Student Data Privacy: Our Weakest Link

A Director of Academic Technology tells you what you can do about it.

GUEST COLUMN | by Eileen Belastock

Technology in schools promotes active learning, provides countless online resources, analyzes student performance for immediate feedback, automates processes like attendance and grading, offers assistive technology options, and develops life skills so critical for our students. Yet the benefits of collaborative, engaging, personalized learning experiences are counterbalanced with the possible exposure of student data to unauthorized parties.

“Student data privacy is only as strong as its weakest link, and it behooves a district to understand their school community, reevaluate current practices, and institute measures that protect our most vulnerable asset…”

Much like the leaks in a Holland dike, CTOs are always on the move plugging security holes to keep out intruders who are eager to steal student data. According to the CoSN ‘s 2019 K-12 IT Leadership Survey Report,  cybersecurity is the top priority for IT leaders. “Rather than focusing on corporate targets, which are devoting increased resources to cyber defenses, the group [data breachers] focuses on more vulnerable sectors such as school districts, universities, and nonprofits, which the group likely believes are softer targets.” 

The Goldilocks Effect

The Goldilocks Effect has hackers looking for the most susceptible access to student data, and in many cases, the “just right bed” is with classroom teachers. With edtech software available at the click of a mouse, enticements of free teacher accounts by software companies, crowdfunding financial resources, and easy access to student data, well-intentioned teachers, are unknowingly exposing both their students’ and their own personally identifiable information (PII) to unknown sources.

Teachers are eager to find new ways to engage their students and clickwrap on software agreements without understanding the potential ramifications.

Edtech software companies’ data privacy policies are swimming with legal jargon that, without a law degree or extensive understanding of the policies, can put teachers into a false sense of safety and security. Most software companies intend to be transparent about their sharing of data, collection of information, and adherence to FERPA and COPPA regulations. However, without a clear understanding of student data protections in place, data used by teachers to set up student accounts can become vulnerable to third-party exposure. 

When asking a group of teachers about the data privacy safety of edtech software, their responses reflected the vulnerability of student data privacy in classroom settings. The question of ‘If it is an educational app it is safe to use?” garnered answers such as “My students are only using the app in class,” “I saw the product in a workshop at an edtech conference.” “It’s an educational app, so it must be safe for my students.”.

These responses are red flags that all CTOs should be addressing in their districts.

Educators are in the business of nurturing, supporting, teaching, encouraging, and providing learning opportunities for students. Edtech leaders cannot expect classroom teachers to understand federal and state privacy regulations, interpret vendor data privacy policies, and disseminate only directory information without education, guidance, and support.

What You (We) Can Do About It

Using resources such as Common Sense Media and, the school community can participate in online data privacy courses. These courses create scenarios and opportunities for the entire school community to reflect on current practices and implement new data security practices. 

Without the collective efforts of the entire school community, student data will continue to be vulnerable and unprotected. By adopting responsible use policies, school districts can move away from the restrictive acceptable use policy and put the responsibility of data privacy on the teachers and the students.

This collaborative approach to technology use in the district educates all stakeholders on the importance of protecting data. Tom Whitby, the author of “The Relevant Educator: How Connectedness Empowers Learning,” argues that schools should move away from the restrictive filter of acceptable use policies. He suggests, “Teaching kids responsible use is the best form of control. It is a lifelong skill.”

School districts also need to reflect on their practices to support data privacy initiatives in their schools. Using Common Sense Media privacy reports, edtech leaders can access the safety, security, privacy, and compliance of current software used in the district.

Partnering with organizations such as the  Student Data Privacy Consortium (SDPC), districts can share standard practices on app vetting and contracts, student privacy app integration, and “governance” supporting data privacy. Chrome extensions such as LearnPlatform monitor, organize, rate apps, and software used in school districts to ensure transparency and compliance with student data privacy regulations.

Student data privacy is only as strong as its weakest link, and it behooves a district to understand their school community, reevaluate current practices, and institute measures that protect our most vulnerable asset—our students. 

Eileen Belastock is a Certified Education Technology Leader (CETL) and Director of Academic Technology at Mount Greylock Regional School District in Williamstown, Mass. Follow @EileenBelastock 


    Leave a Comment

    %d bloggers like this: