A new study from Fordham Law School expected to be released on Friday reveals that as schools begin to move more student data into the cloud, they are neglecting to make sure that privacy protections are in place. According to the Center on Law and Information Policy at Fordham, protecting student information is rarely a priority when using online services.

The New York Times reports that:

Many contracts, the study found, failed to list the type of information collected while others did not prohibit vendors from selling personal details — like names, contact information or health status — or using that information for marketing purposes.

The main concern is that local and federal policies on education technology privacy are not keeping up with the rapidly iterating tech industry, and if explicit rules as to how data about a student can be used are not in place, they might be used to a student's detriment for things like the college admissions process.

Current legislation requires parental approval before a school can share a student's records, although an exception exists for companies and services that the school utilizes. However, even that exception requires school's to have complete control over how companies harness such data.

In the Fordham study, less than half of the 54 school contacted could produce their contracts with technology vendors in a timely fashion, while others had problems tracking down someone familiar with their district's terms.

The concern over students' privacy will only grow in the coming years. In New York, state senators and residents are debating a program to turn over the school records of 2.3 billion students to a privately-owned cloud computing service based in Atlanta.