A high quality digital learning experience for students is something every school strives to accomplish. But as a parent, have you ever wondered just how your child’s educational and personal records are protected? It is possible that schools are unintentionally putting student privacy at risk.
Some student information, such as that disclosed when using digital learning material, may be managed, not internally at the district level, but by what are known as educational technology, or “edtech,” companies. That information can also end up in the hands of marketing companies and other third-party data collectors.
Joni Lupovitz is the vice president of policy at Common Sense Media, a nonprofit organization that rates the safety of media and technology for students and families. In a recent article on DistrictAdministration.com, Lupovitz says, “Everything is going digital, whether it’s taking attendance, seeing what kids buy for lunch, collecting and storing records, or integrating laptops and tablets into the classroom lessons.”
To ensure every child’s privacy, parents should ask questions such as the following. Does your school outsource edtech services and systems? If so, what are the company’s privacy policies and how do they compare to those of the school district? You have every right to know exactly where your child’s data is being used, who has it and how they manage that information.
How is the wireless computer network in the school system secured? Does the school system provide in-house information technology support or is it outsourced? Who has access to security information? What guarantees are in place regarding the security of any cloud system being used?
Unlike medical record management, legislation governing the management of students’ electronic personal information continues to lag. Even the Family Educational Rights and Privacy Act (FERPA), designed to help restrict access to student records, does not adequately address these issues since it only speaks to the improper disclosure of personal information.
If a school utilizes an outside edtech vendor for record keeping or other digital data management, they may be unaware of holes in the company’s privacy agreement allowing them that provider to sell collected information under certain circumstances. School administrators should then be held responsible to maintain control of that information and have a complete understanding of how the data might be used by the vendor.
Beyond the administrative holes in security and privacy, education of the student (and parents) on safe and proper use of technology is sorely lacking. Most people still have no idea of the security risks when using public wireless access.
Parents should also ask about the security of any websites being hosted by the administration where school information is readily available. Is private data, such as performance or attendance records, easily accessed? Is the data encrypted and to what extent? Be sure to read any privacy paperwork provided and make sure it’s well understood. If not, ask!
Parents should also take the time to visit any and all websites managed by the school and familiarize themselves with the layout and information offered there. Sadly, better security usually means more expense, so there is every possibility that substance (good security) gave way to style (a prettier website).
If your child has a smart phone, laptop or other portable technology and utilizes the school’s Wi-Fi system, you may want to reconsider. Public Wi-Fi, even in a school, is insecure and should never be used to access personal or private information like banking, private email, or any other sensitive data.
Whenever a user logs into a website or online account through a public wireless system, there is a risk of breech. Without getting into the techno-babble of how it works, suffice to say that hackers “tag” certain Wi-Fi access points to collect data as people log in. This can happen at schools just as easily as anywhere else.
The take-away from all of this is that parents should be diligent in their understanding of how technology is used at school, whether it’s data management by the administration or Internet access by their child. Schools have an obligation to transparency, especially with regard to student records.