personally identifiable information : American schools are migrating online, providing parents with real-time academic results. The cloud services that remotely host this information about educational achievement are also increasingly being used to store sensitive student details like names, religion, and health status [personal identifying information]. But according to a new study from the Center on Law and Information Policy at Fordham Law School, schools are failing to read the terms and conditions and providing troves of student data to third-party vendors without sufficient safeguards or adequate parental consent.
¶ Of the 54 school districts examined, almost 95 percent used cloud services, but many failed to inform parents of the full breadth of information being outsourced. Furthermore, very few of the schools’ contracts explicitly restricted the marketing of student information.
¶ One-third of data analytics contracts did not comply with the Family Educational Rights and Privacy Act’s requirement that data be deleted after it is no longer needed for the purposes for which it was provided. Few agreements specified a level of encryption, and even fewer required the vendor to tell the schools if there was a data breach. (†359)