Contributed by Kevin Lewis and Dr. Tim Clark
Think About IT! Seven Reflections on Student Data Privacy
With the continual influx of digital applications available to support teaching and learning experiences in various contexts and at all levels, educators have to be committed to providing a safe environment that protects students.
One aspect of that protection is ensuring student data privacy when using those applications.
It’s challenging to balance the freedom of teachers to select the best digital resource to engage student learning while simultaneously protecting student data.
Here are seven thoughts and suggestions on student data privacy you need to think about.
1 All personal information should be protected.
The Department of Homeland Security defines personally identifiable information (PII) as any information that permits the identity of an individual to be directly or indirectly inferred, including any information that is linked or linkable to that individual. All information about students should be protected. That includes general PII, such as a first name, age, etc, as well as Sensitive PII, such as a social security number, driver’s license number, etc. Remember that even general personal information about a student can be grouped by an application to start building a profile, so the collection of data points can reveal a lot about the user.
2 Students don’t naturally care about protecting their own data.
If students see a link or an application, they will want to access it. Devices and applications that harvest student data are designed to be appealing and user-friendly. Data privacy has to be taught and encouraged. Think about a young child crossing the street. Parents have to teach the child about the potential dangers and the steps to use to stay safe. Teachers often have to assume responsibility for what the students are sharing and their applications in the classroom. Districts can assist by ensuring that a process is in place to help teachers with this responsibility.
3 Parents should be engaged in the process of protecting student data.
Parents may be unaware of the strategies necessary to help protect student data privacy. Parents usually put their trust in the teacher. If the teacher recommends an application for student use, the parents will assume that it is safe. Districts and schools need to include training and communication for parents in student data privacy just as they support other initiatives related to student learning. Likewise, parents may be a good resource for schools when addressing student data privacy concerns, as many may have experiences and expertise that can be shared among the school community.
4 Just because an application appears to have an educational use doesn’t mean that it’s safe.
Teachers may experience a false sense of security when an application promotes that it’s for educational purposes, like teaching the alphabet, for example. Also, if another teacher recommends an application or if it’s marketed at a conference, it can appear safer than it really is. There’s an assumption that a standard is in place for branding something like an educational application. Look at its target audience, the information requested, and the amount of advertising, and approach the use of all applications with caution.
5 Free is never really free.
An application may seem to be a bargain when it is advertised as free, but it’s free at a cost. At a minimum, It may be harvesting personal information to use to target advertising to users. Furthermore, it may be using a technique called behavioral advertising, whereby it follows users and tracks their browsing trends across the Internet and retains their demographics and behaviors.
6 Educators must speak up about what they need regarding data privacy.
Legitimate suppliers of educational technology applications don’t know what they don’t know. Including them on a private list of banned applications doesn’t help those suppliers to make the necessary changes to better protect student learning. When application providers are genuinely dedicated to improving student learning, they also want to provide safe learning experiences. Schools and districts need to ensure that their suppliers know the requirements for ensuring student data privacy.
7 Data privacy isn’t just for students.
A culture of data privacy needs to be proactively developed and practiced by everyone in a learning environment. Think about data privacy as an umbrella, covered by federal laws to provide structure and guidance, which are supported by states and educational agencies that also provide additional support. Districts can assist their schools and teachers with policies, processes, and programs for vetting and approving applications. Finally, teachers need to research and evaluate the applications they use in their classrooms with their students. Everyone, at all levels, should learn and practice the skills necessary for protecting data privacy.
A Community Built Solution: TrustEd Apps
As a baseline for a district’s data privacy culture, 1EdTech (formerly known as IMS Global Consortium) assists member districts by vetting applications and certifying them for data privacy by utilizing a community-developed open rubric as part of its TrustEd Apps™ program and through the use of its TrustEd Apps dashboard.
To find out more information about TrustEd Apps, visit www.TrustEdApps.org. Join 1EdTech by visiting www.imsglobal.org/join and completing the online membership application.
Kevin Lewis is the Data Privacy Officer for1EdTech and facilitates its TrustEd Apps program
Dr. Tim Clark is the Vice President of K-12 Programs for 1EdTech