Data Privacy: Rights and Wrongs

Principals must help teachers build the skills necessary to protect student information.

Topics: Ethical Leadership, Education Data

A teacher struggling to address a resource gap due to lack of funding spends her own money to subscribe her class to an app that facilitates communication with families. Another—aligning his work with the principal’s encouragement for teachers to create data displays—fashions an elaborate bulletin board with student data trackers so he and students can visualize and celebrate success and progress. A teacher and a counselor chat about a student’s behavioral challenges over coffee in the teachers’ lounge as members of the PTA work nearby.

Rarely do educators intend to violate student data privacy, but it does happen—typically because of lack of knowledge of privacy laws, lapses in awareness about best practices in data privacy, or misunderstandings about the effective and responsible use of data.

Leadership matters when it comes to data-driven decision-making (DDDM). What school leaders say and do establishes the foundation for a healthy—or toxic—climate surrounding data use and privacy practices. How leaders talk about and model data use are essential to establishing and sustaining a positive data culture and in shaping how data is used in schools.

Sharing the Burden

The job of principal is already complex. Given everything they are tasked with, principals can’t use data well if they try to shoulder all of the data use burden alone; they must build teachers’ capacity to use data ethically and effectively. Here, principals face a two-pronged challenge: First, they have to constantly refresh their own data literacy and understanding of data privacy practices, and second, they have to help teachers build data literacy, including knowledge of laws, policies, practices, and ethics.

To springboard thinking around approaches to working with teachers on DDDM, data privacy, and ethics, we suggest that leaders adopt a four-part strategy.

Strategy No. 1: Create a Learning Culture Around Data Privacy

Administrators who are adept at working with teachers around data are intentional about building their own knowledge related to data ethics and privacy. Overly brief or infrequent Family Educational Rights and Privacy Act (FERPA) trainings are insufficient for understanding quickly evolving threats to data privacy and how the act intersects with advances in technology. Leaders must commit themselves to ongoing learning about data privacy legislation such as FERPA and the Protection of Pupil Rights Amendment (PPRA) and engage faculty and staff in conversations about what the legislation means for everyday data use, from individual data access to requests to share data with volunteers and community partners.

The goal of safeguarding data privacy is to mitigate risk—threats of data breach, improper access to or sharing of data, or unauthorized release that causes harm. Harm can be financial (identity theft), physical or psychosocial (enabling bullying or harassment), or even judicial (using data with a deficit lens that contributes to the school-to-prison pipeline).

To mitigate risk, leaders need to build cultures in which admitting gaps in knowledge or asking questions is not only accepted, but invited. The more leaders and educators speak a common language around DDDM and data privacy, the lower the risks.

Leadership power-up tip

Fold reliable resources into DDDM/privacy training. To build capacity around understanding FERPA, PPRA, and other privacy-related laws, examine the free resources provided by the Privacy Technical Assistance Center ( and the Future of Privacy Forum (FPF) Student Privacy Compass ( Both sites offer resources to build leaders’ knowledge around privacy and can be used in faculty professional development and professional learning communities (PLCs) to strengthen learning.

An additional set of resources designed for use in faculty professional development or PLC structures is a series of practice-oriented teaching scenarios developed by FPF and nonprofit research, development, and services agency WestEd. The resources are available free of charge at and provide an overview of pertinent laws, best practices, and numerous hypotheticals that can be used to deepen knowledge about data privacy among teachers.

Strategy No. 2: Model Ethical, Asset-Focused Data Use

Social learning theory suggests that people learn what they live, and teachers often replicate patterns of data use they observe in leaders or those they see leaders recognizing and rewarding. But leaders might replicate constructive (effective, ethical, asset-framed, and learning- and improvement-oriented) or destructive (gaming/triage, deficit-framed, accountability-oriented) DDDM, depending on their professional experiences.

Leaders set the tone for data use by making clear that data should be used for continuous improvement and that the purpose of DDDM is to inform deep dives that uncover the root causes of educational issues. Data used only for accountability system mandates can underserve and marginalize vulnerable students, however, in addition to short-circuiting actual data-driven improvements.

Leadership power-up tip

Diversify leadership teams; invite criticism and questions. In “Five (Good) Ways to Talk About Data,” an article from the Association for Supervision and Curriculum Development, Amanda Datnow and Vicki Park suggest leaders can mitigate data misuse by building a leadership team that provides diverse perspectives and invites pushback, questioning, and double-checking of data and inferences drawn from data. Groupthink when using data can threaten validity of interpretation and set teams on a course that leads to approaches that address symptoms rather than root causes. Leaders should make a habit of asking, “What am I not seeing here?,” “What is another way to interpret this?,” and “Is this a symptom or a root contributor?” Root-cause analysis can be useful with leadership teams and PLCs.

