For that reason, student information cannot be disclosed without parent consent, except if it is for a legal obligation. Cohen said, "There are also provisions that permit disclosure to researchers and service providers, contractors, and consultants provided that they serve an institutional function." That seems like a lot of loopholes.
Though the reality is that student data is no more vulnerable than any other data, their information is much more protected because of FERPA and other federal and state regulations, but, "one big law to cover many different industries would be great," said Herold.
As more educational technology products are created and marketed to the K-12 sector, laws and regulations continue to pop up that are directly targeted at these third-party providers, particularly since these vendors and contractors can "provide and maintain a more sophisticated system of records more easily, accurately, and securely," Cohen said.
"Privacy is about protection and proper handling of data," Leong said. While data analysis has the potential to determine best practices for increasing student performance, privacy advocates are not willing to sacrifice their children's privacy for the possibility of higher test scores.
"Amending FERPA" is a good step, said Herold, "but it doesn't go far enough to address all the types of data that can be collected. Why don't we make FERPA all encompassing, focus on all student privacy issues?" The answer is in the lobbying, Herold suggested, because reusing data that users put out there is big money.
But with an ever evolving market, do regulations, especially those with loopholes that are only sector specific do anything to protect privacy?
Regulations matter because, "insecurity is too cheap," said Schneier. "What we need are very strong rules requiring companies to protect the data they have." He used the analogy of polluting a river in arguing that short of strict regulations and harsh consequences, little is going to change around privacy issues. The suggestion is that people are only as just as the law requires them to be. "This isn't a sound bite problem. What we have is a market failure. The way we fix a market failure in a market economy is through regulation. We need to raise the cost of insecurity," Schneier said.
Sign up for CIO Asia eNewsletters.