Education Framework Blog

Focused on the Future of Education in America

What Is Student Data Privacy?


School and district leaders know they need to protect student data, but effectively adopting and implementing a student privacy plan that includes parent, educator, administrator and policymaker input and approval, is a lot easier said than done. Efforts like this require dedicated time, commitment, clearly defined roles, a concrete understanding of what student data privacy actually is, and if you're lucky, tools to help you get the job done right.


While there are a myriad of checklists, to-dos and best practice recommendations available to help educators and administrators up their game, there is still much uncertainty surrounding this issue. But it's no surprise considering that there is, ironically, no set definition for student data privacy. And despite it being a relatively self-explanatory term, it is still complex and more-often-than-not, fraught with confusion. 


To put it simply, student data privacy is the idea of safely, securely and privately introducing online technologies into the classroom - in the form of apps, websites, surveys, assessments, etc. - without risk of compromising personally identifiable student information (PII). But it also so much more than that. 


Student data is protected under federal law (COPPA, FERPA, PPRA) and requires thorough knowledge and understanding of data collection, data use, data retention, data deletion and data integrity for all online technologies used in a school or district. It means reading endless privacy policies to know precisely who has access to student data, for what purposes and for how long. And it demands ongoing maintenance and monitoring to ensure there haven’t been any changes to the privacy policies that could compromise PII.   

Knowledge is Power

Protecting student data privacy starts with knowing precisely what technologies are being used in the classroom. Conducting a comprehensive audit of the technologies currently in use is a necessary first step towards establishing a baseline understanding and gaining a big picture view of the technology usage in a school or district.

Once there is an understanding of what technology is being used in the classroom, the next step is to conduct a thorough privacy assessment for each and every online technology to ensure student data privacy is indeed private and protected. 

For many, this step can be quite daunting, especially when considering the sheer volume of online technologies available to schools today. But with the right tools, this process can be relatively straight-forward, simple and streamlined.

Education Framework Inc. tackles student data privacy with the goal of protecting student PII while providing a great resource for industry leaders to connect with parents and their communities.

The Rise of Student Data Privacy 

Student data privacy has been a rapidly growing administrative pain point over the past few years. The massive push for 1:1 and other digital learning initiatives are major factors in this, but the equally explosive growth of new learning technologies created by third party vendors has changed the way we view student privacy. No longer can we assume that student privacy is safe, secure and protected, especially when it can be accessed by so many different entities, at different capacities, for different periods of time. Because of this, it is imperative that education leaders establish user controls that determine precisely who has access to what student data, for what purposes and for how long.


Besides the exponential growth of technology in schools, it's worth noting that there are a few contributing factors that have led to the rise of student data privacy as an immediate and necessary need, all of which are tied to the increased usage of digital media and online technologies:


1. Parents are technologically savvy. Parents are technology users themselves, so naturally they’re becoming better acquainted with security and privacy issues, especially when it comes to online technologies and services they use every day.

Many parents, especially those that are actively involved in their child’s online usage at home, want to know precisely what technologies they are using in school. More importantly, they need reassurance that they’re child’s privacy is being considered and respected.

Parents want a window into their child’s technology usage in school. Providing a way to communicate this information in a clear and concise manner helps connect the dots and bring parents into the loop, engaging them in the privacy conversation. This approach goes a long way towards building trust, as it conveys that their point-of-view is valued.

2. Technology forces transparency. One of the most unique ways the Internet has affected our society is the quick transmission of information. Education leaders have never been more powerful or in a better position to make informed decisions than they are today. 

With the right tools and approach, educators and administrators can discover safe learning technologies for students, measure growth, use actionable data to make classroom, school or district-wide improvements, and communicate with parents and communities in a way for all to understand. 

Student data privacy is about accurately and authentically conveying what technologies are being used so that stakeholders, community leaders, and parents can easily understand the health, safety and vitality of a school or districts' student privacy efforts. It is also about providing reassurance that students, schools and districts are safe from risk.

Transparency engages all interested parties and allows everyone to work together towards a greater good. Automated student privacy protection is one way for school and district leaders to adopt transparency measures and gain greater control of student privacy efforts, without heavily increasing the administrative workload. Utilizing tools that do much of the work for you - in an open and transparent way - are helpful in saving time and ensuring student privacy is, in fact, protected.

