"When we looked at the content of these contracts, various elements that are essential to the school district to be in control of the data were missing," Reidenberg says. "Essentially what that means is the legal relationship the school district has established does not give the school district control once the third party gets it."
Yochum says although there have been no known data-related violations under FERPA to date, states "can and should" introduce new policies at the state level to build off of the federal law.
"We need parents and citizens to be clear and understand the policies that exist, and make sure they understand how their students' data is being used for the benefit of students' outcomes," Yochum says. "We need to just dispel the myths out there, and that's something we're working very hard to do."
Collecting student data is very valuable "if used wisely," Steyer says, because administrators and teachers may be able to develop more personalized instruction for students who are struggling. By analyzing certain data about the students, teachers can narrow down where students struggle and adjust their teaching accordingly.
"We want the data to only be used for academic and educational achievement purposes, not for marketing, not to sell them weight-loss pills or clothing or fast food," Steyer says.
In February, Common Sense Media plans to host a national summit in Washington, D.C., to outline practices they believe will better protect student information, such as setting tighter security standards to protect student information stored "in the cloud."
"It shows that privacy is a big deal, and most of all, that now student privacy is going to become a very important aspect of the proliferation of technology in classrooms," Steyer says. "And that can be taken care of, but you need state and local governance and education officials to put in place simple student privacy laws."