A Primer on Data Privacy for Your School

Vol. 16 No. 7

PSN eletter vol15 no7 datasecurity

In a recent survey of more than 1,000 education technology vendors, only 56% encrypt login and personal information—such as usernames, passwords, and other personally identifiable information—on their websites.

This is a stunning statistic. Many schools have begun to incorporate education technology (edtech) into their day-to-day lives, such as using computers and tablets in the classroom, illustrating lesson plan points with video, and even replacing textbooks with online modules. Analysts anticipate that the edtech market will reach $252 billion globally by 2020.

As schools embrace new technology, it’s clear that the burden to ensure data privacy and mitigate risk falls at the school level. There are two main concerns when considering technology privacy in your private-independent school—protecting student, faculty, and staff information and safeguarding how students use school-owned technology.

Keep Your Data Secure

Your school may have set up content filters, implemented blacklists, and even established “cyber geo fences” to ban offending websites. However, not all privacy threats come from hackers.

We previously reported that many free online education tools collect student data and resell it to the highest bidder. Advertisers who purchase this data use it to customize their marketing to appeal directly to young consumers, blurring ethical lines around age and advertising.

Administrators must mitigate exposure to tools that collect student information. Be sure that any online learning tool uses SSL (Secure Sockets Layer). SSL is an encryption layer that provides assurance that a site is legitimate, the connection hasn’t been modified by a third-party, and no one is intercepting information between the user and the site. An easy way to tell if a site is using SSL is by looking at the URL—If it begins with “https,” it’s using SSL. If it begins with “http,” it isn’t.

Also remember to check the Student Privacy Pledge when researching products, applications, or services. The pledge has been signed by over 330 companies and organizations, including Apple, Google for Education, the Khan Academy, and Microsoft, all dedicated to safeguarding student privacy.

Further protect student privacy by reading the full “legalese” on every product and service used in the classroom and by the administration. Make sure you know what information will be collected and how it will be used. It also can’t hurt to have a lawyer review the documentation as well.

Ensure Safety With School-Owned Technology

Securing school-sanctioned tools on your school’s campus is vital, but administrators must also protect school-owned technology that students take home.

One study shows that 75% of students in grades 3–5 and 58% of students in grades 6–8 are allowed to bring classroom devices home. Many home networks don’t have the same encryption settings as those found on a school’s campus.

Furthermore, many students today are digital natives who are extremely comfortable using devices. There is always the possibility that they could visit inappropriate sites or accidently access malware when surfing the web.

Therefore, it’s a good idea to install operating filters directly on each student’s device to safeguard usage both on- and off-campus.

It’s also imperative to educate students concerning their own Internet safety. Students and their families need to understand the issues around privacy, the consequences, and how to protect themselves.

Consider creating a list of school-approved programs and applications that have been thoroughly vetted and the privacy policies of each. You can share it with students and parents on your school website, through newsletters and e-blasts, or in your student handbook.

The intersection of technology and education continues to deepen. Focus on these issues today to avoid privacy breaches tomorrow, mitigating potential risk and keeping your students’ data secure.

ISM's Directors & Officers Liability Insurance (D&O) policies, which include Employment Practices Liability, are specially designed to offer expanded protection for the ever-changing needs of private schools. Learn more about ISM's D&O policies here.

Additional ISM resources:
The Source for Private School News Vol. 16 No. 1 “Free” Doesn’t Mean “No Cost”—The Siphoning of Student Data to Advertisers
The Source for Trustees Vol. 16 No. 2 Classroom Apps, Technology, and Privacy Concerns

blog comments powered by Disqus
Connect with ISM: