Crowdfunding and School Board Policy

“Crowdfunding” is the practice of funding a project by raising relatively small amounts of money from a large number of people, usually via the internet. In schools, crowdfunding helps teachers and schools to obtain funding and supplies.

Online Crowdfunding and How It Works

Crowdfunding websites vary in how they raise funds. Some well-known crowdfunding websites include GoFundMe, Adopt-A-Classroom, Kickstarter, Incited, and Donors Choose. Some of these websites will raise money and transfer it directly to the teacher or the school district. Other websites will raise money toward the desired products, which will be shipped to the school when the items are funded. This way, the teacher or school never receives any cash at all. Websites further differ in the amount of support and advice they will give teachers or school districts in securing these donations.

Ohio Auditor of State

In July 2018, the Ohio state auditor released a report titled Crowdfunding Classrooms, which was the outcome of a widespread survey of Ohio’s schools. One-fifth of Ohio districts responded to the survey. Among the districts that reported, the auditor found the following statistics related to crowdfunding policies and use of funds:

  • 55.4 percent prohibit crowdfunding
  • 59.0 percent have no crowdfunding policy
  • 26.2 percent don’t know if teachers are using crowdfunding
  • 56.2 percent of those who permit crowdfunding don’t know the amount raised in the last 12 months

Auditor’s Recommended Best Practices

The auditor suggests in its report that schools work with legal counsel and adopt a policy that incorporates as many of the following safeguards as possible:

  • Require that all campaigns be reviewed and approved by administration
  • Direct administrator to ensure proposal does not violate any federal/state law
  • Designate permissible crowdfunding websites
  • Require donations to be used for the stated purpose
  • Prohibit donations without board approval
  • Establish all donations as property of the school
  • Enter donations promptly into district inventory
  • Deposit into district bank accounts

Furthermore, the auditor recommended that every policy include the following financial controls:

  • Require that all crowdfunding campaigns be listed under the school’s name
  • Specify that donations are the property of the school district and paid directly to the district and not to the teacher
  • Require documentation of donations in financial ledgers for monetary donations or inventory for items

General Policy Guidelines

Districts should have a policy that dictates who may raise funds and which crowdfunding platforms may be used. A policy to ban crowdfunding minimizes risk to school districts, but it would also force districts to forego many of the potential benefits. Such a ban on crowdfunding may also be difficult for school districts to enforce. A ban on crowdfunding would require policing all of the crowdfunding platforms to ensure that the policy is being followed.

A policy that allows crowdfunding creates risk, but this risk can be minimized with the right safeguards in place so that schools can reap the benefits of crowdfunding. This policy should ensure that the school is not violating any state or federal laws, the money is properly accounted for, and the donations and materials are appropriate for the district.

A district’s policy should include a prohibition against any funds going directly to teachers. All funds raised should be in the name of the board of education and should be treated like any other funds of the board – accounted for and deposited in accordance with policy and state law. Donated funds should be used only for the purpose for which they were donated. Additionally, no student or teacher should receive a benefit from crowdfunding that is proportional to the level of participation by the teacher or student in raising the funds.

A centralized approval process for crowdfunding campaigns is recommended. Requiring an administrative review and approval of all proposed crowdfunding campaigns will provide safeguards against accidental violations of student privacy laws and will ensure the content and goals of the crowdfunding proposal are appropriate. For example, crowdfunding campaign materials that include a photo of a classroom with the students could violate privacy laws. Descriptions or narratives that reveal personally identifiable information also violate confidentiality. Additionally, administrators will want to ensure that the crowdfunding proposal does not imply that the district is falling short of its state and federal obligations, which may prompt inquiry by a regulating body.

Considerations

Some existing sources of law are implicated by crowdfunding performed by public school districts in Ohio. The Ohio Revised Code mandates that all money be deposited with the treasurer within a specified time (R.C. 9.38). Specifically for public schools, R.C. 3313.51 establishes that the treasurer of the board of education is the treasurer of all school funds. This is important because the treasurer could be held liable through a finding for recovery for any unaccounted funds. For this reason, the treasurer’s office should be part of the crowdfunding process.