3. The right tools make things a whole lot easier. Knowledge is one of the most powerful benefits of the Internet age. Twenty-five years ago, when there was no Internet, student privacy was hardly a consideration. When technology usage started to go mainstream, particularly in schools across the country and around the globe, we simply couldn’t fathom where we’d be today. But with all this technological growth and opportunity has come an overwhelming need to increase privacy protections.

Educational development is no longer only about exploring and discovering the best learning solutions for students, but it’s also about finding technologies that are safe for use in the classroom. 

Automated solutions are the best way to capitalize on this theory, which is why Education Framework Inc. exists. We help position school and district leaders as experts in managing student data privacy by providing services that produce information at the ready. With over 1100 (and counting) online technologies assessed to date, we’re able to help educators, administrators and IT leaders make quick, yet safe and informed technology decisions for the classroom. All while minimizing the risk of exposing student information.

Food for Thought 

While there are plenty of factors that have led to student privacy’s rising value, these macro elements are the key reasons why protecting student data privacy is more relevant and important than ever before. 

Educators, administrators and IT leaders who establish themselves as pioneers in this space are positioning themselves to be helpful resources for their communities and models for other education leaders to follow. More importantly, those that take the necessary steps to ensure privacy is protected will be education leaders that parents will appreciate and trust.

Do You Think Student Data is Protected? Think Again!

As student data privacy continues its moment in the spotlight, a darker reality often exists behind the scenes: one where school districts treat information security, privacy and compliance as a reactionary afterthought; where data governance programs are not properly established or implemented; where security controls are lacking; and where third party vendors are not appropriately vetted for privacy assurances.

Despite this sounding like the making of a bad after school special, this is happening in schools and districts all across the nation. Too little is being done to protect student information, exposing our students and schools to unnecessary risk.

Case in point…

The Missouri State Auditor recently conducted a comprehensive analysis of a local school district to better understand their position when it comes to protecting student information. What they discovered was failure across the board.  

The Boonville R-1 School District Student Data Governance Audit was completed as part of the Cyber Aware School Audits Initiative and designed to assess the effectiveness of privacy and security controls, with a focus on identifying practices that improve the security of information school districts have on students and their families.  

The thorough audit was conducted in response to increasing concern for protecting the security and privacy of information schools maintain on students, coupled with the continued emergence of cyber threats.

Based on six core criteria, the audit was intended to evaluate 1.) The effectiveness of privacy plans and controls for safeguarding personally identifiable information (PII); 2.) The effectiveness of information security controls for protecting the confidentiality, integrity, and availability of systems; and 3.) The effectiveness of compliance.

Listed below are the findings from the audit, the associated risk for non-compliance, and recommendations for improvement provided by the Missouri State Auditor’s office:  


1.  DATA GOVERNANCE

 

ASSESSMENT: The district has not established a comprehensive data governance program, therefore being unable to ensure PII is adequately protected and safe from unauthorized access, misuse, or inadvertent disclosure.

 

RISK: Without a formal program, the district cannot ensure that PII is adequately protected and safe from unauthorized access, misuse, or inadvertent disclosure.

 

RECOMMENDATION: The district should establish and implement a formal data governance program encompassing the full life cycle of data, from acquisition to use to disposal.

 

2.  SECURITY CONTROLS

 

ASSESSMENT: The district has not implemented necessary security controls, leaving technology assets, including PII at risk of inappropriate access, use and disclosure.

 

RISK: Without documented and approved policies and procedures, management lacks assurance that security controls are appropriate and properly applied.

 

RECOMMENDATION: The district should formally appoint a security administrator, ensure passwords are periodically changed, establish access control policies and procedures, formally document responsibility for physical protection of technology resources, and fully document and periodically review security policies and procedures.

 

3.  USER ACCOUNTS

 

ASSESSMENT: The district has not fully established controls for creating and maintaining user accounts for accessing system resources.

 

RISK: Without appropriate account access policies and procedures, users may be granted inappropriate or unauthorized access, which can provide opportunities for misuse or inappropriate disclosure of sensitive data.

 

RECOMMENDATION: The district should establish and document formal policies and procedures, periodically monitor user accounts and user access to data to ensure rights remain appropriate.

 

4.  INCIDENT RESPONSE & CONTINUITY PLANNING

 

ASSESSMENT: The district has not taken all the necessary measures to protect data in the event of a breach or other disruptive incident. It does not have a complete incident response plan, has not adopted a formal data breach response policy, and has not fully documented and tested a continuity plan.

 

RISK: Without comprehensive incident response and breach-related policies, management may not be able to respond quickly and effectively. And without a tested and functional continuity plan, management has limited assurance the organization’s business functions and computer processing can be sustained.

