Privacy and Confidentiality in the K-12 Library Environment - Information for School Staff
By: Sharrett ([email protected])
Contents
Overview - Why is Privacy and Confidentiality Important to Schools and School Libraries
What Schools and Staff Should Know about Federal Laws
Family Education Rights and Privacy Act (FERPA)
Children's Internet Protection Act (CIPA)
Children's Online Privacy Protection Act (COPPA)
Protection of Pupil Rights Amendment Act (PPRA)
US Patriot Act
Privacy and Confidentiality Tips for Schools and Teachers
Advice for the School Librarian
Overview
Privacy Audits
Privacy and Confidentiality Tips for School Librarians
Additional Resources
Books
Articles and Pamphlets
Internet Resources
Credits
What School and Staff Should Know about Federal Laws
Privacy Tips
Overview - Why is Privacy and Confidentiality Important to Schools and School Libraries
School districts, administrators, teachers and staff must understand federal, state, and district laws and policies regarding privacy and confidentiality. The laws and policies must be understood, not only because of legal ramifications, but because privacy and confidentiality protects students ability to access information and ultimately, learn. Privacy and confidentiality, when respected, allow students to follow their own intellectual curiosity and research any subject without being worried that their research topics would be scrutinized by others. In addition to understanding and supporting privacy and confidentiality laws and policies, if school staff are concerned about protecting student privacy and confidentiality, they must also monitor how changes, such as technological advances, are impacting student privacy and confidentially and proactively advocate for protection when they find deficiencies or areas of improvement.
What Schools and Staff Should Know about Federal Laws
Family Education Rights and Privacy Act (FERPA)
What is FERPA
• Federal law passed in 1974 designed to protect the privacy of student’s educational records (also known as Buckley Amendment)
- Applies to schools that receive federal educational funds
- Typically private/religious schools do not
• Act requires schools to:
- establish a written policy on its confidentiality procedures
- provide students access to their educational records
- permit students to request their records be corrected if there are inaccuracies
- limit the release of this information to others without written consent of parents or students
- allow students to file complaints
• Example of protected information includes:
- social security number, student ID number, transcripts, race, gender, and gender
• Exceptions permitting the release of information includes:
- directory information which includes: name, address, telephone number, date and place of birth, honors and awards, and dates of attendance (however, students may elect to prohibit disclosure of directory information)
- specific “parties” and conditions to include: audits, accrediting organizations, subpoena, health and safety emergencies, and legitimate educational interest
• Parents have rights to their child’s educational records until the child turns 18 or enrolls in postsecondary institution then FERPA rights transfer to student
• FERPA is administered by the Department of Education through the Family Policy Compliance Office (FPCO). FPCO duties include:
- inform schools in how to be compliant
- investigate alleged violations
- request schools update policies that are not in compliance
• Secretary of the Department of Education may withhold funding for FERPA violation (this has never been done)
• Supreme Court cases clarified that individuals cannot use courts to enforce FERPA
How does FERPA affect the school district?
• District must have written FERPA policy
• District must inform students of their rights annually (schools don't have to inform students/parents individually but they do have to notify them in a way that will “reasonably inform” them of their rights (United States Department of Education, 2011)
• Districts must have procedures in place to properly handle restriction of Directory Information (if requested by student in writing)
• District must be able to balance students privacy and safety "In an emergency, FERPA permits school officials to disclose without consent education records, including personally identifiable information from those records, to protect the health or safety of students or other individuals." (United States Department of Education, 2007)
• District staff must process and maintain student records under strict privacy regards
• Schools are not allowed to release a student’s records without the consent of the student’s parents or the consent of the student once attaining the age of 18
• District risks: The failure of a school district to follow the mandates of FERPA could result in the loss of federal funding
How does FERPA affect teachers?
•Teachers must not expose student educational records to anyone other than student, unless student consent is given in writing.
• Examples of methods teachers can use to stay compliant:
- Use codes to display class grades or other data
- Black out names of student work when used as examples
- Limit communication about student work to others
- Ensure Teacher Assistants understand FERPA restrictions
• Teachers have access to student records based on need to know, written documentation of access should be maintained
• Teachers may maintain personal notes about students for personal use
How does FERPA affect school libraries?
