District Challenges in Executing a Student Data Privacy Policy August 2, 2019By Katie Onstad Compliance Best Practices edprivacy, policies In a recent Forbes article about how edtech is finally reaching its potential, expert Nish Acharya reported on the annual June ISTE conference. The association reported attendance of approximately 20,000 educators and vendors who were drawn to ISTE by their interest in edtech’s AI-driven learning programs, analytics of student performance, and enterprise software solutions for classrooms and administration. Despite shared enthusiasm about learning technology, many edtech companies have struggled to scale their solutions, and districts have learned to be cautious about bringing new technology into their districts. Acharya notes that ISTE sees itself playing a role to help bridge the gap between school districts and edtech companies. One of the most serious edtech challenges faced by both districts and edtech vendors centers on the protection of student data, and ISTE has launched an initiative to help implement best practices around data management in districts. Given the challenge that districts face in executing a uniform student data privacy policy, it is useful to understand that protecting student data privacy is a challenge for both edtech vendors and districts. There is no doubt that there has been vendor misuse of student data – more unintentionally than intentionally. However, Achara writes: “The lack of training that school districts have in data management is as big a problem, if not bigger, than the misuse of student data by private companies. Most districts don’t have the resources or training to protect, manage or analyze large data sets effectively.” The Overall Challenge In Maintaining a Student Privacy Policy From the district’s perspective, the key to protecting student data is understanding how third party online resource providers are utilizing the data they have access to and having the ability to communicate this information in a clear and concise manner to parents, teachers, administrators, board members, and policy makers. Districts must develop a comprehensive K-12 student information system data security policy which first involves: knowing what the vendor does with the data they collect understanding how they store it whether or not they share it how they plan to dispose of it This type of review needs to happen for each and every online technology (app, website, learning program) suggested for use in the classroom before it is approved for use by students. And once it has been determined that it is safe for use in the classroom, continual monitoring is necessary so you know if and when privacy policies change, which they can, and often do. Yet despite this being the cornerstone to protecting student data privacy, it’s often viewed as a burdensome task that nobody wants to do. 5 Student Data Privacy Policy Best Practices Understanding the safety and privacy of online technologies is often a full-time job. It’s important to remember that protecting student data is an ongoing effort that requires regular checks and balances. Because edtech vendors often alter their contracts after the fact— leaving student data exposed for misuse or abuse— remembering to regularly monitor policies for changes is an important part of properly protecting student data privacy. Here are 5 best practices to ensure your district has a strong student data privacy policy in place: You have a clearly defined, year-round strategy. How regularly do you review vendor privacy policies to ensure they haven’t changed? Is it something you address every so often, once or twice a year, or possibly not at all? Or do you have a system in place that monitors vendor policies for changes on a regular on-going basis, enabling you to know immediately if and when a change occurs? You engage parents in the privacy conversation. Providing a method to engage parents in the privacy conversation helps keep them current with what is happening in the classroom and informed about their child’s technology usage while at school. You have formal structures in place to check for privacy. Knowing the privacy of online learning technologies used by students in schools offers an added level of safety and security, and provides an extraordinary level of insight into the effectiveness of your technology initiatives. You have a formal method to obtain parental consent. While utilizing paper forms is an acceptable method, online, paperless options are far less wasteful and easier to keep track of. You know why student privacy matters. Having a clear sense of goals and expectations is critical to achieving successful privacy outcomes. Understanding what you want to do, how you plan to do it, and who is going to help you along the way are all hallmarks of a solid student privacy plan. Use these best practices to create a roadmap for your district on developing student privacy policies. Protecting student privacy is no one’s job, it’s everyone’s job. Education Framework provides student data privacy peace of mind for district administrators, teachers, and parents through EdPrivacy, its expert K-12 data privacy management solution. EdPrivacy offers an intuitive platform that consistently vets the safety and security of online applications based on compliance with FERPA, COPPA, and state privacy requirements. Sign up for a free trial Related Posts Student Data Privacy Policy for Schools—How to Ensure Your Data Stays Private Keeping students’ PII can be complicated - learn how to create a student data protection policy for your school today. Managing Student Data Privacy: How One District is Doing it Right Learn how a school district in Georgia is effectively supporting their student data privacy policy with EdPrivacy, a comprehensive privacy management tool that vets vendor privacy policies, monitors policies for changes, and protects sensitive student information. How Technology in the Classroom Impacts Student Data Privacy Until a parent voiced a concern, teachers in an Illinois school district had been able to use any application or online resource they chose in their classrooms. That parent inquiry sent the superintendent and director of technology on a quest that led to major changes in how the district investigates and vets applications and websites for use. Learn how River Forest School District 90 stepped up their privacy game with help from EdPrivacy by Education Framework. The California Consumer Privacy Act Bolstering Student Data Privacy Goes into Effect Beginning January 1, 2020, The California Consumer Privacy Act of 2018 (CCPA) is in effect. This comprehensive law protects the personal information of all California residents collected by any company doing business in the state of California. Edtech companies that collect PII from California students are bound by this new law. Read more about CCPA and learn how EdPrivacy helps school district leaders navigate the requirements of multiple laws and ensure student data is properly protected. EdPrivacy by Education Framework: Student Data Privacy Peace of Mind [Video] Protecting student privacy is a big challenge for U.S. school districts. Learn how EdPrivacy helps simplify and streamline the privacy management process, protecting student data and providing privacy peace of mind. What is PII? What Districts and Families Need to Know Personally identifiable information, or PII, is any data point that can be used to identify a specific individual. Understanding how to protect student PII begins with knowing what data is being collected. Learn more about the federal and state data privacy laws that govern the protection of student information, and how EdPrivacy helps districts proactively protect PII.