Steps Toward Better Student Data Privacy

Student data privacy

Cybersecurity has been at the forefront of many news headlines in the past year, shining a spotlight on what education leaders are doing to protect their students’ data from potential attacks. The administrators we work with - from those running a single school to those managing entire states and networks - are concerned with the best way to accomplish this, while still driving the endless list of goals and activities to equip and prepare students for success in college, career and life. With so many pressing requirements and needs on their plates at any given moment, finding solutions and methods for addressing student data privacy regulatory compliance and safety can seem like an insurmountable task. LearnPlatform was designed hand in hand with educators and administrators to address issues just like these.

As technology continues to assist with day-to-day interactions, millions of pieces of data are collected about individuals’ online activity. Within the past year, headlines announcing massive data breaches from prominent companies and organizations have been in the news, surfacing issues about the ownership and usage of individuals’ data. Below are a few examples of the leading headlines we saw in the last year:

  • March 2017 – the IRS removed the Data Retrieval Tool, which was used by students and parents to import tax information when applying for FAFSA (the Free Application for Federal Student Aid), from the Department of Education's website after news broke that personal data from more than 100,000 users could have been compromised.

  • September 2017 – Equifax, a consumer credit reporting agency, announced that personal information from more than 145.5 million U.S. consumers was potentially impacted in a cybersecurity breach, including individuals’ names, social security numbers, birth dates, addresses and driver’s licenses.

  • March 2018 – A whistleblower from Cambridge Analytica, a political consulting organization that specializes in data mining and analysis, revealed that millions of Facebook users’ data was obtained and used unethically for potential political gain – to date, estimates of impacted users is more than 85 million. Mark Zuckerberg, CEO of Facebook, testified in front of the U.S. Congress regarding the company’s use and protection of user data on April 10-11, 2018.

The education sector needs to be on guard against this kind of data breach, and as educators continue to innovate their teaching and learning practices using education technology, they are also at risk for cyber attacks. As we stated in our previous post, Student Data Privacy: A Who, What, Why and How, the rules and regulations regarding student data privacy are still catching up with the numerous technology tools and platforms currently available in the education market. This lack of clarity around student data privacy rules has placed a higher level of responsibility on each institution to remain vigilant in its security and data gathering methods. In fact, there have already been a few instances in which student data has been put at risk. To help educators better understand what to look for, we outlined a few of the lessons learned from these experiences:

  • Before deploying a technology, educators and leaders should test all aspects of the program to ensure that data gathered is compliant with local, state and federal regulations.

  • Confirm that any third-party platform is storing all student data in secure, private database. Hiring an outside researcher to perform “test hacks” could be a worthwhile investment for districts.

  • What data is at risk? While it’s hard to know beforehand what information a hacker is after, past cyber attacks have included names, usernames, email addresses, passwords and, in some cases, social security numbers for both students and staff members.

Therefore, schools need to be aware of what data is collected from their students, especially those in K-12 schools where the majority of the students fall under the legal age limit for releasing their own data (typically 18 years old). The Children’s Online Privacy Protection Rule (COPPA) and the Family and Educational Rights Privacy Act (FERPA) are some of the leading regulations at the federal level, while numerous states have passed bills with additional regulations over the last two years. Like almost all rules, there are serious consequences when schools do not comply with new regulations, and a failure to secure student data can result in a series of different penalties.

This previously unforeseen barrier to adoption has created some hesitancy throughout the education community to implement new technologies. The team at Lea(R)n works hand in hand with administrators to help them stay in compliance with all the tools that they are deploying across their schools and districts. LearnPlatform allows education organizations to inventory and select digital learning tools, establish regulatory compliance and measure outcomes for meaningful, actionable evidence.

Recently, LearnPlatform also introduced the IMPACT™-Ready designation for edtech product companies, as a way for them to more visibly indicate their commitment to providing schools and districts with security, accessibility and utilization information. To receive the IMPACT-Ready designation, providers must commit to:

  • Ensuring student data privacy and security.
  • Data interoperability, by signing the Project Unicorn vendor pledge.
  • Transparency into their accessibility, to demonstrate that there is equitable access to tools.
  • Use of Governed Data Sharing Standards, such as those set forth by the IMS Global Learning Consortium and the Ed-Fi Alliance, including sharing product use data with clients.

Without a comprehensive system for managing a school’s or district’s edtech, or designations like IMPACT-Ready, it’s nearly impossible to track, report or ensure compliance status. LearnPlatform helps organizations easily define and manage compliance, updating requirements when regulations evolve, in a single dynamic system. Administrators can set customizable statuses in their product library, sharing them as they prefer across schools and districts. For example, administrators can instantly communicate when a product is “approved,” “pending,” “denied,” “approved with certain restrictions,” etc. The ability to offer up-to-the-minute information on the edtech tools being used is essential when the safety and security of student’s data is on the line. For ultimate transparency, a parental view of class, school and district libraries is readily available to ensure parents know what products their children are engaging with.

Label edtech tools with custom approval statuses to ensure school or district-wide communication and compliance.

Label edtech tools with custom approval statuses to ensure school or district-wide communication and compliance.

Technology futurists forecast a growing concern about data ownership and security. As this topic continues to lead national and international discussions, education institutions must continue to refine their implementation policies and procedures. LearnPlatform ensures the safety of both parties by helping schools stay in compliance and free from penalties, while also ensuring edtech platforms remain compliant with ever-developing student privacy policies.

If you’re unsure whether the tools your school/district use are keeping student data secure or if you need additional resources to help you understand the specifics of standards alignment and compliance, we’re here to help!