• School library records are considered educational records.
• Parents have the right to access school library records
The following is a YouTube video that explains FERPA for elementary school teachers.
For a training video that provides example scenarios that will help teachers learn how to apply these rules in a practical setting try the following Go Animate video.
(Click link or image to link to GoAnimate video)
Children's Internet Protection Act (CIPA)
Schools have specific requirements under CIPA.
• CIPA requires schools use internet filters to block access to images that are "obscene," "child pornography," or "harmful to minors."
• Schools must have published internet safety policies that addresses the following five components:
1. Access to minors of inappropriate images on the internet and web
2. Neighborhood Children's Internet Protection Act (NCIPA) is addressed. This is concerned with the safety and security of minors when using electronic communications (such as e-mail, chat rooms, instant messaging, etc.)
3. Minors accessing inappropriate images by "Hacking"
4. Unauthorized disclosure, use and dissemination of personal identification information regarding minors
5. Measures designed to restrict minors' access to harmful materials
• Basic Requirements of a CIPA-compliant Internet Safety Policy
- Policy applies to minors and adults
- Policy specifies internet filtering mechanism
- Policy emphasizes staff responsibilities for education students on online behavior
- Policy addresses NCIPA concerns
• Determination of what is "inappropriate" is made by the local school board. FCC specifically ruled that social network sites such as Facebook are not required to be blocked.
• Terms "obscene," "child pornography," and "harmful to minor," are legally defined
• Monitoring can be through visual supervision (technical monitoring is not required)
It is my opinion that schools should us a committee to make policy decisions, including policy decisions that may restrict technology.
The following is a video about CIPPA. Titled Examine CIPA And Internet Safety Guidelines - Integrating Technology In The Classroom, this video explains CIPA and is directed toward school staff.
Children's Online Privacy Protection Act (COPPA)
• COPPA applies to students younger than 13 and intent of COPPA is not to limit access to children but to limit web sites from gaining access to children's personal information.
• Typically, a educator or student cannot violate COPPA unless they host a for-profit website however, it does restrict students from participating in online projects or activities which require they pass on personal information to a website.
• Schools may (not required) act as agents for parents and pass parental consent to web site operators but they must obtain consent by parents and they must comply with FERPA.
• COPPA does not apply to websites that have a contract with a school, and information is collected only for the use and benefit of the school (no other commercial purpose)
Protection of Pupil Rights Amendment Act (PPRA)
PPRA governs the collection of information on students that concerns on or more of the following:
1. Political affiliations or beliefs
2. Mental or psychological problems
3. Sex behavior or attitudes
4. Illegal, anti-social, self-incriminating, or demeaning behavior
5. Critical appraisal of family members
6. Legally recognized privileged information
7. Religious practices
8. Income
How does PPRA affect schools
• Schools must develop and adopt PPRA policies
• Schools must inform parents and students of their rights under PPRA annually.
• If a survey is being conducted, and the survey contains question in one or more of the eight protected areas, and it is funded in part or in while by the Department of Education, the school must obtain prior written consent from parents before students can take the survey.
• Parents must have the opportunity to opt-out of any surveys that contain questions in one or more of the eight protected areas but are not funded in part or whole by the Department of education.
• Per the U.S. Department of Education (DOE), parents "have the right to review, upon request, any survey that concerns one or more of the eight protected areas, any instructional materials used in connection with any survey that concerns one or more of the eight protected areas, and any instructional material used as part of the educational curriculum for the student (DOE, 2009).
U.S. Patriot Act
Under the law, federal law enforcement officers may access any individual records or information with a National Security Letter. For school libraries this includes individual user circulation information, internet history logs (websites visited), and any other paper or electronic record.
Privacy and Confidentiality Tips for Schools and Teachers
• Teachers must maintain student privacy and confidentiality, legally and ethically
- In addition to federal laws, teachers must be familiar with their state laws
- Many school district policies incorporate federal and state requirements into the standards; school staff having a working understanding of applicable laws and school policies
- The National Education Association (NEA) code of ethics states, in Principle I item 8, that teachers "Shall not disclose information about students obtained in the course of professional service unless disclosure serves a compelling professional purpose or is required by law."
