31 Matching Annotations
  1. Feb 2018
  2. Nov 2017
    1. What about FERPA? The student is controlling how much information is out there. Similar to a public blogging platform being run by a university, FERPA only requires that student records (and what constitutes a “record” is debatable) not be public unless a student gives permission. In this case if the student wanted to sign up and lock down their hosting they can certainly do that, no one is requiring them to make their information public. This also comes back to our strict privacy policy (see previous question)

      Interesting approach.

  3. Aug 2017
    1. our current practice and policy was on par with what universities needed. It then became an issue of specifically having a legally binding agreement that protected the universities, professors, and students.

      I really like this. "It's in our TOS but we're happy to sign something more/something legally binding."

  4. Feb 2017
    1. When a student begins attending a postsecondary institution, regardless of age, FERPA rights transfer from the parent to the student
    1. and developing solutions to real challenges

      Lots of mention of engaging in real world issues/solutions/etc. Is this at odds with the mandates of FERPA and privacy/security in general that govern ed-tech integration in education?

  5. Sep 2016
    1. rovider  will  store  and  process  Data  in  accordance  with  industry  best  practice

      Sounds like we're good here.

    2. d  Provider  has  a  limited,  nonexclusive  license  solely  for  the  purpose  of  performing  its  obligations  as  outlined  in  the  Agreeme

      Here we are good and much better than, say, Genius:

      When you post User Content to the Service or otherwise submit it to us, you hereby grant, and you represent and warrant that you have the right to grant, to Genius an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense through multiple tiers) to use, reproduce, publicly perform, publicly display, modify, translate, excerpt (in whole or in part), create derivative works of, distribute and otherwise fully exploit all Intellectual Property Rights in and to such User Content for purposes of providing, operating and promoting the Service or otherwise conducting the business of Genius.

    3.  all  intellectual  property  rights,  shall  remain  the  exclusive  property  of  the  [School/District],

      This is definitely not the case. Even in private groups would it ever make sense to say this?

    4. Access

      This really just extends the issue of "transfer" mentioned in 9.

    5. Data  Transfer  or  Destruction

      This is the first line item I don't feel like we have a proper contingency for or understand exactly how we would handle it.

      It seems important to address not just due to FERPA but to contracts/collaborations like that we have with eLife:

      What if eLife decides to drop h. Would we, could we delete all data/content related to their work with h? Even outside of contract termination, would we/could we transfer all their data back to them?

      The problems for our current relationship with schools is that we don't have institutional accounts whereby we might at least technically be able to collect all related data.

      Students could be signing up for h with personal email addresses.

      They could be using their h account outside of school so that their data isn't fully in the purview of the school.

      Question: if AISD starts using h on a big scale, 1) would we delete all AISD related data if they asked--say everything related to a certain email domain? 2) would we share all that data with them if they asked?

    6. Data  cannot  be  shared  with  any  additional  parties  without  prior  written  consent  of  the  Userexcept  as  required  by  law.”

      Something like this should probably be added to our PP.

    7. Data  Collection

      I'm really pleased with how hypothes.is addresses the issues on this page in our Privacy Policy.

    8. There  is  nothing  wrong  with  a  provider  usingde-­‐identified  data  for  other  purposes;  privacy  statutes,  after  all,  govern  PII,  not  de-­‐identified  data.

      Key point.

    9. Modification  of  Terms  of  Se

      We cover this in the TOS but not the Privacy Policy.

    10. rovider  will  not  use  any  Data  to  advertise  or  market  to  students  or  their  parents.  Advertising  or  marketing  may  be  directed  to  the  [School/District]  only  if  student  information  is  properly  de-­‐identified

      This I am happy to say we seem to have covered. I think it should be higher up in the policy statement. See my annotations in the "Hypothes.is Reading" group here.

    11. Data  De-­‐Identification

      Do we do this anywhere?

    12. all  Personally  Identifiable  Information  (P

      Does this include emails?

    1. minimize the data your product collects

      Seems like this is so.

    2. It is best to assume that the student information you collect in your app is statutorily confidential, unless it is de-identified

      So, does our pseudonym policy help us here? Students needn't use their real names. Are email addresses "de-indentified" information?

    3. data security features

      What would this mean?

    4. build privacy

      Does our groups feature cover it?

  6. Jul 2016
    1. Metadata that have been stripped of all direct and indirect identifiersare notconsidered protected informationunder FERPA because they are not PII.

      But this data is only interesting from a consumer angle if it is linked to individuals.

    2. In order to create studentaccounts, the districtor schoolwill likely need to give the provider the students’ names and contact informationfrom the students’ education records, which areprotected byFERPA

      The basic info that h collects does categorize as PI according to FERPA.

      So creating accounts without email addresses would be a way to circumvent FERPA.

    3. personally identifiable information (PII) from students’ education records from unauthorized disclosure.
    1.  Limit retention to what is useful.

      So what data does h retain?

      • username
      • email address

      Do annotations count as data?

    2. software is increasingly deployed from hosted services, as opposed to on a local district network

      So if data is hosted locally then it's less of/not an issue?

    3. (but not nonprofits)

      COPPA doesn't apply to non-profits?

  7. Dec 2015
    1. the hostile environments so many experience when it comes to experimenting locally with ed-tech versus an almost infantile trust in our corporate overlords when it comes to outsourcing.

      How are both these things happening at the same time, though?

    2. little to no impact on the tech giants to which many K-12 schools, colleges, and universities blissfully outsource their innovation.

      There must be some kind of other disconnect here, though. I've always been asked about FERPA--mostly by teachers and professors who have in turn been pressured by administrators. Surely this must enter into conversations with Google Pearson, et al.

    3. What constitutes an education record is a bit blurry, making FERPA the bat it has become internally to shut down most conversations about sharing publicly on the web.

      Yeah, this is the problematic side effect of FERPA: it works against public use of the open web, a skill necessary for our students to practice.