4 minute read
Security
EDUCATORS & ED-TECH: STEWARDS OF PRIVACY
Advertisement
Holly Hawkins
The use of educational technology is growing at an astounding rate in the U.S. and that growth raises privacy concerns from students, parents, teachers, and administrators regarding the collection and use of their data. In response to these concerns, a complex legal landscape is unfolding, including the passing of state-specific student data privacy laws that join the long-standing federal laws: the Children’s Online Privacy Protection Act (COPPA) and the Family Education Rights and Privacy Act (FERPA).
As the legal landscape accelerates to catch up with the growth of technology use within schools, an enormous burden is being placed on both educators and ed-tech companies to be responsible stewards of student data. Schools bear the responsibility to ensure that they are using compliant educational technology and, in turn, ed-tech companies must deliver products and services that comply with student data privacy laws. This is no easy task.
Educators: Protecting Student Data
Educators working to enhance the learning environment by introducing educational technology and learning resources to students and schools are uniquely positioned to help improve student data privacy and security. In order to do so, there are three steps to take:
STEP 1: EDUCATE THE INDIVIDUALS IN THE ORGANIZATION ON:
• How digital platforms access and use information • How digital platforms handle security and privacy • Importance of privacy
practices with student information • Risks of non-compliance with student data practices, privacy law, and policy
This first step will take the longest to accomplish, but is also extremely important. Because most people do not understand how digital privacy works, nor how digital data is stored and used, the first step is to teach them. Through workshops, presentations or training seminars, the organization has to educate all of its members about the use of digital platforms in
education, the challenges and risks it presents around protecting the privacy of student information, the risks of all non-compliant digital platforms and why it is important to foster a positive digital culture.
Because organization members now understand the risks of digital platforms and privacy, they will be the most valuable part of the team in identifying what noncompliant digital technology is being used.
STEP 2: EVALUATE CURRENT PRACTICES BY ASKING:
• What digital platforms are being used in class or related to students in any context? • Who is entering in student information and what is the current protocol for recording all forms of student information? • Have the digital platforms been evaluated for privacy compliance? • Which digital platforms are used most often and need to be evaluated first? What is the order, in terms of priority, of the remaining platforms?
This second step will require less time to accomplish than the first, but is also critical to success. Because organization members now understand the risks of digital platforms and privacy, they will be the most valuable part of the team in identifying what noncompliant digital
technology is being used. They can identify important practices like what apps they use, what programs and platforms do individual sites use, and where are the connections between student information and record keeping most frequently done. Once this step has been accomplished by gathering all of the related information, the team is ready to work on the next step.
STEP 3: IDENTIFY CERTIFIED PRODUCT
• Have all current products evaluated with a manual and technical assessment to ensure privacy policies and practices align and contracts are compliant.
For the last step, the team will develop a process to make sure the best privacy compliant products are used.
Educators working to enhance the learning environment by introducing educational technology and learning resources to students and schools are uniquely positioned to help improve student data
privacy and security by requiring the products be assessed for compliance with applicable laws. This assessment should be conducted by a third-party, privacy professional.
The assessment must go beyond a product’s posted terms of use and privacy policy and include a deep-dive into product functionality to understand how information is collected, used and shared. There are a number of reasons for this: nuances in language, posted policies don’t always reflect actual practice, and/or full product functionality has not been adequately reflected. Furthermore, analysis of the company’s security practices must be conducted to verify if the appropriate physical, technical and administrative controls are in place.
With these steps in place and strategically followed, student data will be better protected across the country’s school districts.
For more information on iKeepSafe and our services, please visit us at ikeepsafe. org/SEENmag or send email to privacy@iKeepSafe.org.
iKeepSafe has developed a privacy certification program to help schools easily identify and use responsible ed-tech products and services, and to help ed-tech companies become compliant with student data privacy laws and communicate their compliance with schools.
iKeepSafe offers education technology companies privacy certifications for COPPA, FERPA and state-specific laws such as California’s SOPIPA and AB1584.
Holly leads iKeepSafe’s Privacy & Security program with a focus on strengthening protections for student data within educational environments, among other areas. She is a passionate advocate for the protection of children with more than 20 years’ child safety experience in both for profit and nonprofit sectors. Holly has developed national prevention programs, designed best practices for youth protection and privacy, and built national awareness campaigns.