• A few examples on how a teacher should protect student information:
- Don’t share grades with other students
- Don’t share work unless name has been redacted
- Don’t post lists of students in the class
- Don’t leave confidential information on an answering machine
- Don’t send confidential information via e-mail
- Don’t share information about a student that is not entitled to that information
- Consider assignments (particularly writing assignments) and if they violate student privacy. For example: "write about your most embarrassing moment" or "what is the worst thing that ever happened to you"
• Schools and teachers also have legal obligations that may require that they divulge information for example:
- Teachers must report law violations to school officials
- Teachers must report school safety issues
- Teachers must report suspected child abuse
• Schools and teachers should respect privacy and confidentiality in the library
- Students' circulation records are confidential; only the student and their parent have the right to access
- Many libraries do not mark reading levels on the books; this is to protect the privacy of the students
• As schools adopt new technologies they must create and adopt new policies to protect student privacy and confidentiality
- Portable storage devices, handheld computers, etc., if lost, pose unintended risks
- Educational records transfered electronically could result in unauthorized disclosure
- School surveillance videos, if used for school discipline, become education records and are subject to FERPA
Advice for the School Librarian
Overview
School librarians have a legal and ethical obligation to protect student privacy
• FERPA, a federal law, applies to all U.S. public school libraries and student circulation records
• Article III of the American Library Association's (ALA) code of ethics, 2008, state librarians, "protect each library user's right to privacy and confidentiality with respect to information sought or received and resources consulted, borrowed, acquired, or transmitted."
• The National Education Association (NEA) code of ethics states, in Principle I item 8, that teachers "Shall not disclose information about students obtained in the course of professional service unless disclosure serves a compelling professional purpose or is required by law."
Privacy Audits
Privacy audits can identify how to improve library processes, policies, and procedures.
The following is extracted from D. Riehl's 2007 article, "Students’ privacy rights in school libraries: balancing principles, ethics and practices:
"Policies
• What legislation and school policies address the confidentiality of student information? Do these documents apply to library use?
• Are students aware of parameters placed on their rights to privacy? For example, do they know if computers are monitored and who might have access to their circulation records and information queries?
• Are students aware of the school’s search and seizure policies and how those policies apply to library records?
• Are students informed about third party requests to access library records?
• Are students and parents involved in aspects of the privacy audit and informed of results?
Practices & procedures
• Are overdue notices read aloud or posted in classrooms, or are students notified privately and directly?
• Do students have self-checkout options?
• Do students have opportunities to access library services and materials during times that are more private than class visits?
• If students place holds on material, are those holds handled in a confidential manner?
Advocacy & training
• Are all teachers, library staff and volunteers trained to respect the confidentiality of student queries and use of library materials?
• Are library staff members trained to conduct interviews for personal queries in a confidential manner?
• Are library staff members and volunteers aware that students may consult resources for both curriculum and personal reasons?
• Do students assist with checkout procedures? If so, are they informed about their responsibilities to honor other students’ privacy?
• Have teachers and library staff discussed the implications that labeling may pose for privacy and intellectual freedom?
Technology
• Is the Integrated Library System (ILS) set to purge borrower records as soon as is feasible?
• Are Internet temporary files and access logs retained? If so, how is the information used, by whom and for how long is it kept?
• Are students, teachers and parents aware of any filtering used on library computers? Have they been informed about the limitations of filters?
Balancing intellectual freedom & social responsibilities
• Are library staff members trained to differentiate between queries that represent curiosity and personal interest versus those that pose a reasonable concern for the safety of students?
• Do guidelines identify channels to report concerns about student safety?
• Have staff members discussed how to balance parental involvement and students’ rights to privacy? Are parents encouraged to ask their children directly for information before requesting access to library records?
• Are students informed that teachers have a responsibility to intervene if, in their professional judgment, the welfare of any student might be jeopardized?
• When library staff members make judgment calls about confidentiality, are they acting as parents or as librarians? How do the roles differ?"
When developing a library privacy policy, in addition to checking school district policies, consider the ALA resources at the Privacy Policy website as well as the privacy policy resources available at the University of California Library website.
Privacy and Confidentiality Tips for School Librarians
Consider the following tips extracted from H. Adams 2011 article titled, "The Privacy Problem:
"• Talk to your principal about student privacy in the library and how to resolve various types of record requests in adherence to state and federal laws.
