permission for children under the age of 13 to provide personal information to commercial Web sites. This guidance was provided at the urging of online companies. How many parents would be pleased to find that their child had provided personal information on a commercial Web site with permission provided by their child's teacher?

A new law that must now also be considered is the Student Privacy Protection Act, included as a provision of the Elementary and Secondary Education Act of 2001. Districts must develop policies related to "the collection, disclosure, or use of personal information collected from students for the purpose of marketing or for selling that information (or otherwise providing that information to others for that purpose), including arrangements to protect student privacy that are provided by the agency in the event of such collection, disclosure, or use."

It is strongly recommended that districts establish privacy policies based on two principles:

  • Student accounts should not be established unless there is a clear educational purpose, no advertising is directed at students, parents have been fully informed about such accounts, and parents have approved those accounts.
  • No collection, analysis, or sale of individual or aggregated student use data for market research purposes should be permitted.

Growing Concerns About Privacy

Recent surveys about the Internet have revealed that lack of privacy is emerging as a greater public concern than pornography. Many people, especially parents, are increasingly uncomfortable about the amount of personal information that is being collected from and about their children. Educators need to pay close attention to these concerns when students are using the Internet at school.

Nancy E. Willard holds a B.S. in Elementary Education, an M.S. in Special Education, and a Doctor of Jurisprudence. Before focusing her professional attention on issues of children's behavior, technology, and schools, she taught children who have behavior difficulties and practiced computer and copyright law.

Willard is director of Responsible Netizen Institute. The program's mission is to develop and disseminate strategies to assist young people in the safe, responsible, legal, and ethical use of information technologies.

Willard is the author of a new book, Computer Ethics, Etiquette, and Safety for the 21st Century Student, published by the International Society for Technology in Education. She is also the author of Supporting the Safe and Responsible Use of the Internet: A Children's Internet Protection Act Planning Guide.


Article by Nancy Willard
Education World®
Copyright © 2002 Education World

Links updated 6/28/2002