 

RECOMMENDATION: The district should establish and document an incident response plan, formally document and adopt a comprehensive data breach response policy, to promote an appropriate response in the event of a breach, develop a continuity plan, formally assign responsibilities, and run periodically tests of the plan.

 

5.  SECURITY AWARENESS PROGRAM

 

ASSESSMENT: The district has not established a formal security and privacy awareness training program.

 

RISK: Without adequate training, users may not understand system security risks and their role in implementing related policies and controls to mitigate those risks.

 

RECOMMENDATION: The district should establish a formal security and privacy awareness training program, because those with proper security and privacy awareness training and clear communication of data and device use policies, can become the first line of defense against cybersecurity incidents.

 

6.   VENDOR MONITORING

 

ASSESSMENT: The district has not established a process for ensuring software acquired or outsourced from information technology vendors complies with data security principles. Additionally, the district is unable to locate a written contract with the vendor of one of its key systems.

 

RISK: Without an effective process for monitoring and managing risk and software acquisition or outsourcing, the district has less assurance in a vendor’s ability to deliver services effectively, securely and reliably, and to ensure that services meet current and future data privacy and security needs.

 

RECOMMENDATION: The district should develop procedures to formally monitor information technology vendors have access to, to ensure the district’s data is properly protected and the vendor acts in accordance with contract terms and conditions.


CONCLUSION 

While this audit casts a negative light on a single district, it illuminates the reality of what is really going on in schools and districts across the nation, and it shows the unfortunate truth of how student information is regularly exposed.

By establishing and implementing the proper plans and procedures, schools and districts that proactively protect student privacy are better poised for success. In contrast, assuming it will take care of itself is a recipe for disaster.

As technology usage advances in schools, increased risk of PII being compromised and exposed is a real and ever-present danger. The need to protect information against cyber threats and misuse is increasingly important, and school districts need to do more to ensure student information is safe, private, secure and protected.

Note: After failing on all six counts, the Boonville R-1 School District has addressed their areas of weakness and have issued an action response to remedy their shortcomings. Read the full audit here >>  

Privacy & Security of Student Data: An Increasing Concern for IT Leaders

A recent article by eSchool News highlights latest COSN survey, stating: 

IT leaders list student data privacy as one of their primary concerns.


According the the fourth annual K-12 IT Leadership Survey Reportbroadband and network capacity top the list of priorities for school technology leaders. But the survey also indicated that they're spending more time and devoting more resources to student data privacy and security than in previous years. 

Major IT findings emerged from the survey and are outlined in the report:

1. Broadband and network capacity is the top priority for IT leaders
2. Privacy and security of student data is an increasing concern for IT leaders
3. Districts are turning to digital learning materials.
4. Ninety-nine percent expect to incorporate digital Open Educational Resources .
5. Nearly 80 percent of IT leaders use online productivity tools 
6. District bans on student devices are shrinking. 
7. The path to IT leadership differs for women and men
8. Racial diversity in IT leadership is lacking
9. IT leaders have advanced education.
10. Demographics are changing

The article indicates that respondents major challenges include budget constraints and lack of resources; the existence of silos that hamper collaboration; and lack of vision and support from senior district leadership.


The Importance of Automation in Protecting Student Data Privacy


If you visit Apple’s iPad in Education page one of the first things you’ll see is this: 

“The App Store features over 80,000 education apps — designed especially for iPad — that cover a wide range of subjects for every grade level and learning style.”

Over 80,000 apps.

Now, unless your district is the one district in the country with an IT department and teachers with a whole lot of time on their hands, your staff doesn’t have the time to go through each app and countless websites to ensure their student data privacy policies are up to your district’s requirements.

 A mish-mash of federal laws, state and local laws, industry standards and each app company writing their own rules make it even harder to know that what you’re agreeing to fulfills your present legal requirement.

Short of reading hundreds or even thousands of Terms of Services for each app and website your teachers use, you have no idea how apps are storing your data, what information they are collecting, when they delete it, or who has final say over the data.

It can take 20 minutes or more to read, complete and approve one policy for one app or website. 

Multiply that by the thousands of apps and websites a district with multiple schools over twelve grade levels can use and you can see how this can quickly turn into hundreds of hours of work. 

Add the task of monitoring policies for changes and reassessing approval when there is a change and the task becomes a full-time job. 

Finally, expecting that person to also keep up with changing legislation and understanding the nuances in legal language and it becomes impossible. 