Strategy No. 3: Make Expectations for Data Privacy Processes and Practices Explicit

Meeting students’ complex needs means that DDDM can’t focus strictly on testing data. School leaders must help teachers and staff use and collaborate around diverse data sources, including data related to motivation, well-being, behavior, health, transportation, special program status, and more. Sometimes this means sharing data (appropriately) with school partners, substitutes, and even volunteers, depending on the situation. Knowing how to access and use data, and under what conditions data can be shared appropriately with others, are crucial components of understanding and addressing a range of student needs.

To engage in the “new” DDDM, educators need the knowledge, skills, and dispositions to use data responsibly and ethically. Teachers need consistency in expectations for data use, and for these expectations to be tightly aligned with schoolwide practices and policies. Leaders can achieve this by using consistent language around DDDM, connecting privacy practices to data chats in the regular course of practice, and establishing supports such as checklists, reminders, and collaborative dialogues with data coaches and instructional technology specialists.

Leadership power-up tips

Make DDDM practices and procedures explicit and routine. Leaders can bolster consistency of expectations by making components of data privacy practice a standing agenda item in faculty meetings. District policy reviews and practice discussions can build upon the teacher data privacy scenarios mentioned or concentrate on aspects of FERPA and PPRA. Other topics ripe for discussion include:

  • When and how can pertinent data be shared with short- and long-term substitutes?
  • How can various data systems be accessed and by whom?
  • What is the procedure for requesting data to which an educator does not already have access?
  • When and how can data be shared with community partners (such as tutors), or with volunteers (e.g., reading buddies, classroom “parents,” or field trip chaperones)?
  • These discussions should include staff beyond teachers when appropriate, since other school personnel (e.g., attendance clerks, nurses, administrative assistants, and educational assistants) often use student data.

Watch app use carefully. One topic that no leader can afford to ignore is when and how teachers can use educational technology applications. Well-meaning teachers might pay for apps they find beneficial, but apps and websites that require the provision of student data—or which will be used by students—must be appropriately vetted (typically by district IT personnel). Without that process in place, there is a risk that apps will collect or “scrape” data for use in ways that violate data privacy laws.

Strategy No. 4: Support Evidence-Based Practices for Developing Data Literacy

Ironically, some DDDM practices are misaligned with broader evidence on what it takes to make DDDM work. For example, a fairly common practice is a whole-faculty data meeting in which teachers dig into accountability exam results. While perhaps helpful for a quick system check, DDDM research says data-use efforts work best when focused on specific problems of practice identified by data teams at various levels (schoolwide, departmental, grade-level). These “deep data” practices unfold over time and focus on identifying and addressing contributors to root problems.

Inquiry models (such as PLCs) are particularly helpful in supporting good data use, yet PLCs can devolve into shallow reviews of data, rather than teacher-driven inquiry into problems of practice. To enable the kinds of collaborative, reflective, improvement-oriented DDDM that’s useful in improving a range of student outcomes, leaders should provide the resources research suggests are critical for effective data use. These include data coaches, professional learning in the use of data that’s directly connected to teachers’ daily work and the students they serve, and dedicated time for teachers to examine data and problem-solve collaboratively.

Leadership power-up tip

Employ DDDM practices that have a robust evidence base. First, structure dedicated time for data use outside of established conference periods, and avoid stacking duties on top of time set aside for PLC DDDM work. DDDM that focuses on understanding and solving problems requires thoughtful attention that isn’t always available when teachers have to fit data training in among frequent interruptions.

Second, take stock of how PLCs are structured. For PLCs to flourish, teams must be able to define problems, examine evidence, test solutions, and evaluate results. Reconceptualize data as a tool to use in becoming the school the staff aspire for it to be.

Sustaining Effective, Responsible Data Use

Data privacy and data ethics are complicated topics. The strategies and power-ups outlined here can help leaders hone their work with teachers to secure data privacy schoolwide. The DDDM landscape has gotten more complex with the proliferation of diverse data sources and the evolution of ed tech. It’s important for leaders to sustain a learning journey around data privacy and data ethics.

One thing that’s clear across decades of data use research? Leadership matters. As goes the school leader, so goes the use of data at a campus or in a district. A repertoire of strategies and resources such as those described above can make a daunting yet critical task accomplishable.

Ellen B. Mandinach is a senior research scientist with WestEd.

Jo Beth Jimerson is a professor of Educational Leadership at Texas Christian University in Fort Worth, Texas.