Blog — School Safety — Joffe Emergency Services

How Schools Should Handle Personally Identifiable Information

Written by Bobby Decker, Operations Specialist | September 11, 2019

Privacy has always been a challenge and concern for schools, even before every single individual on campus began carrying powerful technology in their pocket. One of the most pressing responsibilities schools have on a daily basis is to protect Personally Identifiable Information (PII). PII is defined as anything that can be used to reveal the identity or personal information of students. This is a legal obligation, as we’ll discuss, but it’s also a critical best practice in safety. Ensuring that students cannot be publicly identified as a result of school actions keeps those students safer.

 

Let’s start with perhaps the most common and obvious form of PII, photographs and videos. What are a school’s obligations when sharing images of students or campus, and how should they protect themselves? Can or should they post pictures of students on social media? What about other things that might contain PII? There are a few laws that set the boundaries of how schools must handle this information. For this overview, we’ll focus on FERPA, or the Family Educational Rights and Privacy Act. 

 

FERPA limits what groups and individuals can see information from an individual student’s education record. Only trusted and key actors get this information. We certainly aren’t making public Facebook posts about what grades everyone got last semester. So, would a picture or video of a student go in their education record, and limit its use? Determining this relies on the key term in FERPA regulations, “directly related.” 

 

Essentially, there are two factors that guide this: First, would a neutral observer classify a specific student as the focus of the photo or video? For example, a recording of a student’s class presentation does qualify, and the video would be directly related to that individual student. However, a photo of the class watching that same presentation being given might not meet the standards, particularly if we cannot clearly identify the student who is speaking. Confused yet? 

 

Good, because we need a quick aside. There’s another key factor we’ll go over, but the “directly related” determination also relies heavily on schools making a contextual decision. That means you can review these decisions on a case-by-case basis. In terms of best safety practices, if you have a moment where you question whether this photo should be shared publicly, don’t share the photo! If you have any concerns as to how the photo, video, or audio could be misinterpreted or misused, don’t share it! We can talk about FERPA and other associated acronyms all day, but the most effective tool in keeping students safe is awareness and thoughtfulness. Always think about where images (or audio or video) are shared, who might be able to access them, and what message or information they communicate to the audience (intentional or accidental).

 

This leads directly into our second factor in determining whether something is directly related to a student. It is straightforward, but critical. If the photo or video has any personally identifiable information, sharing it without written permission would be illegal. More importantly, even in a case where written permission may be granted, schools must consider whether they even should share these images. What is the purpose of sharing




Of course, our concern regarding sharing PII has to go beyond images. Before sharing data or making it publicly accessible, schools should consider whether it might inadvertently reveal a student’s identity. For example, a school with a small minority population could indirectly reveal a student’s test scores by breaking the results down by race. Our modern world has also created new challenges in protecting the personal information of students. From metadata collected through online learning, to specialized education plans built on PII, or an individual’s “unique identifier” that might track them throughout their educational journey, concerns about protecting student data will continue to grow. Broadly speaking, we strongly recommend you err on the side of caution when it comes to PII. Make an informed, contextual decision on a case-by-case basis, and never be afraid to ask the tough questions.

 

If you would like to discuss these complexities with one of our team’s school safety experts, please contact us at “safety@joffeemergencyservices.com”.