
Technology has
changed the way we teach, it has changed the way we communicate and it will
continue to change the way we learn and grow.
But so has privacy.
No longer can we assume
our children’s data is protected. We have to actually work to protect it.
Protecting
student data requires committing time, energy and resources towards the effort.
It is an on-going and ever-evolving process that when applied correctly, provides real
actionable insights.
Educators must
remain vigilant in ensuring data privacy is protected, one app and website at a
time. The sooner we acknowledge this, and act accordingly, the better off we
will be.
The Digitalization of Education
The amount of
online learning technologies available to students today is utterly astounding.
Just look at iTunes, and you will see that they have literally tens of thousands
of educational apps and websites available for immediate download.
Many of these technologies
have true potential to make a difference and improve student outcomes. While others,
if left unchecked, can pose real-life threats to students and schools.
It is now the
responsibility of school and district leaders to determine which apps and
websites are appropriate and safe for use in the classroom. But many are
finding this to be quite a difficult task.
School and district
leaders are adopting new learning technologies at breakneck speeds, and as a
result, many are coming to the realization that not all apps and websites are
created equal.
Thankfully, there
are laws in place to help govern this process. However, the lack of
accountability and enforcement is problematic. This kink in the system leaves
many doors open to misuse and abuse, exposing students and schools to unnecessary
risk.
This is a hard
truth. And it needs to change.
Protecting student privacy is an on-going
and ever-evolving process that demands time, attention and resources.
In order to protect
student data, school leaders must proactively commit to protecting it.
It means reading
through endless privacy policies, conducting privacy assessments for each and every
online technology used in the classroom, and continuously monitoring those
policies for changes.
It requires patience,
and persistence, and time.
While this is
becoming the new norm for educators and administrators, it is also a responsibility
that many school and district leaders are struggling to get a handle on. Many
are at a loss of where to even begin.
Protecting student privacy begins with knowledge
and understanding.
Protecting student
data starts with knowing what technologies are being used by students, understanding
how each of the technologies are using the data, and acknowledging that you
have control over which technologies make it into the hands of students.
No longer are we
living in a time that it’s okay to blindly introduce new learning technologies into
the classroom without first determining if they are safe to use. This means
ensuring the data is secure and private for the life of its existence. So
before an app or website should be approved, it needs to be thoroughly
assessed.
Assessing online
technologies takes a considerable amount of time and energy. However, when done
correctly, assessments provide a wealth of knowledge and understanding about
how the technology is being used.
Knowledge is power.
The more you get behind the data and understand what its intended use is, the
better off you will be.
Protecting student privacy involves knowing what is going on with the data.
Protecting student
data starts with understanding the process, knowing what is expected of you,
and asking the right questions. It also involves deciphering the data.
Adopting new
technologies typically begins with researching new apps and websites,
determining their value, negotiating a deal, and ultimately signing a contract;
creating a mutual legal agreement between buyer and seller laying out, in very
specific terms, what is expected from both parties in black and white.
Good policies
clearly define what is appropriate, and what is not when it comes to handling
student information. And they include sound provisions to ensure student data
is protected.
Privacy policies typically
tell a story about the data. They contain nuggets of information that, when
properly extracted and pieced together, reveal what is really going on with the
data; how it is being used, by whom, for what purposes and for how long.
But getting to that
information, making sense of it, and knowing how to keep track of it, is often far
easier said than done.
Assessing online
technologies and reading through endless privacy policies is the kind of work that
takes time, requires dedication and demands on-going attention. But when applied correctly,
privacy assessments provide answers that help define what is really going on
with the data.
Not sure of where to
begin?
Start by taking
stock of the learning technologies being used in your school, or district
today. Determine which technologies are safe for use and which ones are not. Eliminate
those that are risky or no longer needed. Monitor and repeat.
- Conduct
a technology audit.
- Remove
any technologies that are no longer in use, and eliminate any apps and website that
might potentially pose threat or harm to students.
- Monitor
privacy policies for changes.
- Repeat.
Protecting student data privacy starts with asking the right
questions.
When conducting privacy
assessments, it is important to consider the following criteria: data privacy,
data deletion, data security, data integrity, and data retention.
It also helps to ask the right questions.
Below, I have briefly outlined the 5 criteria that make up a privacy assessment. I have also included some great questions to
ask when assessing online technologies for your school or district.
(While it's worth noting that these questions only represent a small sample of what really needs to be asked, they provide general guidance as to what you should be looking for.)
5 great questions to ask when assessing online technologies in school:
1. Data
Privacy: The ability to keep track of data and understand what happens to it
during its lifespan.
Ø Example of a Data Privacy Question:
o
“What
information is collected from students and for what purposes will it be used?”
2. Data
Deletion: The ability to remove data upon request.
Ø Example of a Data Deletion Question:
o
“Can
parents review &/or delete the personal information collected from their
children?”
3. Data
Security: The ability to protect the data from unwanted or unauthorized users.
Ø
Example
of a Data Security Question:
o
“Are
security policies and procedures in place to protect against risk? When student
data is transferred, is it encrypted?”
4. Data
Integrity: The ability to maintain the accuracy & consistency of data over
its entire life-cycle.
Ø
Example
of a Data Integrity Question:
o
“Is
student data backed up on a regular schedule?”
5. Data
Retention: The ability to understand that the data is only to be used for its
intended educational purposes and should be otherwise disposed of when no
longer needed.
Ø
Example
of a Data Retention Question:
o
“Will
the data collected only be retained for as long as it serves an educational
purpose?”
Protecting student privacy begins with
knowing what is expected of you.
Designating someone to
be responsible for reviewing privacy policies, conducting privacy assessments
and monitoring policies for changes will help any school or district get ahead.
In closing, I’ll
leave you with some best practice recommendations for protecting student data
privacy from The US Department of Education:
- When
negotiating technology contracts, it’s important to pay close attention to the
fine print.
- Make
sure the agreement explicitly describes how the provider may use and share
student data.
- Maintain awareness of other relevant federal,
state, tribal, or local laws.
- Be aware of which online educational services
are currently being used in your district.
- Have policies and procedures to evaluate and
approve proposed online educational services.
- When possible, use a written contract or legal
agreement.
- Know that extra steps are necessary when
accepting Click-Wrap licenses for consumer apps.
- Be transparent with parents and students.
- Consider that parental consent may be
appropriate.
Source: http://ptac.ed.gov/