This post was co-authored by Professor Paul Schwartz, Berkeley Law School.
Education was one of the first areas where privacy was regulated by a federal statute. Passed in the early 1970s, the Family Educational Rights and Privacy Act (FERPA) was on the frontier of federal privacy regulation. But now it is old and ineffective. With the growing public concern about the privacy of student data, states are starting to rev up their engines and become more involved. The result could be game-changing legislation for the multi-billion dollar education technology industry.
In October, personal financial data — including social security numbers, loan repayment histories and bank-routing numbers – of thousands of college students was exposed on the Department of Education’s (ED) direct loan website. For seven minutes, anyone surfing the direct loan website could find personal information about students who had borrowed from the Department of Education.
I have been spending a lot of time examining education privacy lately, and there are some very troubling things going on in this field. At a general level, schools lack much sophistication in how they handle privacy issues. Other industry sectors that handle sensitive personal data have Chief Privacy Officers and a comprehensive privacy program. Most schools lack anyone to handle privacy or any kind of privacy program. I recently started a new company called TeachPrivacy to address these issues and help schools better develop a privacy program.