menu opener

Improving K-12 Student Data Security Starts in the Classroom

What to know about security risks associated with free or low-cost classroom apps

By Eileen Belastock, Director of Academic Technology at Mount Greylock Regional School District, Williamstown, Massachusetts

During a recent student data privacy presentation, I polled the audience of teachers on the following question: “As long as it is an educational website or app, student data is private?” While I won’t disclose the actual percentage of TRUE answers, it was enough to be disconcerting and the cause for many sleepless nights for edtech leaders across the country.

This anxiety was evident in the 2018 CoSN K12 IT Leadership Survey, where 68 percent of IT leaders polled rated privacy and security of student data as more important than the prior year.

Figure 1 – from 2018 CoSN K12 IT Leadership Survey

Edtech leaders recognize that technology in classrooms is no longer an addition to classes. Instead, it’s an integral part of the curriculum in school districts. The influx of devices in students’ hands has smashed the brick and mortar format of learning for this and future generations. Students have access to their learning 24/7, connect to the world on multimedia platforms, and use VR/AR to create environments to solve real-world problems. Education is personalized and differentiated in ways that excite and engage all learners.

These educational paybacks, however, come with a cost: the increased vulnerability of personally identifiable information (PII). With the advent of federal regulations such as FERPA, COPPA, and CIPA, school districts are working furiously to create policies and procedures that guarantee student, staff, and district data is secure while at the same time supporting and encouraging innovation in classrooms.

Sense of Urgency

In my district, technology integration has been moving at warp speed. In the last three years, we have partnered with a learning management system, integrated Google for Education apps into every aspect of school and classroom, and implemented a 1:1 program with our middle/high school students.

These initiatives have compounded the classroom teacher requests for apps and software that support and extend learning for their students. However, using these online services and communication tools amplifies student data privacy vulnerabilities with third-party vendors having access to more student information. Although most vendors are purposefully doing their best to ensure student data privacy, it is ultimately the legal responsibility of districts to ensure that PII is protected.

As a result of increased data sharing vulnerability, school leaders may deny specific technology software and app requests from teachers. Frustrated with these denials and enticed by free or low-cost apps and software, teachers may seek to open personal accounts with third-party apps to use in their classrooms that have not been vetted by a school district technology department. By signing up for these free and low-cost apps and agreeing to the terms of use and privacy policies, teachers take on the unauthorized role of designated school officials that significantly increase the potential risk to students, teachers, parents, and school districts that data will be shared for non-educational purposes.

Educating the Educator

Teachers and school leaders don’t know what they don’t know. Linnette Attai, in her book Student Data Privacy – Building a School Compliance Program, said, “When done well, a school district privacy compliance program is not about restrictions. It’s about empowering individuals and teams to make smart consistent, auditable decisions about data use that benefits the students they serve.”

Empowering the entire school community with the tools to make software decisions based on protecting student data requires the education of all stakeholders. Through surveys, classroom observations and edtech management systems, edtech leaders can assess the apps and software used in a district’s classrooms to establish thoughtful professional development plans around student data privacy and the implications it has on students and adults.

We don’t expect teachers to comb through pages of legal documents and understand third-party vendor clickwrap agreements, terms of service and privacy policies. However, the goal of this type of education is for teachers and leaders to question the purpose of data collection by vendors and seek the decision-making powers of the technology experts in their district. Using resources such as Common Sense Media, CoSN and Connect Safely, data privacy training for teachers, staff, and administrators can be personalized and differentiated to highlight the impact of data privacy in their classrooms and their own lives.

Creating scenarios that motivate dialog can be an impactful approach to amplify everyone’s awareness and substantiate the sense of urgency in the school community.

So Much Data – Interoperability

With school districts incorporating technology into every aspect of education — including classroom instruction, class scheduling, and student performance data — we also have to consider the interoperability and the safety of data in these systems. Education Week recently published a special report UNCHAINING DIGITAL DATA: K-12 INTEROPERABILITY, which states: “As schools have become increasingly dependent on technology, many district leaders have come to grips with a frustrating reality: They’re awash in data, but much of it sits in silos, isolated and virtually useless.”

These silos represent a collection of essential data about students that can provide classroom teachers, staff, and school leaders with strategies and supports that differentiate instruction, provide behavioral interventions and measure student progress. Even with these data-rich, school-approved apps and software used in classrooms, the potential access to student data increases with every separate sign-on.

By implementing a system where software and applications are accessed with a single sign-on method, it is less problematic to have consistent policies around student data privacy and provides reassurance to teachers, students, and parents that their data is secured and inaccessible by outside parties.

Improve Data Security

Download the free whitepaper, Security Tips That Will Protect Student Data Today. Learn questions to ask every education technology vendor and gain awareness of issues today that could harm your school community.

About Eileen Belastock

Eileen Belastock, CETL, is an educational leader who is fueled by the belief that learning anytime anywhere is critical for both our students and educators. In her experiences as a district administrator, a building administrator, and a high school math teacher, she has been instrumental in providing students with equitable learning environments through multiple 1:1 programs and online educational environments. Throughout her career in both the corporate and educational environments, Eileen has encouraged and supported both adult and student learners to challenge themselves to find their passions, be lifelong learners and be contributing citizens in the 21st global environment.

Eileen models what she believes through her involvement on two Massachusetts edtech organizations, as a board director, whose missions are to educate and engage classroom teachers. She believes in supporting and highlighting educators and administrators as they work to ensure digital equity and student safety through her published articles in publications such as Tech & Learning, eSchool News, and EdScoop.

Ready to Connect?

Let’s discuss your priorities and how we can support your organization’s goals.