Privacy concerns with online IEP services

The switch to virtual learning during the COVID-19 pandemic raises numerous privacy concerns under the Family Educational Rights and Privacy Act and the IDEA. Here's how educators can prevent privacy breaches while providing special education online.

The quick switch to virtual learning due to the COVID-19 pandemic has raised numerous concerns related to student privacy under the Family Educational Rights and Privacy Act, the Individuals with Disabilities Education Act, and other federal laws. While educators have good reason to worry about the potential privacy violations that may occur during online instruction, this shouldn’t discourage districts from providing special education and related services to students with disabilities.

Under both FERPA and the IDEA, a district must generally obtain prior written parental consent before disclosing personally identifiable information derived from students’ education records to third parties. 34 CFR 99.30(a)(1); and 34 CFR 300.622(a)

Additionally, the IDEA obligates districts to protect the confidentiality of personally identifiable information (PII) pertaining to students with disabilities that is collected, stored and used by school officials. 34 CFR 300.623(a)

At first glance, it may seem impossible for districts to comply with these privacy requirements as teachers working from home prepare to deliver IEP services through a computer or other electronic device. However, districts can protect the confidentiality of PII while meeting the needs of students with disabilities if they take certain precautions.

Consider these tips for educators:

– Use videoconferencing platforms that offer security. One of the first steps educators must take to protect student privacy is to use videoconferencing apps and services that prevent unauthorized individuals from entering the virtual session.

If a special education teacher must provide one-on-one reading services to a student with dyslexia, for example, the district should select a videoconferencing app that will allow the teacher to “lock” the classroom once she and the student have connected. That way, no other students, parents, staffers, or other individuals can enter the virtual session and learn about the students’ special education status or hear other sensitive PII. See also Protecting Student Privacy While Using Online Educational Services: Requirements and Best Practices (EDU 2014).

– Use headphones or earphones. It might be difficult to prevent disclosures of PII if others in a teacher’s home can listen in while the student speaks during an instructional lesson. To prevent confidentiality breaches that may occur this way, educators and service providers should connect earphones or headphones to their computers to ensure that only they can hear a student’s feedback.

– Modify your home workspace. A productive small-group or individual session may quickly result in a FERPA and IDEA violation if the teacher’s sibling suddenly enters the room to watch television and sees parts of the lesson. Teachers should carefully consider their home workspaces and take steps to improve the privacy of their online classrooms.

For example, the downstairs living room may not be the best place for a teacher to provide instruction to her class of special education students, especially if other family members frequent that space during the day.

Instead, the teacher could move her laptop or computer to an upstairs bedroom and close the door before she begins the day’s lesson. If the teacher lives in a small apartment, she could set up partitions in a corner out of hearing distance to block others from seeing or hearing her students.

– Set a schedule for instruction and services. Another way to prevent inadvertent disclosures of PII is to establish a schedule for instruction and plan around that schedule. This may help prevent family members from entering the teacher’s workspace while she provides services to a student with a disability.

A speech pathologist, for instance, may ask a spouse to entertain her children with a board game for two hours during the day so she can provide 30-minute speech sessions to four different students during that time block.

Consider these tips for working with families:

– Collaborate with the parents. Privacy breaches may occur if a student’s PII is disclosed to unauthorized individuals in the student’s home. Although FERPA and the IDEA give parents the right to access their children’s education records, they do not afford the same right to siblings, grandparents, and other extended family. See 34 CFR 99.10(a); and 34 CFR 300.613(a).

Teachers should work with parents ahead of time to ensure that they will be the only individuals present in the home or the room while the student receives the services outlined in his IEP.

– Obtain consent if appropriate. There may be instances where it may be impossible to prevent all disclosures of sensitive student information. For example, perhaps a student will need to receive services in the same room as his cousin because they both need a wired connection to the internet. In those circumstances, the district should consider requesting and obtaining electronic consent from the parents in case PII is accidentally disclosed during instruction. See 34 CFR 99.3.

Note: While these tips do not necessarily bar parents from filing an IDEA due process complaint or a FERPA complaint to the Student Privacy Policy Office for alleged privacy breaches, they may help districts reduce incidents of inadvertent disclosures. Districts should consult legal counsel to determine what steps may be necessary to protect student privacy in specific situations.

Amy K. Onaga, Esq., covers special education legal issues for LRP Publications.

For more information on the documents listed above, visit the website Special Ed Connection, a DA sister publication available by subscription. 

Most Popular