• Request that your board of education adopt a privacy policy stating who can access library patron records and the circumstances under which they may be released.
• Conduct a privacy audit to determine what student data you’ve collected, stored, shared, and used—and then determine what records should be purged.
• Develop a library records retention policy that includes a records-removal schedule and conscientiously maintain it.
• Be proactive and educate administrators, teachers, and all persons working in the library about the need to keep student library records confidential.
• Create and retain as few student library records as possible.
• Set library automation software to automatically delete students’ circulation history.
• Password protect circulation records and provide different levels of access for the adult library staff, students, and volunteers.
• Fold and staple overdue notices so that only the student’s name—and not the book’s title—is visible.
• Make sure that students’ reference questions, reserve and interlibrary loan requests, and the types of books they check out are kept confidential.
• Don’t label and arrange library books by reading levels (a common practice in some schools that use Accelerated Reader) so that students can observe their classmates’ reading levels.
• Teach students how to protect their privacy and to respect the privacy of others.
• Encourage parents to speak directly with their children about their reading choices and what they’ve checked out from the school library."
For a different perspective on how librarians might help educate students about the dangers of the internet and privacy view the following video, "ALA Privacy Conference, Interview with Cory Doctorow. In the video, author Cory Doctorow advocates for librarians and educators to teach students to understand how their privacy is being compromised and how to advocate to take charge of one's own digitial life (presentation is 22 minutes long and is followed by a 30 minute question and answer session with the audience).
ALA Privacy Conference: Interview with Cory Doctorow from 20K Films on Vimeo.
Additional Resources
Books
- Chmara, T. (2009). Privacy and confidentiality issues: A guide for libraries and their lawyers. Chicago: American Library Association.
This book is written by a lawyer who has represented the American Library Association, the Freedom to Read Foundation, and the American Bookseller’s Association. It provides privacy and confidentiality guidelines for libraries to include minors' rights to privacy and library privacy policies.
Darrell, K. B. (2007). Issues in Internet law: Society, technology, and the law. U.S.: Amber Book Co.
- This book is designed to make readers aware of legal issues regarding the internet. It is written for the average person and can also be used as a textbook (it has quizzes at the end of each chapter). Updates to the book are available online at http://www.issuesininternetlaw.com/.
Keenan, K. M. (2005). Invasion of privacy: A reference handbook. Santa Barbara, Calif: ABC-CLIO.
- This is a reference handbook that provides readers with a historical look at privacy issues and is a source for resources for further research. Chapters include, background and history, surveillance and databasing around the world, Privacy in Post-9/11/Post- Coumbine/Gen-mapped America, Chronology, Biographical Sketches, Important Privacy Documents, Directory of Organizations and Government Agencies, and Movies/Books/and Internet News Sources.
Woodward, J. A. (2007). What every librarian should know about electronic privacy. Westport, Conn: Libraries Unlimited.
- This book provides librarians with the information they need to understand electronic privacy issues. Included in the book is a step-by-step guide to developing a library electronic privacy policy.
Articles and Pamphlets
Adams, H. R. (2006). Confidentiality. School Library Media Activities Monthly, 23(1), 33.
- This article explains privacy and confidentiality as it applies to the school library setting. It also explains how the American Library Association Code of Ethics can protect the privacy of students while using the school library.
National Forum on Education Statistics. (2004). Forum guide to protecting the privacy of student information: State and local education agencies, NCES 2004-330. Washington D.C.: U.S. Department of Education. Retrieved from http://nces.ed.gov/pubs2004/2004330.pdf
- This document is written to educate schools on how to develop policies and procedures that protect student information while also allow schools to collect the data they need to make management, instructional and service decisions. The document includes an overview of key terms and federal laws.
Virginia Department of Education (VDOE). Guidelines and resources for internet safety in schools. Retrieved from http://www.doe.virginia.gov/support/safety_crisis_management/internet_safety/guidelines_resources.pdf
- This document was written to help Virginia schools (1) write internet safety policy (2) integrate internet safety into the curriculum, and (3) support the responsibility of all "stakeholders" in protecting students online. The document was written by consulting many experts including educators, researchers, law enforcement, and nonprofit organizations.
