Providing models for local policies on e-rate required policies including data confidentiality, data privacy, and responsible use. (Nov 2017)

Executive Summary

Data from the 2017 Digital Learning and Media Inventory (DLMI) show nearly all traditional public-school districts in North Carolina, and nearly all of the charter schools that responded to the survey, have at least some of the policies associated with digital teaching and learning. However, it was not always possible to verify the policy information districts provided due to problems with the links. This memo summarizes policy findings from the DLMI, provides model policies for consideration, and suggests next steps.

Introduction

The North Carolina Digital Learning and Media Inventory (NCDLMI) is completed by school districts annually. The information is used by the state to report on digital learning efforts statewide, and to plan future actions and recommendations regarding digital learning.

In 2017, 115 public school districts and 89 charter schools completed the DLMI. Districts and schools provided information as to the current state of digital learning, e.g., digital devices they own, internet connections, what digital services and content providers they use, technology staffing, and their digital learning policies.

As part of the partnership between the Friday Institute and the North Carolina Department of Public Instruction (NCDPI), this memo summarizes the DLMI data regarding school and district policies related to digital learning.

Required Policies

In order to qualify for the Federal Communications Commission E-rate program, schools must have policies in place that comply with the Children’s Internet Protection Act (CIPA) and with the Protecting Children in the 21st Century Act[1]. The policies must include technology protection measures. The protection measures must block or filter Internet access to pictures that are obscene, to child pornography, and to materials that are harmful to minors.

In addition, the Internet safety policies must include, in a single policy, or in multiple policies:

  • monitoring the online activities of minors;
  • educating minors about appropriate online behavior, including interacting with other individuals on social networking websites and in chat rooms; and
  • cyberbullying awareness and response.

DLMI Policy Data

On the DLMI, districts and schools indicated whether they had policies regarding data privacy, data confidentiality, responsible use, student-owned devices, 24/7 access to devices, and 24/7 access to digital content. Not all of these policies are required for e-rate funding; however, some of them may be used to fulfill those requirements.

As Table 1 shows, among traditional public-school districts, 97% of school districts indicated they had a Responsible Use policy, 80% indicated they had a Data Privacy policy, and 87% indicated they had a Data Confidentiality policy. Among charter schools that responded to the survey, 82% indicated they had a Responsible Use policy, 54% indicated they had a Data Privacy policy, and 48% indicated they had a Data Confidentiality policy.

The links provided for the Data Privacy and Data Confidentiality policies, however, led to policies with different titles, such as, “Confidentiality of Personal Identifying Information” and “Student Records.” There were many links that did not work at all, or that led to the district’s or school’s web page or policy manual, rather than to a specific policy. Appendix A provides information on the policies that districts indicated they had, along with whether the links they provided led to those policies. The information in Appendix B includes a sorting of districts into three groups: those whose policies could all be accessed with the links provided (column A), those who provided at least one working link to a policy (column B), and those who did not provide any working links (column C). We recommend that NC DPI follow up with districts and charter schools whose evidence of the listed policies could not be verified from the data provided. It is possible that the districts and charter schools indeed have these policies and simply need to update their links.

Of note, for the purposes of this review, policies that discussed the confidentiality of personal information and/or that discussed measures and procedures the district takes to ensure privacy were counted for Data Privacy or Data Confidentiality.

Table 1: DLMI Reported Data 2016-17
Policies Traditional School Districts (n=115) Charter Schools (n=89)
None 2 2% 14 16%
Data Privacy 92 80% 48 54%
Responsible Use 112 97% 73 82%
Data Confedentiality 87 76% 43 48%
24/7 access to devices 38 33% 11 12%
24/7 access to digital content 22 19% 12 13%
Student-owned devices 63 55% 26 29%
DLI in Strategic Plan 100 87% 45 51%

Responsible Use Policy and Internet Safety Policy

By far, the most common policy among the districts and schools who responded to the DLMI was the Responsible Use policy. Unfortunately, this policy, as it exists in most cases, does not appear to meet all the requirements of E-rate[2]. The Internet Safety policy provided by the North Carolina School Boards Association (NCSBA) and by E-Rate Central, however, appear to meet all the requirements of E-rate. We recommend that the staff at NC DPI review these policies to determine whether they should recommend them to districts.

Model Policies

The model policies for Internet Safety provided by the NCSBA and by E-Rate Central[3] would fulfill all the requirements for E-rate funding; however, the DLMI did not ask districts whether they had an Internet Safety policy. We recommend that NCDPI consider adding a question to the DLMI asking districts if they have an Internet Safety policy, and to provide the link. NCDPI should also consider shortening the policy section of the survey, if they are not using that information.

Some districts have additional policies and procedures pertaining to technology that the DLMI did not ask, but that NCDPI may want to review, with an eye toward possible future recommendations to school districts. For example, Carteret County has a Privacy in the Special Education Classroom policy which addresses the particular privacy procedures they have in place for students with disabilities, including privacy as it pertains to technology. Durham Public Schools has a Data Confidentiality and Security Agreement for Online Service Providers that we recommend NCDPI review. Although this is not a policy, it could serve as a model for districts, most of whom contract with online service providers.

Surry County has several policies pertaining to technology that other districts may find helpful, as well. These policies include the Instructional Use Policy, the Operational Use Policy, the Network Security Policy, the Board Use Policy, and the Technological Resources Appendices 1 and 2. In these Appendices, the district includes information on computer protection and technological crimes, along with helpful links for information on the teaching standards from the International Society for Technology in Education (ISTE). We recommend that NCDPI review these policies for potential recommendations to districts.

Finally, the Data Recovery and Protection Procedures at Watauga County outline specific data security and recovery responsibilities assigned to staff members. NC DPI may want to review this policy for possible recommendation to school districts.

We have also provided model policies from E-Rate Central and from the Department of Commerce National Telecommunications and Information Administration. The policy from E-Rate Central is similar to the Internet Safety policy from the NCSBA, in that it would fulfill all policy requirements of e-rate in a single policy.

All of the model policies discussed are included in Appendix C.

 

  1. Department of Commerce National Telecommunications and Information Administration. (2003). Children’s Internet Protection Act Study of Technology Protection Measures in Section 1703 (Report to Congress). Washington, D.C. https://www.ntia.doc.gov/files/ntia/publications/cipareport08142003.pdf
  2. Since the researchers at the Friday Institute are not legal scholars, this does not constitute legal advice. We recommend that the staff at NC DPI enlist the assistance of their legal experts to determine the need for any policy change recommendations.
  3. E-Rate Central. Internet Safety Policies and CIPA: An E-Rate Primer for Schools and Libraries.

 

View Resource

Authors and Contributors