Raise Your Hand Action is calling for comprehensive legislation to protect the security and privacy of Illinois students’ personally identifiable information (PII). Public education is a common good. In an era of big data, our government ignores the public good when the public school system does not ensure that student data is protected. In order to receive an education, public school students must not be forced to forfeit their rights to privacy and a secure digital footprint.
Recently exposed threats to privacy and security of student data in our state and more broadly make action on these issues imperative.
Any new or revised policies should address how student data is collected, processed and stored by state agencies, schools and districts, and third-party organizations and vendors.
As policies that apply to student data are developed, policymakers must hold the priorities of the state’s children higher than the profitability of the organizations wishing to do business with the public institutions in our state.
We call on the IL General Assembly to pass legislation that addresses the following six issues. The legislation should apply to any software, apps or devices used by employees, students and parents for school purposes:
- Prohibit any surveillance of students off school property via digital devices, software, or apps.
- Prohibit sharing highly sensitive data, e.g. a child’s disabilities, health and disciplinary information, beyond the school without informed parental consent including disclosure of who will receive the data and for what purpose.
- Prohibit any requirement to share personally identifiable information in order to receive free and appropriate public education.
- Prohibit redisclosure of data to other third parties.
- Require detailed parental notification of all types of student data collected or transmitted or stored by software or apps: who is collecting the data and what data elements are being collected.
- Establish clear procedures for how families can examine, correct and delete student data.
- Require signed contracts for all software and apps, whether paid or freeware, in use in a district that process or store student PII. Contracts must be publicly available with privacy policies that include a date for when any stored data will be destroyed.
- Establish detailed minimum security requirements for student PII.
- Establish detailed requirements for breach notification procedures for both vendors and schools and districts.
- Prohibit selling or licensing of student data.
- Prohibit transfer of student data in mergers and acquisitions.
- Prohibit use of student data for software development, including training statistical models for adaptive or machine learning algorithms.
- Prohibit advertising to students in software and apps used for school purposes at school direction whether targeted and based on data collected over time or during usage or not targeted.
- Establish clear procedures for enforcement of these provisions at state and district level.
- Reinforce existing private right of action for families against district or vendor, as already is provided for in IL student privacy law.
- Oversight: Establish a stakeholder oversight board that includes parents and privacy experts to periodically review laws and regulations in light of technological developments in order to make recommendations for policy revisions.
As a first step on the path to reforming how student PII is treated in Illinois, we call on the General Assembly to:
- Pass the Student Information Transparency Act to address Items 2(a-b) above.
- Hold subject-matter hearings on student data privacy via the IL House Cybersecurity, Data Analytics & IT Committee and the IL Senate Telecommunications and Information Technology Committee.
You can use this Action Network interface to send a letter to your own state rep and state senator urging them to take these initial steps towards comprehensive protection of Illinois' students' personal data.
[Image used via Creative Commons]