The result right now is many districts just not doing the work, putting their student data at risk for abuse and their schools at risk for litigation.

Of course, there’s a smarter way: automation. 

By automating the approval process for student privacy, you free up hours of time while knowing the job is getting done correctly.

EdProtect by Education Framework is one such solution that automates the entire process for you, taking the guesswork out of managing student privacy. 

This approach ensures student data privacy compliance for you by analyzing the apps and websites your district uses and monitoring their privacy policies to see if they are aligned with the standards you set. 

When an app policy or the law changes, EdProtect lets you know in plain language if the app is no longer in compliance, giving you the opportunity to keep using the app or not.

What would need to be a full-time job to do well can be done by our software automatically in the background, alerting you only when you need to make a decision. 

With EdProtect, teachers, administrators, and parents know exactly how student data is being used in schools, ensuring complete compliance with all laws and peace of mind for all involved. 

As student data privacy become more and more both the expected standard and the legal requirement, automation of student data privacy policy management is the best and perhaps only way to ensure complete compliance, provide transparency for parents, and reduce the risk of fines from the misuse of student information.

Now is the time to make a commitment to protecting student data. 

Get started today with our FREE Policy Change Monitor, and learn more about how EdProtect makes protecting your students simple


Preparation: The Key to Protecting Student Data Privacy


"Success is peace of mind which is a direct result of self-satisfaction in knowing you made the effort to become the best of which you are capable of." - John Wooden


John Wooden, one of the most revered coaches in the history of sports, made a career out of focusing on preparation. 

He said his coaching philosophy revolved around three main ideals:

1. To get his players in the best possible condition. 

2. To get his players to work on their quickness. 

3. To get his players to work together as a team.


"Do not let what you cannot do interfere with what you can do."  - John Wooden


Wooden used this approach as head coach of UCLA to lead his team to 10 NCAA Men's Basketball Championship titles in a 12 year period, including an unprecendented 7 years in a row. 

He was an accomplished 3 time All American athlete and the first person to be inducted to the Basketball Hall of Fame as both a player (1960) and coach (1973). But he is best known for how he approached the game, and for the values he instilled in his players. 

Throughout his extensive career, he built his legacy on a what he called the Pyramid of SuccessHe was an exceptional leader, mentor and friend to many, and was possibly best known for bringing out the greatness in others by pushing them find the greatness within themselves.

Yet despite all his successes, his focus was never about winning or losing; instead, he emphasized the importance of preparation. 

He knew that if his team was in the best possible shape they could be, both mentally and physically, that they would have the advantage when it really mattered. He knew that if they worked on their quickness, that they would be one step ahead allowing them to out-smart, out-wit and out-maneuver the competition. He knew that if they worked together as a team, that they would trust one another, support one another and collectively elevate one another to be better. 

So what does this have to do with protecting student privacy, you might ask? 

Well, it got me to thinking about what the privacy landscape would look like if school and district leaders adopted the mindset of John Wooden. 

Coach Wooden knew the value of thinking through each and every possible scenario before the tip-off whistle ever blew. He understood the importance of preparation and doing the tough work up-front, but also acknowledged the need for leadership and teamwork in order to succeed. He knew that the right commitment with the right team could bring the right results. 

When it comes to protecting student privacy, we need this kind of proactive thinking. No longer should schools be able to treat privacy as an afterthought. Our students deserve better and our schools should do better

Just think where we'd be if every school in the nation applied the John Wooden mindset to protecting student privacy. At the very least, we'd be better prepared.


"If you don't have time to do it right, when will you have time to do it over?" - John Wooden


Education Framework gets iKeepSafe FERPA Privacy Badge


Thrilled to share that iKeepSafe, a leading digital safety and privacy nonprofit organization, has awarded Education Framework with the FERPA Privacy Badge for our student data privacy and parental consent solution, EdProtect

The iKeepSafe FERPA Privacy Badge is the first independent assessment program for the Family Educational Rights and Privacy Act, and seeks to help educators and parents identify edtech services and tools that protect student data privacy. 

"Education Framework's primary mission is to help school districts protect the privacy of their student data, so it's very important that our solutions, themselves, are trusted by education leaders," said Jim Onstad, President & Co-Founder of Education Framework Inc. "Obtaining iKeepSafe's FERPA Badge assures our school and district partners that we are making every effort to align our services with federal education laws, keeping students safe." 

EdProtect is the third product to receive this symbol of distinction in student data privacy. For the evaluation, an independant privacy expert reviewed EdProtect, its privacy policy and practices, as well as its data security practices. 


