SIIA Announces Industry Best Practices to Safeguard Student Information Privacy and Data Security and Advance the Effective Use of Technology in Education
"SIIA and our member companies are committed to safeguarding student information privacy and ensuring data security in schools," said
Schneiderman continued, "We are stepping forward with a series of best practices that will help protect student data and allow technology providers to continue to offer effective, leading-edge education solutions. These best practices are offered as part of our ongoing effort to create a trust framework between families, educational institutions and their service providers."
Schools use technologies to collect and manage student information in ways increasingly important to a school's enterprise management and to student learning, and do so in partnership with school service providers with expertise in data management and security, learning analytics and instructional design. A significant network of laws and business practices now govern the use and sharing of student information.
With the goal of supplementing existing efforts, SIIA released the following Best Practices for the Safeguarding of Student Information Privacy and Security for Providers of School Services. These privacy and security best practices are intended as guidance for providers of educational services to educational institutions to the extent that they collect, disseminate, use or maintain personally identifiable information about students (student PII). These best practices can be used to inform the contracts that govern the relationship between providers of educational services and the educational institutions - school districts and schools - for which they work.
Educational Purpose: School service providers collect, use, or share student PII only for educational and related purposes for which they were engaged or directed by the educational institution, in accordance with applicable state and federal laws.
Transparency: School service providers disclose in contracts and/or privacy policies what types of student PII are collected directly from students, and for what purposes this information is used or shared with third parties.
Authorization: School service providers collect, use, or share student PII only in accordance with the provisions of their privacy policies and contracts with the educational institutions they serve, or with the consent of students or parents as authorized by law, or as otherwise directed by the educational institution or required by law.
Security: School service providers have in place security policies and procedures reasonably designed to protect personal student information against risks such as unauthorized access or use, or unintended or inappropriate destruction, modification, or disclosure.
Data Breach Notification: School service providers have in place reasonable policies and procedures in the case of actual data breaches, including procedures to both notify educational institutions, and as appropriate, to coordinate with educational institutions to support their notification of affected individuals, students and families when there is a substantial risk of harm from the breach or a legal duty to provide notification.
TNS 24HariCha-140226-30Furigayjane-4648931 30FurigayJane
Most Popular Stories
- #myNYPD Twitter Campaign Backfires for NYPD
- Pols Back Away From Bundy After Racist Statements
- First-time Jobless Claims Jump by 24,000
- Putin Says Internet Is CIA Plot
- Durable Goods Orders Rose More Than Expected
- Freshman Senators Speak Out on Foreign Policy
- Nasdaq OMX Profits Soar in Q1
- John Oliver Set for 'Last Week Tonight'
- Justin Bieber's War Shrine Pic Causes Flap
- Sina Loses License Over Porn