Reidenberg, et al. 2013 (†364)Reidenberg, et al. "Privacy and Cloud Computing in Public Schools." (Fordham Law School, Center on Law and Information Policy, 2013).
- cloud service : · 95% of [K-12 school] districts rely on cloud services for a diverse range of functions including data mining related to student performance, support for classroom activities, student guidance, data hosting, as well as special services such as cafeteria payments and transportation planning. · Cloud services are poorly understood, non-transparent, and weakly governed: only 25% of districts inform parents of their use of cloud services, 20% of districts fail to have policies governing the use of online services, and a sizeable plurality of districts have rampant gaps in their contract documentation, including missing privacy policies. · Districts frequently surrender control of student information when using cloud services: fewer than 25% of the agreements specify the purpose for disclosures of student information, fewer than 7% of the contracts restrict the sale or marketing of student information by vendors, and many agreements allow vendors to change the terms (†361)
- data governance : [School] districts must establish policies and implementation plans for the adoption of cloud services by teachers and staff including in-service training and easy mechanisms for teachers to adopt, and propose technologies for instructional use. Districts must address directly and publicly any policies on the use of student data for advertiser supported services. Districts should create data governance advisory councils for advice and industry should develop mechanisms to help districts vet privacy-safe services and technologies. Finally, larger districts and state departments of education must designate a Chief Privacy Officer to provide advice and assistance. (†362)
- privacy : As public schools in the United States rapidly adopt cloud-computing services, and consequently transfer increasing quantities of student information to third-party providers, privacy issues become more salient and contentious. The protection of student privacy in the context of cloud computing is generally unknown both to the public and to policy-makers. This study thus focuses on K-12 public education and examines how school districts address privacy when they transfer student Information to cloud computing service providers (†360)
- transparency : Recommendation for Transparency: The existence and identity of cloud service providers and the privacy protections for student data should be available on [K-12 school] district websites, and districts must provide notice to parents of these services and the types of student information that is transferred to third parties. (†363)