On Feb. 25, the U.S. Department of Education’s (DOE) Privacy Technical Assistance Center (PTAC) released an updated guidance on how to protect students’ privacy.
This guidance serves as a resource available to schools, universities and educators to assist them in interpreting and understanding the laws and practices of protecting students’ privacy when using online educational services at school, according to the DOE.
At Georgia State, these online educational services include Desire2Learn (D2L), PAWS, GoSolar, McGraww-Hill Connect, MyMathLab and many other sites and apps that students use to do their homework, look up notes or access information for class.
Langston Thomas, a junior history and political science major, said that he likes what PTAC is doing for students.
“I think that PTAC is good. I think it has the student interest in mind as opposed to the school taking whatever information they can to get profit or recruit students,” Thomas said.
Included in the PTAC’s guide for protecting students’ privacy are case studies, videos, presentations and “webinars” that school officials can sign up and watch. All of these make sure that school officials are taking the right precautions when it comes to a student’s information being used and accessed through the school via those educational websites.
The PTAC’s guide includes helpful information on data-sharing and dissemination, legal references, security best practices, disclosure avoidance and data governance.
This “handbook” for protecting students’ privacy also summarizes the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA). These are federal laws that all institutions funded by the DOE must abide by—including Georgia State.
In the event that personal identifiable information (PII) of a student is shared to a provider or third-party, the school or institution has to follow a strict set of rules to avoid the disclosure of that information elsewhere. In addition to that, they have to use a student’s PII only for purposes for which they received the information for and nothing more.
Such PII includes a student’s name, date of birth, family member names and other direct and indirect information about the student. Moreover, they give students the right to have access to their educational records.
According to Thomas, Georgia State should only have access to information that is relevant to education records. He said he hasn’t had any privacy issues while enrolled at the University.
“As far as I’m aware, they haven’t used my information on
anything that I wouldn’t want them to,” Thomas said.
In the event that the University tries to give a student’s PII to another party, Thomas suggested that the University should let the student know via email or by placing a hold on their account.
Another student, Keisha Harris, a senior criminal justice and psychology major said that she doesn’t think that Georgia State should have
access to personal information outside of what is used to log into University
systems such as PAWS and D2L.
She also said that PTAC is a benefit for educational institutions
and a positive learning tool.
SharI Piotrowski, member of the management team in Georgia State’s Office of the registrar, said “the University does take seriously the privacy of all student academic records. Student records are kept private in accordance with the FERPA law. The only information that is released without student consent is information defined as directory information.”
Examples of a student’s directory information is defined as a student’s name, age, major, address, email address and telephone number.
She also said that more information on what is used and protected by the University and FERPA is found on the Office of Registrar website’s catalog.