Education Framework Blog

Focused on the Future of Education in America

5 Great Questions to Ask to Help Protect Student Data Privacy

Technology has changed the way we teach, it has changed the way we communicate and it will continue to change the way we learn and grow.

But so has privacy.

No longer can we assume our children’s data is protected. We have to actually work to protect it. 

Protecting student data requires committing time, energy and resources towards the effort. It is an on-going and ever-evolving process that when applied correctly, provides real actionable insights.

Educators must remain vigilant in ensuring data privacy is protected, one app and website at a time. The sooner we acknowledge this, and act accordingly, the better off we will be.

The Digitalization of Education

The amount of online learning technologies available to students today is utterly astounding. Just look at iTunes, and you will see that they have literally tens of thousands of educational apps and websites available for immediate download.

Many of these technologies have true potential to make a difference and improve student outcomes. While others, if left unchecked, can pose real-life threats to students and schools.

It is now the responsibility of school and district leaders to determine which apps and websites are appropriate and safe for use in the classroom. But many are finding this to be quite a difficult task.

School and district leaders are adopting new learning technologies at breakneck speeds, and as a result, many are coming to the realization that not all apps and websites are created equal.

Thankfully, there are laws in place to help govern this process. However, the lack of accountability and enforcement is problematic. This kink in the system leaves many doors open to misuse and abuse, exposing students and schools to unnecessary risk.

This is a hard truth. And it needs to change.

Protecting student privacy is an on-going and ever-evolving process that demands time, attention and resources.

In order to protect student data, school leaders must proactively commit to protecting it.

It means reading through endless privacy policies, conducting privacy assessments for each and every online technology used in the classroom, and continuously monitoring those policies for changes.

It requires patience, and persistence, and time.

While this is becoming the new norm for educators and administrators, it is also a responsibility that many school and district leaders are struggling to get a handle on. Many are at a loss of where to even begin.

Protecting student privacy begins with knowledge and understanding.

Protecting student data starts with knowing what technologies are being used by students, understanding how each of the technologies are using the data, and acknowledging that you have control over which technologies make it into the hands of students.

No longer are we living in a time that it’s okay to blindly introduce new learning technologies into the classroom without first determining if they are safe to use. This means ensuring the data is secure and private for the life of its existence. So before an app or website should be approved, it needs to be thoroughly assessed.

Assessing online technologies takes a considerable amount of time and energy. However, when done correctly, assessments provide a wealth of knowledge and understanding about how the technology is being used.  

Knowledge is power. The more you get behind the data and understand what its intended use is, the better off you will be.

Protecting student privacy involves knowing what is going on with the data. 

Protecting student data starts with understanding the process, knowing what is expected of you, and asking the right questions. It also involves deciphering the data. 

Adopting new technologies typically begins with researching new apps and websites, determining their value, negotiating a deal, and ultimately signing a contract; creating a mutual legal agreement between buyer and seller laying out, in very specific terms, what is expected from both parties in black and white.

Good policies clearly define what is appropriate, and what is not when it comes to handling student information. And they include sound provisions to ensure student data is protected.

Privacy policies typically tell a story about the data. They contain nuggets of information that, when properly extracted and pieced together, reveal what is really going on with the data; how it is being used, by whom, for what purposes and for how long.

But getting to that information, making sense of it, and knowing how to keep track of it, is often far easier said than done. 

Assessing online technologies and reading through endless privacy policies is the kind of work that takes time, requires dedication and demands on-going attention. But when applied correctly, privacy assessments provide answers that help define what is really going on with the data.

Not sure of where to begin?

Start by taking stock of the learning technologies being used in your school, or district today. Determine which technologies are safe for use and which ones are not. Eliminate those that are risky or no longer needed. Monitor and repeat.

  • Conduct a technology audit.
  • Remove any technologies that are no longer in use, and eliminate any apps and website that might potentially pose threat or harm to students.
  • Monitor privacy policies for changes.
  • Repeat.

      Protecting student data privacy starts with asking the right questions.

When conducting privacy assessments, it is important to consider the following criteria: data privacy, data deletion, data security, data integrity, and data retention.

It also helps to  ask the right questions. 

Below, I have briefly outlined the 5 criteria that make up a privacy assessment. I have also included some great questions to ask when assessing online technologies for your school or district.

(While it's worth noting that these questions only represent a small sample of what really needs to be asked, they provide general guidance as to what you should be looking for.)


5 great questions to ask when assessing online technologies in school: 

1.       Data Privacy: The ability to keep track of data and understand what happens to it during its lifespan.

Ø  Example of a Data Privacy Question:


o   “What information is collected from students and for what purposes will it be used?”


2.       Data Deletion: The ability to remove data upon request.

                Ø  Example of a Data Deletion Question:

o   “Can parents review &/or delete the personal information collected from their children?”


3.       Data Security: The ability to protect the data from unwanted or unauthorized users.

Ø  Example of a Data Security Question:

o   “Are security policies and procedures in place to protect against risk? When student data is transferred, is it encrypted?”


4.       Data Integrity: The ability to maintain the accuracy & consistency of data over its entire life-cycle.

Ø  Example of a Data Integrity Question:

o   “Is student data backed up on a regular schedule?”


5.       Data Retention: The ability to understand that the data is only to be used for its intended educational purposes and should be otherwise disposed of when no longer needed. 

Ø  Example of a Data Retention Question:

o   “Will the data collected only be retained for as long as it serves an educational purpose?”


Protecting student privacy begins with knowing what is expected of you.

Designating someone to be responsible for reviewing privacy policies, conducting privacy assessments and monitoring policies for changes will help any school or district get ahead. 

In closing, I’ll leave you with some best practice recommendations for protecting student data privacy from The US Department of Education:

  •  When negotiating technology contracts, it’s important to pay close attention to the fine print.
  •  Make sure the agreement explicitly describes how the provider may use and share student data.
  •  Maintain awareness of other relevant federal, state, tribal, or local laws.
  •  Be aware of which online educational services are currently being used in your district.
  •  Have policies and procedures to evaluate and approve proposed online educational services.
  •  When possible, use a written contract or legal agreement.
  •  Know that extra steps are necessary when accepting Click-Wrap licenses for consumer apps.
  •  Be transparent with parents and students.
  •  Consider that parental consent may be appropriate.

Source: http://ptac.ed.gov/  
Loading