Internet Resources
American Library Association (ALA). (2005). Privacy tool kit. Retrieved from http://www.ala.org/offices/oif/iftoolkits/toolkitsprivacy/privacy
- This website provides information regarding privacy to include guidance on developing a privacy policy for a library. The items in the toolkit include historical background of library privacy, a list of privacy laws, and what libraries can do to advocate for privacy.
U.S. Department of Education. (2012). Family Policy Compliance Office (FERPA). Retrieved from http://www2.ed.gov/policy/gen/guid/fpco/index.html
- This website provides multiple links that provides schools, teachers, parents and students with information about FERPA. It also provides legislative historical information and example notification and disclosure forms.
VDOE. (2012). Internet safety. Retrieved from http://www.doe.virginia.gov/support/safety_crisis_management/internet_safety/
- This website provides Virginia Department of Education information for internet safety. It includes multiple links to resources helpful to teachers, parents and students as well as multiple narrated powerpoint presentations including a teacher professional development presentation.
Credits
All clipart retrieved from: Microsoft Corporation. (2010). Microsoft Office PowerPoint 2010 [computer software]. Seattle, WA: Microsoft.
What School and Staff Should Know about Federal Laws
FERPA
FERPA information from: United States Department of Education (DOE). (2007). Balancing student privacy and school safety: A guide to the Family Educational Rights and Privacy Act for elementary and secondary schools. Retrieved from http://www2.ed.gov/policy/gen/guid/fpco/brochures/elsec.html
Video from: Gile, V. (Producer). (2011). FERPA for elementary school teachers. [Web Video]. Retrieved from http://www.youtube.com/watch?v=36mb8bu9fQo
Davis. (Producer). (2012). Ferpa training video. [Web Video]. Retrieved from http://goanimate.com/videos/0fBX183uu17M?utm_source=linkshare
CIPA
CIPA information from: E-Rate Central (n.d.). Internet safety policies and CIPA: An E-rate primer for schools and libraries. Retrieved from http://www.e-ratecentral.com/CIPA/cipa_policy_primer.pdf
Venn Diagram from Dave Makes (see http://www.davemakes.com/blog/?p=117)
Video from: SimpleK12 - Teacher Professional Development (Producer). (2011). Itc: Examine CIPA and internet safety guidelines. [Web Video]. Retrieved from http://www.youtube.com/watch?
COPPA
Information regarding COPPA: Federal Trade Commission (2008). Frequently asked questions about the Children's Online Privacy Protection Rule. Retrieved from http://www.ftc.gov/privacy/coppafaqs.shtm
Cartoon about Dogs and Internet retrieved from http://www.samiviitamaki.com/?p=444
PPRA
PPRA information from: DOE. (2009, September). Dear Superintendent [Letter to school superintendents]. Retrieved from http://doe.sd.gov/pressroom/educationonline/2009/October/FERPA%202009.pdf
U.S. Patriot Act
U.S. Patriot Act information from: Chmara, T. (2009). Privacy and confidentiality issues: A guide for libraries and their lawyers. Chicago: American Library Association.
Privacy Tips
Privacy and Confidentiality Tips for Schools and Teachers
NEA Code of Ethics: National Education Association. (1975). NEA Code of Ethics. Retrieved from http://www.nea.org/home/30442.htm
Advice for the School Librarian
Overview
Article III of ALA Code of Ethics: ALA. (2008). Code of Ethics of the American Library Association. Retrieved from http://www.ala.org/advocacy/proethics/codeofethics/codeethics
NEA Code of Ethics: National Education Association. (1975). NEA Code of Ethics. Retrieved from http://www.nea.org/home/30442.htm
Privacy Audit
Riehl extract from: Riehl, D. (2007). Students’ privacy rights in school libraries: balancing principles, ethics and practices. School Libraries in Canada: a Journal of the Canadian Association of School Libraries. 26(2). Retrieved from
http://www.cla.ca/casl/slic/262studentsprivacyrights.html
Privacy and Confidentiality Tips for the School Librarian
Adams extract from: Adams, H. R. (2011). The Privacy Problem. School Library Journal, 57(4), 34-37. Retrieved from http://www.schoollibraryjournal.com/slj/printissuecurrentissue/889643-