Student Data Privacy: Self-Inflicted Wounds

As more learning moves online, what you can do now to further safeguard students. 

GUEST COLUMN | by Eileen Belastock

In light of COVID-19 and the mass closure of school districts across the country, affecting nearly 41.7 million students, district and school leadership are focusing on providing extended learning resources and e-learning options to ensure educational continuity.

However, the influx of emails, social media posts, and phone calls from edtech software companies offering services, resources, and e-learning solutions has become unmanageable and extremely stressful for edtech leaders. Along with that is the teachers’ and parent/guardians’ understandable state of panic and request for immediate educational solutions to a crisis never seen before in this country.

Only by establishing a process for decision making that includes determining what data is shared, why the data is shared, and who owns the data can school districts feel a sense of security. 

Free instructional program solutions promoted by edtech software companies are enticing to teachers and parents/guardians as a quick fix substitution for brick and mortar classroom instruction.

Good Intentions, Slippery Slope

Signing up for free educational software by well-intentioned educators and families is a slippery slope for edtech leaders tasked with safeguarding student data. According to Doug Levin, Founder and President, Edtech Strategies, a report released recently by the K-12 Cybersecurity Resource Center, The State of K-12 Cybersecurity: 2019 Year in Review, in 2019, public K-12 education agencies experienced 348 cybersecurity incidents affecting student and educator data breaches. Over half of the incidents were due to the actions of teachers, staff, and administrators within a school community. With so many school districts turning to e-learning for long term solutions to the current pandemic, these numbers predictably will increase exponentially for 2020.

Self- Inflicted Wounds

Much like childproofing a house with outlet covers when a newborn comes into the family, educators have the best intentions about protecting their students. However, like that one electrical outlet that gets overlooked, teachers unintentionally share student information in an attempt to promote collaboration, innovation, and personalized learning. In this time of no other option except e-learning, educational institutions must inform and educate teachers and the entire school community about possible student data exposures. School districts are ultimately responsible for data breaches.

As Levin highlights, most causes of school districts’ targeted data breaches are oversharing of cloud documents, unauthorized release of student data, and loss of control of login credentials. While done without malicious intent, a click of a checkbox by students, teachers, and parents/guardians with Google or Microsoft login credentials can give third-party apps permissions that include the reading of emails and access to documents and personal information.

The move to online learning environments challenges edtech leaders to reiterate the use of district sanctioned software and apps, single sign-on options, and password protection guidelines with the school community. Before teachers, students, and parents/guardians follow the pied pipers of free educational software; compelling edtech leaders need to reinforce current student data privacy practices and make it a priority to establish or ramp up vetting procedures.

Call to Action

If edtech leaders are going to lead the charge to protect student and educators data, it will take a concerted effort that involves all stakeholders in the school community.

Sensitizing students, staff, and educators about student data privacy will result in increased awareness and more communication and collaboration with school and district administrators.

Keeping systems up to date with security patches and addressing the challenges of interoperability with multiple systems will offer fewer opportunities for data to be accessible outside of the school district network.

According to Charlie Sanders, Chairman, and CEO of Managed Methods, if districts don’t have data available to steal, then there is nothing for hackers to steal. So establishing data governance within the district will set up parameters around access to data from unauthorized parties.

If Not Now, Then When?

Student data privacy is not a problem to solve; it is a problem to manage, according to Levin and Sanders. Managing data in times of stress when quick educational technology decisions are made unilaterally by school leaders, teachers, and staff and parents/guardians is a tall order for edtech leaders.

Only by establishing a process for decision making that includes determining what data is shared, why the data is shared, and who owns the data can school districts feel a sense of security. Edtech leaders should strengthen their relationships with current vendors and communicate with the school community the elements necessary to provide students with safe, secure, and reliable access to their education. It is not a question of if school districts will have a data breach; it is a question of when.

Much like preparing for a hurricane, snowstorm, or school shooting, edtech leaders need to prepare for the pandemic-induced move from brick-and-mortar learning environments to one where e-learning and student data has the potential to create a disaster of its own.

Eileen Belastock is a Certified Education Technology Leader (CETL) and Director of Academic Technology at Mount Greylock Regional School District in Williamstown, Mass. Follow @EileenBelastock 


    Leave a Comment

    %d bloggers like this: