Safeguarding Student Data in the Classroom and Beyond
INFORM Journeys (Journeys) fully supports the White House goal, announced January 12, 2015, of providing teachers and parents the confidence they need to enhance teaching and learning with the best technology, by ensuring that data collected in the educational context is used only for educational purposes. Learn more about the legislative proposal.
Journeys is proud to be a signatory of the student data privacy pledge introduced in 2014 by the Future of Privacy Forum (FPF) and The Software & Information Industry Association (SIIA) and signed by 75 industry leaders.
The pledge will hold school service providers accountable to:
- Not sell student information
- Not behaviorally target advertising
- Use data for authorized education purposes only
- Not change privacy policies without notice and choice
- Enforce strict limits on data retention
- Support parental access to, and correction of errors in, their children’s information
- Provide comprehensive security standards
- Be transparent about collection and use of data.
The pledge is shown in full below:
K-12 School Service Provider Pledge to Safeguard Student Privacy
K-12 school service providers are honored to be entrusted by educators and families to support their educational needs and school operations. School service providers take responsibility to both support the effective use of student information and safeguard student privacy and information security.
School service providers support schools – including their teachers, students and parents – to manage student data, carry out school operations, support instruction and learning opportunities, and develop and improve products/services intended for educational/school use. In so doing, it is critical that schools and school service providers build trust by effectively protecting the privacy of student information and communicating with parents about how student information is used and safeguarded.
We pledge to carry out responsible stewardship and appropriate use of student personal information according to the commitments below and in adherence to all laws applicable to us as school service providers.
We Commit To:
✘ Not collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student.
✘ Not sell student personal information.
✘ Not use or disclose student information collected through an educational/school service (whether personal information or otherwise) for behavioral targeting of advertisements to students.
✘ Not build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student.
✘ Not make material changes to school service provider consumer privacy policies without first providing prominent notice to the account holder(s) (i.e., the educational institution/agency, or the parent/student when the information is collected directly from the student with student/parent consent) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided; and not make material changes to other policies or practices governing the use of student personal information that are inconsistent with contractual requirements.
✘ Not knowingly retain student personal information beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student.
✔ Collect, use, share, and retain student personal information only for purposes for which we were authorized by the educational institution/agency, teacher or the parent/student.
✔ Disclose clearly in contracts or privacy policies, including in a manner easy for parents to understand, what types of student personal information we collect, if any, and the purposes for which the information we maintain is used or shared with third parties.
✔ Support access to and correction of student personally identifiable information by the student or their authorized parent, either by assisting the educational institution in meeting its requirements or directly when the information is collected directly from the student with student/parent consent.
✔ Maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of student personal information against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.
✔ Require that our vendors with whom student personal information is shared in order to deliver the educational service, if any, are obligated to implement these same commitments for the given student personal information.
✔ Allow a successor entity to maintain the student personal information, in the case of our merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected student personal information.
- Some school service providers may be subject to additional legal obligations, contractual commitments, or requests from educational institutions or parents/students that direct or otherwise authorize additional uses of student data, other than those specified above.
- Nothing in this pledge is intended to prohibit the use of student personal information for purposes of adaptive learning or customized education.
- This pledge is intended to be applicable to new contracts and policies going forward and addressed — where inconsistent and as agreed to by the educational institution or agency — in existing contracts as updated over time.
- This pledge shall be effective as of January 1, 2015.
- ‘School service provider’ refers to any entity that: (1) is providing, and is operating in its capacity as a provider of, an online or mobile application, online service or website that is both designed and marketed for use in United States elementary and secondary educational institutions/ agencies and is used at the direction of their teachers or other employees; and (2) collects, maintains or uses student personal information in digital/electronic format. The term ‘school service provider’ does not include an entity that is providing, and that is operating in its capacity as a provider of, general audience software, applications, services or websites not designed and marketed for schools.
- ‘Educational/School purposes’ are services or functions that customarily take place at the direction of the educational institution/agency or their teacher/employee, for which the institutions or agency would otherwise use its own employees, and that aid in the administration or improvement of educational and school activities (e.g., instruction, administration, and development and improvement of products/services intended for educational/school use).
- ‘Student personal information’ is personally identifiable information as well as other information when it is both collected and maintained on an individual level and is linked to personally identifiable information.
- ‘Student’ applies to students of United States elementary and secondary schools, and with regard to notice and consent applies only to students of appropriate age as authorized under relevant United States federal law.
- ‘Consumer privacy policies’ include those privacy policies that are posted by the company to be available to all users to the site or service.
- ‘Parent’ includes a student’s legal guardian.