Education Framework Talking Student Privacy at EdSurge Tri-State Tech for Schools Summit


We are pleased to announce that we will be participating in the EdSurge Tri-State Tech for Schools Summit where we will be discussing student privacy and parental consent with education leaders and administrators from in and around New York, New Jersey and Connecticut. 

We are attending with the intention of better understanding of the real issues keeping Tri-State administrators up at night, and will be sharing our student privacy and parental consent solution, EdProtect, with those looking for a better way to manage their privacy obligations.  

Friday, February 26, 2016
7:30am – 3:00pm (EST)
Ramapo College of New Jersey

For full event details, please visit here >>

Student Privacy: A Parent’s Perspective

As Edtech software developers, we often look at student privacy from the perspective of our users–school districts, teachers, and state boards of education. However, it’s important to remember that every piece of data isn’t just a record or potential liability; it’s the information of a student that needs to be protected at all costs.

While most students are unaware of what’s at stake, parents are increasingly becoming concerned about student privacy issues and demanding solutions. Today we share the perspective of one such parent. Nick Reese is a father of four in Bend, Oregon, and was kind enough to share his thoughts on student privacy. Take it away, Nick:

++++

As a parent in his late 30s, I straddle technology that didn’t exist for my parents when I was in school and will be commonplace by the time my kids are parents themselves. I’m far more comfortable with technology that my parents will ever be; my dad refuses to learn how to program phone numbers into his cell phone, instead continuing to carry a laminated card with important phone numbers in his wallet. And yet, I’m not digital native; my first exposure to the Internet was at university just as the dot-com boom was gaining steam. These days I feel more and more like my father every time I read about things like Tinder, Snapchat, Vines, Oculus Rift, Uber, smartwatches or the next new great thing: thanks, but I’ll stick to what I’m used to.

My kids, on the other hand, are full-on digital native. My fourth and third graders were issued iPads at school and put together Keynote presentations for fun. My first grader makes videos of himself playing video games and puts them on YouTube. My preschooler can’t read but works my iPhone like Steve Jobs, but with a greater affinity for goldfish crackers.

Of course, it’s not just me. Almost every industry is experiencing this same shift. Getting medical care, buying stocks, shopping for groceries, booking a flight, even renting a movie–everything has changed. Some industries are embracing or even leading the shift, while other industries are a bit more like me: supportive, but not leading the way.

The world of education is very much in this second bucket. For every innovation like iPads in the schools or using social media to engage parents there are still methods of doing business my parents would recognize, like endless permission slips, printed newsletters and paper forms. Unfortunately, the way schools handle digital privacy and security is still the product of the old way of thinking. In an era where even security-minded retailers and government agencies find themselves in the news for data breaches while software companies keep concocting new ways to package and sell user information, the way schools handle data privacy is almost laughable if it wasn’t so frightening.

Paper forms with sensitive information and signatures get transported by six-year-olds in backpacks to be stored… somewhere? While textbooks are vetted by boards of education, I have no idea what level of vetting each app gets, who is doing the vetting, what these apps are and what info they are collecting. I know there are laws about this, but who is enforcing them? Who pays when my kid’s social security number winds up all over the Internet? How much do for-profit companies know about my kids, and what do they plan on doing with that information?

These should be simple questions I shouldn’t have to jump through hoops to get answered, or even have to ask. Luckily, companies like Education Framework and others are making it easier to help schools solve these problems while bringing parents into the loop. While I’m sure this is one of those growing pains of technology adoption that will be solved by the time my youngest child graduates, parents now shouldn’t have to let their kids be the test subjects. Parents, schools, software developers, teachers, industry groups and lawmakers need to get together now and make education a leader in privacy and data protection, not a follower.

+++

Thanks, Nick!

At Education Framework, we believe now is the time to make a commitment to protecting student data. Learn more about how our tools make ensuring student privacy simple and sign up for a free demonstration today.  

2016: The Year of Student Privacy


If we had to use one word to sum up the current state of student privacy, we would have to go with “complexity.” Technology has become more and more entwined in our schools and into students’ lives; pilot programs like iPads will soon become standard at every school and grade level. Elementary school children who used to learn the Three Rs are now learning things like programming, robotics and engineering. Rote memorization has been replaced with gamified learning. And what would be early-adopter technology for this year’s kindergartner, like wearable tech and virtual reality, may be a standard educational tool by time she becomes a sixth grader.

