Policies for Safety and Security
Providing broadband and Wi-Fi access to teachers and students requires addressing policies to help protect student privacy, to encourage digital citizenship and to support student safety. Schools implementing high access, digital learning environments should consider policies related to responsible/appropriate use of the network and devices.
Acceptable Use Policies
- Schools and districts typically implement acceptable use policies (AUP) for students, parents and faculty members that have access to school devices and/or the school- based software or broadband services to help ensure student safety and security and to help protect the school’s equipment and servers. AUPs vary based on school and district implementation programs, and should be customized based on the user groups. Each school or district should review annually current policies, templates and supporting documents related to device usage and management, broadband access and permissions and contact forms.
Below, are sample documents that may help to manage user expectations by establishing policies for responsible internet use examples:
- Greene Central High School in North Carolina sample acceptable use policy, signature page, and laptop consent form
- Fairfax County Virginia Acceptable Use Policy
- iPad Procedures: Lamoille UHS, Hyde Park, Vermont
- A Student-Centered Universal BYOT Policy Template For Schools
Three federal laws are crucial as a base for local policies on student data privacy and they also play a role in considerations for policies related to appropriate use of technology. Those federal laws are The Family Educational Rights and Privacy Act (FERPA), Children’s Online Privacy Protection Act (COPPA), and Children’s internet Protection Act (CIPA).
- The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. New regulatory changes for FERPA became effective on January 3, 2012. Among other things, the 2012 changes to FERPA expanded the requirements for written agreements and enforcement mechanisms to help ensure program effectiveness, promote effectiveness research, and increase accountability. In February 2014, additional guidance summarized the major requirements of the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PPRA) that relate to educational services, and urges schools and districts to go beyond compliance to follow best practices for outsourcing school functions using online educational services, including computer software, mobile applications and web-based tools. The Department of Education has established a Privacy Technical Assistance Center (PTAC) within the National Center for Education Statistics, which serves as a “one-stop resource” for the P-20 education community on privacy, confidentiality, and data security. Since its launch the center has developed a PTAC Toolkit that provides resources on data sharing, security best practices, and other relevant topics.
- Congress enacted COPPA in 1998. Most recently, it was amended in December 2012 to take effect on July 1, 2013. The goal of COPPA is to put parents in charge of what information may be collected online about their children under the age of 13. The rule applies to operators of commercial websites and online services (including mobile apps). COPPA allows schools to act as “intermediaries” between website operators and parents in providing consent for the collection of personal information in the school context. For example, when a district contracts with a vendor for homework help, individualized education modules, online research and organizational tools, or web-based testing services, the vendor doesn’t have to obtain consent directly from the parent; the school is authorized to speak on behalf of the student. However, the Bureau of Consumer Protection Business Center also advises schools to inform parents of its practices in their acceptable use policy. When student use of a web service extends beyond school activities, the center adds, the school “should carefully consider whether it has effectively notified parents of its intent to allow children to participate in such online activities.”
- Schools with E-Rate funding must enforce a policy of internet safety and certify that they are enforcing a policy of internet safety that includes measures to block or filter internet access for both minors and adults to certain visual depictions. CIPA requirements include maintaining an internet Safety Policy, a Technology Protection Measure and a public notice or hearing. A technology protection measure is a specific technology that blocks or filters internet access. The school or library must enforce the operation of the technology protection measure during the use of its computers with internet access, although an administrator, supervisor, or other person authorized by the authority with responsibility for administration of the school or library may disable the technology protection measure during use by an adult to enable access for bona fide research or other lawful purpose.