Why Tech Companies Need to Better Protect Student Data
A wide array of education technology startups are marketing their digital learning tools to teachers, who are increasingly willing to experiment with adaptive learning products that analyze students’ online activities to personalize their lessons. Writing for The New York Times, Natasha Singer reports that school district technology directors, who are responsible for safeguarding student data, are scrambling to keep track of which companies are collecting their students’ data and how they are using it.
The market for educational software designed for pre-kindergarten through twelfth grade students reached nearly $8.4 billion, up from $7.5 billion in 2010. Yet each of the 14,000 school districts in the United States is confronting issues of privacy and student data security alone. A teacher can sign up for any app or service, without the knowledge or approval of anyone else at the school district.
Some school districts have already experienced data breaches with software that they purchased from vendors, where, in a few cases, student records have been publicly leaked online. Many legal experts posit that companies’ policy of signing up teachers directly, instead of going through the school district, skirts federal privacy laws.
What protections for student privacy are in place?
A federal law called the Family Educational Rights and Privacy Act requires that school districts maintain the confidentiality of student records and retain control of those records even if some school functions are outsourced to vendors. Another federal law, the Children’s Online Privacy Protection Act, enables schools to allow online providers to collect certain personal details from children, but the Federal Trade Commission has recommended that schools do not delegate that responsibility to individual teachers.
The Department of Education recently issued best practice recommendations for school administrators evaluating educational services, and the Consortium for School Networking, an association for district technology professionals, offers a tool kit with data security questions (PDF) that schools should ask service providers. Most recently, a coalition of educational groups published a set of security principles for the use of student data.
All of these are meant to safeguard against security issues like data breaches, identity theft, and student profiling. But unfortunately, student data has fallen prey to all of these thanks to companies who are often more focused on gaining market share than taking steps to truly handle data securely and ethically. Some sites are unencrypted, store passwords in plain text, and in other ways offer inadequate protection against hackers who could potentially seek to gain access to student data.Why Tech Companies Need to Better Protect Student Data:
