Scenarios

4.1  As an example consider an educator who has access to a student's permanent record because he/she is involved in setting up a new student management package and testing GPA calculations.  In order to test the GPA calculations of the software package there is no need to access the discipline records of the student.  Another example of consequential access to information is the network support staff maintaining the e-mail system.  Undeliverable or bounced mail often ends up in the postmaster's mailbox.  That individual should only review the message headers to determine the reason for the message being undeliverable and not access the contents of the message.  Similarly, when setting up and testing access permissions on a network system the administrator has need to access personal folders to test security configurations.  There is no need to read the contents of files in the folders other than the access permissions of the files.

Examples of safe practices include not leaving confidential files open on a desk, on a computer screen, or in an obvious and easily accessible location.  Electronic files need to be stored in password-protected folders not accessible to others.

One of the hottest applications of technology currently is to increase communication with parents and guardians.  This is a great idea, but making more information available outside the traditional locked file cabinets brings with it additional responsibility.  If a parent can access their child’s attendance and assignment scores from the web, the school has additional responsibilities to ensure that only those parents can access this information.

The legal requirements for student records provided by FERPA provide legal rights of families for access and protection of student information.  This can place educators in a difficult position.  Whenever a memo, e-mail, or other document (electronic or other) is generated which contains readily identifiable references to a student this is classified as a student record and must be maintained for five years after the student leaves the system.  It is easy for educators to generate confidential information, which must then be maintained, posing a risk of being accessed or disclosed to others.  This is in conflict with good parent and staff communication.

The obligation to inform those affected as to how long information is stored extends beyond the basic access to permanent student records.  One example, which at first seems simple, is the storage and use of MP3 audio files on school equipment. When students have access to the Internet, it is easy to download graphics, audio, and other files.  If the files are consuming bandwidth on the school network and using significant amounts of storage space on servers, then does the school have a right to delete all MP3 files from the server every night because they are not related to class studies and are interfering with backups and efficient use of the equipment for educational purposes?  This is not as simple as it first may seem, but the school would have a right to maintain its equipment in optimum working order for classroom use, provided the school clearly communicated to students the policy and that these files will be deleted nightly.  This gives the student notice and also the opportunity to petition for special privileges if the audio files are truly part of an educational project.  There are many similar situations concerning school network file cleaning.  For instance, at the end of the semester or year are all student folders deleted?  This is an acceptable policy if the school has clearly informed the students and provided a method for allowing the students to access, copy, and take home any personal files desired.

To ensure accuracy it is also necessary to maintain security and protect files from tampering. (see section 3 - hackers)
 

4.2  The new Children's Internet Protection Act is mandated for all schools receiving federal communications funds.  This Act requires schools to "filter" Internet content and block "inappropriate content" from students.  Educators must respect and abide by the legal requirements.  There are provisions in the act allowing access for research and specific legitimate purposes.  Schools are developing policies to address the federal requirements at this time and responsible educators should all be reviewing and participating in the development of local policies. 

Examples of the limits of free speech would include posting of student home addresses and daily schedules on websites, releasing grades and discipline records, etc.  There are times when it is necessary to balance the privacy rights of a staff member or student with the protection of that individual or others.  An educator will at times be required to make these judgment calls and when there is eminent potential for danger to another the educator may have to violate the privacy rights of one individual for the good of others.  Educators being mandatory reporters have not only a legal obligation, but a moral responsibility to report students suspected of abuse.  This violates the privacy of the student but is certainly in the best interest of the student.  In these instances, the educator can still use care to only divulge the information necessary and still protect the confidentiality of most information. 
 

4.3  The Children's On-line Protection Act makes it a federal crime for websites to collect information on children under the age of 13, but over 89% of children's websites do collect some information on children visiting these sites and only 14% so disclose. ⁵

Educators must realize the information they protect can have life long consequences for their students if divulged.  Beside grades and discipline information, schools collect family history and medical information.  The use of genetics and medical history to make insurance and career/employment decisions in the near future has great potential for abuse.

Schools should also use the technology resources to protect the identity of students from the general world.  This can include disabling cookies or using proxy servers to mask IP numbers, but most of all it involves educating the students and being aware of what they are using the computers for.  The level of electronic protection, like traditional physical protection, can decrease with older students who have an understanding and ability to be responsible for their own protection.  Since educators are responsible for the development of their students this also includes teaching students the importance of and techniques for safe communication on their home computers.

Synchronous interactions such as via Instant Messenger and Chat Rooms can be especially difficult to monitor and protect the students.  Because of this, many school AUPs do not allow students to participate in synchronous electronic communications.  This may be extreme, but possibly necessary as the technologies mature.  However, as the rules are evolving, a responsible educator will not allow students to participate in unsupervised instant messenger or chat rooms.  This is especially for younger students who lack a comprehension of the dangers.  Their innocence prevents them from understanding that the cloak of anonymity provided by electronic communications makes it difficult to determine the true identify and character of others.  Educators must protect students and have a moral obligation to model and teach safe electronic communications skills. 

These same safety concerns extend to student e-mail and to student or staff developed webpages.  Staff developed pages should never include information on the site which can identify individual students by name, picture, or any directory information.  In general, educators should never share more than the minimum directory information and then only when authorized or required to share this information.  Schools need clear policies concerning what information is safe for students to place on webpages shared outside the building.  Educators have an obligation to share with student the reasons for these safety precautions.
 

4.4  For the protection of property and most importantly students there is a need for limited monitoring.  Types of monitoring include video and audio surveillance, screening of personal e-mail and electronic documents, collection of web-browsing patterns, and random searches of student property and electronic files.

Limited monitoring is necessary for safety.  This includes monitoring visitors and other individuals who are on school grounds.  It can be used for the protection of school, staff and students' property, as well as to protect the individuals themselves.  The issue of random searches will also come up.  Should schools monitor student e-mail, do random checks of student network folders, and other electronic property?  These issues are similar to physical property issues such as locker, vehicles on school grounds and backpacks.  Schools have an obligation to make the ownership, access, and search policies clearly known to students and educators should only implement monitoring and searches of personal files when there is reasonable suspicion and valid cause.

Where does the boundary between educational support and interference with education occur?  Wireless laptops and PDAs can be valuable tools freeing students to do more authentic activities such as data collection for science.  The same tools when applied inappropriately can be serious deterrents to maintaining a good educational environment.  Students may be messaging each with an electronic version of note passing, sharing test answers and other distracting activities.  The potential for good is too great to ban wireless technologies.  There will be a temptation to implement PDA “scanners” but and it will be better to cultivate a culture where students know the appropriate use wireless computers as well as understanding why not to run with scissors.
 

4.5  Classroom practices can be powerful models of proper respect for privacy.  In many classrooms it has been common practice for students to trade and grade each other's papers.  Educators should evaluate the implications of these types of practices when applied to traditional and electronic classroom use of confidential information.  This can include having students enter grades for others into electronic gradebooks for the teacher.  The old maxim of actions speaking loudly certainly applies to classroom practice.

Privacy