While technology will always move faster than legislation, all levels of government are feverously working to spell out the rules for how we treat student data. As with any legislation, there are many different interest groups with different ideologies and priorities. A simple question like “Who is responsible for student data?” will be answered very differently by state legislators, local school boards, teachers, parents and technology companies; each wants control while shielding themselves from any liability.

And liability is a reality. Right now your student data is at risk with grave consequences. We live in an age where Fortune 500 companies are routinely hacked, exposing the sensitive data of millions of customers for all to see and steal with the click of a mouse. If all the resources of companies like Target, Sony and Home Depot can’t protect their data, what hope does the average overworked, underfunded school district IT department have? Not only do they need to protect from outside threats (or mischievous students); they need to protect the data from their software vendors who may want to collect it for marketing purposes. Short of reading hundreds of ever-changing Terms of Services for every app and software your district uses, you have no idea how your vendors use the data they collect, where they store it, when they delete it, who has final control over it or perhaps even how to access it. 

Because of all this complexity, we believe this is the year student data becomes one of the most important issues facing a school district. The choices schools, legislators and technology companies make over the next 12 months may end up being the foundation for what is considered standard in student privacy.

We created EdProtect to give schools the choice of the highest level of student data privacy possible. Because we’re not just developers; we’re parents. We’re as excited by all the new technology in schools as anyone, and wholeheartedly believe in the power of technology to help our kids learn. But we’re also increasingly concerned about the security of student data. And we’re not alone: 87% of parents surveyed are worried their child’s information can be stolen, with 85% responding that their willingness to support technology in schools must be coupled with efforts to ensure security.

Whether you are ready or not, this is the year your school needs to make a commitment to protecting student data. Learn more about how our tools make ensuring student privacy simple and sign up for a free demonstration today.

Who is Responsible for Protecting Student Data?


In a perfect world, student data would belong solely to the student. In practice, the responsibility for student data is shared by anyone who has contact with that data, including teachers, administrators, IT departments, school districts, software developers and parents. As such, there are often competing philosophies for how much or how little student data is collected and shared. Today we are talking about how you can manage student data in a way that best satisfies parents, your school districts, and the law.

The first step, after understanding your requirements under state and federal law, is to create written policies and provide the resources required to support data protection. These policies should be crafted in a way that ensure front-line teachers and administrators are using the tools and processes necessary for optimal data protection. The Privacy Technical Assistance Center has created a checklist for developing school district privacy programs that should help you get started. In addition, a data governance team should be created, within the district, to recommend new policies and best practices related to data use, to collect feedback, and to conduct compliance audits. Perhaps the team’s greatest responsibility will be acting as an advocate for resources and investment into student privacy, such as training, technical assistance and data coaches.

Second, you should work with your local, state and federal government representatives to advocate for consistent policies and support across the state. By advocating for strong, consistent laws across school district lines based on transparency and accountability, schools and software makers will find it easier to be in compliance, reducing costs and ensuring stronger, more robust data protection for schools. Talk to legislators and policymakers about the importance of secure student data, and their role in ensuring consistent regulations across state lines. The more you can be part of the conversation, the more you can ensure new laws and policies are crafted with your concerns in mind.

Next, understand how your software and service providers use student data. Each app, website and program your students use is limited in how they can use the data they collect and manage. For example, they are prohibited by law from using or disclosing student data for commercial purposes like advertising without parental consent. However, with schools using hundreds of different apps and websites, it can be difficult to weed through countless Terms of Services documents to ensure compliance. Tools like EdProtect make it easy for teachers and administrators to review individual apps and websites, and know at-a-glance whether they comply with state and federal regulations. At the same time, schools are equally responsible for ensuring their contracts with vendors spell out specific requirements for student data privacy, such as stating the district retains ownership of all data, and that the service provider is prohibited from using data in any way they aren’t explicitly given permission for.

Finally, and most importantly, make sure you are constantly communicating your plans to others responsible for student data, with special attention given to parents. By engaging parents in an ongoing conversation about their student’s data, together you'll ensure that the data is safe and secure. Ways to engage parents include sharing lists of apps and websites their children use and posting the safety ratings of those apps and websites on an easy-to-access district website. Report any changes to privacy policies, and obtain parental approval when necessary. Doing so actively draws parents into the conversation and assures them that their child's data is a priority in your school district.

The responsibility for student data belongs to all of us. We help make it easier to do your part with tools that protect your students from data abuse and your district from costly fines and litigation. 

To learn how EdProtect makes your job easier, sign up for a free demonstration today.