Data Privacy Is at the Heart of What We Do.

At PowerSchool, ensuring student equity, privacy, and access to good quality education is our top priority and is foundational to everything we do. 

PowerSchool connects students, teachers, administrators, and parents, with the shared goal of improving student outcomes.  

Even so, many parents and other stakeholders may not be aware of our role in their child’s education and how K-12 schools and districts depend on education technology vendors, like PowerSchool, to act responsibly as data processors of student education records.  

At PowerSchool, our main goal is partnering with schools and districts to help ensure educators, administrators, and students are supported no matter where, or how, teaching and learning takes place. This includes providing the tools educators need to better support their needs and improve operations all with real-time access to the meaningful data needed to better understand and proactively support students.  

PowerSchool’s Commitment to Student Data Privacy   

The protection of student education records is an obligation PowerSchool assumes very seriously.

PowerSchool’s mission is to power the education ecosystem with cloud-based software that helps educators and students realize their full potential, in their way. We license our products and platforms to help process data on behalf of educational institutions. PowerSchool customers own their student and school data. We do not sell student or school data; we do not collect, maintain, use, or share student personal information beyond what is authorized by the district, parent, or student.  

Local schools, districts, or state departments of education obtain voluntary consent from parents of children, and control and manage the data they collect. A vendor, like PowerSchool, contracts directly with the school district to provide tools and a cloud-based platform where the data may be stored securely and processed at the direction of the school for valid and consented to educational purposes. 

PowerSchool also strictly and proactively follows legal, regulatory, and voluntary requirements for protecting student privacy including the Family Educational Rights and Privacy Act (FERPA), state regulations, and the Student Privacy Pledge. 

Security’s Role in Data Privacy 

The digital transformation of education has been accelerated by the pandemic and educators are looking to technology to support the needs of students and teachers. This transformation naturally leads to valid questions about the strength of an education technology business’ information security protocols. In addition to our commitment to ensuring data privacy, PowerSchool has independently verified its security management system to the third-party audited, internationally recognized standards for security management systems, achieving the ISO:27001 certification and SOC2 – the gold standard data security certification for business service providers. As cyberattacks focused on schools and districts continue to persist, knowing a vendor’s dedication to security controls necessary for maintaining these certifications, along with data security training and protocols in place at the schools, should give one piece of mind.  

On the privacy side, common concerns relate to fear that student education records may be used for non-educational purposes. That’s why it’s important to know what data processing vendors are doing with student education records. Reading a vendor’s privacy statement can answer your questions. At PowerSchool, we do not provide student data to any third party, unless instructed to do so by the district. Because not all vendors act the same, it is important to know some of the basics as it comes to the legal landscape for data privacy laws impacting student education records. 

An Everchanging Landscape: FERPA, GDPR and the Growth of State Privacy Laws 

In addition to understanding an organization’s independent privacy statement, it’s also helpful to understand the various state and federal guidelines and regulations that they follow. PowerSchool strictly adheres to all privacy laws that have been put into place over the last few decades in the U.S. and the EU, including: GDPR, FERPA, COPPA and SOPPA. 

Many may have heard of the European Union’s (EU) General Data Protection Regulation (2016/679) (GDPR). GDPR is an EU data protection and privacy law based in part on the expression of data privacy as a human right in Article 8(1) of the Charter of Fundamental Rights of the European Union. This is important as it explains the EU’s fundamental view of the personal right for an individual to be able to control the data about themselves. 

This is not the paradigm we have in the United States where privacy is not even mentioned in our United States Constitution. Privacy grew out of the idea of a “right to be left alone” (See The Right to Privacy, 4 Harvard L.R. 198 (1890)). Nevertheless, there are multiple agencies and regulators who now play a significant role in regulating how federally-funded and private organizations behave when it comes to personal information. As it comes to student data, there are typically two key federal laws people point to:  

1. The Federal Education Rights and Privacy Act (FERPA)  
2. The Children’s Online Privacy Protection Act (COPPA) 

FERPA, signed into law on August 21, 1974, by President Gerald Ford, came into being out of a distrust of government and an outcry for increased transparency. The law limits access to student education records.

COPPA, was signed into law in 1998 by President Bill Clinton in response to the growth of online activities in the 1990s. The law applies to the online collection of personal information by persons or entities under U.S. jurisdiction “targeted at children under 13 years of age.”

It is important to note that many U.S. states have or are considering their own data privacy laws. The laws enacted in Colorado, California, and Virginia do not focus on student data. As an example, one exception is Illinois’ Student Online Personal Protection Act (SOPPA), the student data privacy law that regulates students’ covered information by schools, the Illinois State Board of Education, and education technology vendors. Another example is the California law Student Online Personal Information Protection Act (SOPIPA). Which, unlike FERPA imposes liability to operators of websites targeted at K-12 for certain prohibited actions.  

Taken together, these existing laws, and the ones likely to come, all seek to ensure parental consent is obtained, and the records are protected from unintended uses.

Guidance for Concerned and Caring Parents

The information and laws pertaining to student data privacy can be overwhelming. Parents can ask questions of their districts and take the time to read applicable privacy statements. Parents can also find out whether any education technology vendors used by their child’s school or district are signatories of the latest Student Privacy Pledge – an initiative led by The Future of Privacy Forum (FPF) and The Software & Information Industry Association (SIIA) to safeguard student privacy regarding the collection, maintenance, and use of student personal information.

As an education technology vendor committed to ensuring data privacy and security, we welcome you posing these questions to the districts. It is important they be prepared to address any parent questions. Fortunately, we’ve seen our school and district customers become more aware and diligent about privacy. 

We also communicate daily with our customers to ensure they have the information they need to answer any questions. Our transparent privacy policy can be found at https://powerschoolstg.powerschool.com/privacy.

Looking forward, we remain focused on addressing the most critical issues facing K-12 education today and are committed to fulfilling our data security and privacy obligations to our customers, students, and their families. Together, we can continue providing schools and districts with the tools they need to ensure we can help improve outcomes for educators and students.