The Ohio attorney general has issued an opinion (OAG Opinion 85-085) that donations must be used for the purposes stated in a crowdfunding campaign. Ohio ethics law (R.C. 2921.43) includes some important considerations. Employees are not permitted to accept additional compensation for performing their duties. (OEC 2008-01). Teachers should not divert any amount of the funds raised for personal gain, as an administrative fee or for any other reason. Remember that any funds and items donated are school district property.

FBI Issues Public Service Alert, Warns of Student Privacy Risk

On September 13, the Federal Bureau of Investigation (FBI) issued a public service alert to raise awareness of cybersecurity concerns for K–12 students. While education technologies have helped to engage community involvement and improve the educational environment, security risks lurk beneath the surface. Large amounts of student data are collected and stored online, and this data is at risk of compromise or exploitation if not stored securely enough to escape hackers.

Education technologies include software programs and online apps used in classrooms, mobile apps to enhance the learning experience, administrative platforms that assist educators and administrators with class and school management, and others. At-risk data collected by ed-tech can include students’ personally identifiable information, behavioral and disciplinary information, academic records, biometric data, geolocation, and more. The FBI warned that malicious use of this data can lead to social engineering – using deception to manipulate people into disclosing confidential or personal information – identity theft, bullying, tracking, and other means of targeting children.

School Security Hacks in 2017

The FBI’s alert included reports of two serious security breaches in 2017. In the first, multiple school districts’ servers across the country were hacked, giving the hackers access to student contact information, education plans, medical records, and counselor reports. This information was then used to contact, extort, and threaten students with physical violence and release of their information. Parents received text messages, and students’ private information was publicized and posted on social media, giving child predators access to new targets.

Additionally, two large ed-tech companies were breached in 2017, resulting in public access to the data of millions of students. One of the companies had stored their data on public-facing servers, and breached data from the other company was posted for sale on the dark web.

FBI Recommendations

The FBI recommends that parents be aware of student privacy requirements, discuss ed-tech with their local school districts, conduct research for support and additional resources, research security breaches to inform of vulnerabilities, consider monitoring credit for identity theft, and conduct regular internet searches on their children.

Issues for Schools

Always at the bottom line, additional security costs additional money. Schools that face budget decisions and scarce resources for internet security may prioritize value-added expenditures over those with no visible benefit, such as cyber security.

School District Legal Requirements

School districts should know and consider legal requirements when adopting ed-tech resources and considering the importance of cyber security.

The Family Education Rights and Privacy Act (20 U.S.C. § 1232(g); 34 CFR Part 99) as well as state law (R.C. § 3319.321) and board policy place stringent restrictions on how “student records” must be maintained and protected. Board records retention schedules require districts to maintain certain types of records for years, if not permanently. Staff should be trained to understand what constitutes an education record as well as state and federal laws and board policy that limit release and maintenance of student records.

The Children’s Online Privacy Protection Act (15 U.S.C. § 6501–6506; 16 CFR Part 312) imposes requirements on operators of websites, internet services, and apps directed to children under age 13 and on operators that have actual knowledge that they are collecting personal information online from a child under age 13. The purpose is to give parents control over their children’s information that is collected online by seeking parental consent. Schools that contract with third-party websites or apps solely for the benefit of students can consent to data collection and the use or disclosure of students’ personal information by acting as an agent on the parents’ behalf. Such consent is restricted to educational purposes only. Additionally, at the school’s request, the operator must provide a description of the types of personal information collected, the opportunity to review the child’s personal information and/or have the information deleted, and the opportunity to prevent further use or online collection of a student’s personal information.

Tasked with enforcing COPPA, the Federal Trade Commission recommends that schools or districts – not teachers – decide whether a provider’s information practices are appropriate. Districts should have a centralized process to assess these practices. The FTC cautions that schools should know how student information is collected, used, and disclosed. Districts should also ensure that these operators appropriately protect the security, confidentiality, and integrity of student information and should understand the operator’s data retention and deletion policies.

The Protection of Pupil Rights Amendment (20 U.S.C. § 1232h; 34 CFR Part 98) requires that districts adopt policies and provide direct notification to parents at least annually regarding the specific or approximate dates of activities involving the collection, disclosure, or use of students’ personal information for the purpose of marketing or selling that information (or otherwise providing the information to others for that purpose), as well as the parents’ right to opt out of these measures.