Privacy

Developing Online Educational Products? Following New Guidance May Boost Sales

Published: Feb. 27, 2015

Updated: Oct. 05, 2020

To help schools and districts protect student privacy when they decide which online educational services and applications to offer students, on February 26, 2015, the U.S. Department of Education released a training video and guidance entitled Protecting Student Privacy While Using Online Educational Services: Model Terms of Service. The guidance details best practices to enable schools and districts to identify online educational products with strong privacy and data security policies and practices.

The guidance encourages schools to choose educational services providers (“Providers”) who implement best practices, which include:

  • Marketing & Advertising: The Provider will not use or mine any data to advertise or market to students or their parents.
  • Modification of Terms: The Provider will not change how data is collected, used, or shared without advanced notice and consent from the school or district.
  • Minimum Data Collection: The Provider will collect only the data necessary to fulfill its obligations.
  • Data Sharing: The Provider may share information with subcontractors, but Providers will inform schools and districts of the identity of these subcontractors, and the subcontractors must be bound by the relevant terms of service.
  • Intellectual Property Rights in Data: The school or district shall retain all rights to data that may be accessed by the Provider, including the right to sell or trade data.
  • Data Access: The Provider shall provide stored data to the school or district upon request; there are no limitations on access to the data.
  • Security Controls: The Provider shall employ industry best practices in safeguarding data. The Provider shall also conduct periodic risk assessments and have a written breach response plan in the event of a security incident.

Companies developing online educational products should pay close attention to the guidance, as compliance with the best practices detailed in the guidance may be valuable in securing educational institutions as customers.

Photo by Waag Society from Flickr