As we transformed to fully/largely remote learning and pulled all student work and interactions onto Google platforms, a question has arisen about the intersection between student privacy and parent access to student accounts. Currently, if a parent is given their child's google log in information, they will have access to far more than ever in the past. Because of authentication agreements, library records, database access, all stored documents, any Google classroom the student is enrolled in, classlists for those classrooms, comments from teachers, peer work on group projects...this is likely not an exhaustive list!
My 2 biggest areas of concern are 1) access to library check outs and 2) ability to see that a student is enrolled in a classroom for the Gay Straight Alliance (GSA) at the school and the entire class list of other members.
I am told by my administrators that FERPA allows for parents to be given student log in information. The RAQ, post "Topic: Patron Confidentiality in School Libraries - 5/6/2019" gave very good information but both the online aspect and the myriad of elements that are exposed with that single password compel me to seek more details. Thank you!
Thank you for this careful and thoughtful question. As we rush to migrate education to online, the small details can get overlooked. As the member writes, information that used to be safeguarded in physical files or with separate passwords is increasingly accessible via a "one-stop shop."
Depending on the type of information involved, any number of ethical, privacy, and legal concerns can be impacted.
In this question, the member focuses on two types of information: library records, and FERPA-protected "education records."
For library records, there is an overlap of legal concerns—an overlap that was thoroughly discussed in the 5/6/19 answer the member cites. In that reply, we established that depending on how a school/school library is set up, parent/guardian access to this information might be allowed--but it’s a question that should never be left to chance (it should always be answered by a school’s FERPA and library privileges policies).
To that answer, and considering the spirit of the times, I'd simply add: any librarian out there, operating in elementary and secondary education, should be lauded when they raise privacy concerns. Librarians should work with IT departments and procurement professionals to ensure data management and automation enable the separately governed access to a student's library records. Even when access is legally allowed by a system, it is still good to emphasize the privacy of library records.
Here are several examples of how this can be done:
For any educator reading this and thinking “Uh-oh,” if the horse is out of the barn, it is never too late to adopt some retroactive corrections. When parental access is as plenary as the member describes, if there is a confirmed issue (such as access to one student’s enrollment records leading to access to all students’ enrollment records[3]) working with IT to address the specific utility hosting that information, and how it can be further locked down, is the only solution.
There will be times when addressing an issue like the ones raised by the member is simply not within the authority of the person concerned. A concerned librarian or educator might even find themselves rebuffed when they try to ring the alarm! When that happens, it is time to kick it upstairs. Each school should have a FERPA officer, and at least one senior administrator whose role is associated with enforcing a code of ethics or policies on privacy. Concerns of this type are all appropriate to direct to such an administrator.
No one engineers a FERPA or privacy violation on purpose, but unwitting violations can happen when the learning environment has to change fast. Being alert and ready to identify and correct concerns as soon as they emerge is critical. Thanks for a solid question that shows how it's done.
[1] “Pandemic Exigencies” would be a good name for a heavy metal band.
[2] As discussed in that 5/6/19 answer, who "properly authorized parties" are can vary from school to school.
[3] This is indeed a possible violation. FERPA §99.12 states "(a) If the education records of a student contain information on more than one student, the parent or eligible student may inspect and review or be informed of only the specific information about that student."
Tags: COVID-19, Privacy, School Libraries, Google, Students