How Technology in the Classroom Impacts Student Data Privacy March 4, 2020By Katie Onstad Partner Districts Technology in the Classroom Until a parent voiced a concern about one of the digital programs used in River Forest (IL) School District 90, teachers had been able to use any app they chose in their classrooms. However, a parent inquiry sent Kevin Martin, director of technology, on a quest that led to major changes in how the district investigates and vets applications and websites for use. River Forest is a 1:1 iPad district with two K-4 elementary schools and one middle school. In January 2016, district teachers were using approximately 700 apps in their classrooms. After the parent inquiry, the superintendent was concerned enough about how technology in the classroom impacts student privacy, that he asked Martin to investigate how the district might better manage and protect student data. Martin quickly determined that having lawyers review the privacy policies of 700 apps was impractical and expensive, and he did not have the time required to do it himself. Martin investigated the available options and found Education Framework. Co-founder Jim Onstad told Martin that Education Framework partners with districts and acts as a clearing house for educational online resources and applications by reviewing their privacy policies. River Forest began using EdPrivacy, the privacy management database by Education Framework, and almost immediately discarded around 300 apps because their privacy rating was so low. What this meant in practical terms was that Martin and his team had to meet with teachers to tell them they could no longer use these applications and that they needed to understand the importance of the individual privacy policies and how they protect the use of student data. "We had some difficult conversations with our teachers because some of the apps had been in use for multiple years,” said Martin. “But once we began educating our teachers on the importance of protecting personally identifiable information (PII), and then, with EdPrivacy, helped them find replacement apps that passed the privacy test, they really got on board. It was a great learning opportunity.” River Forest is now using approximately 400 apps in their district that have all been vetted for privacy. There is a defined process and workflow for teachers to send in a request for approval, and they have a way to submit vendor improvement requests when needed. When teachers find new apps at conferences, they now ask potential vendors about their privacy policies and explain their district is using EdPrivacy to approve applications for use. Most vendors now have an awareness that they need to improve their privacy scores as a result of recent developments in privacy law. Teachers occasionally push back, but most feel a high level of confidence in using the app in their classrooms, especially when it has been reviewed in the EdPrivacy database. Martin reports that he has to say “no” to teachers much less frequently as they now understand the importance of protecting student data privacy. The district has created a page that details the privacy and acceptable use policies for parents. The resource guide outlines how EdPrivacy uses a privacy quality scoring system based on 5 main components: Data privacy – what information is collected from students and what are the purposes for collecting that student data; Data deletion - the ability of parents/guardians to review and/or delete personal information collected from their children; Data security - whether data transferred over the Internet is encrypted and whether there are security policies and procedures that are reasonably designed to protect personal student information against risks, such as unauthorized access or unintended or inappropriate destruction, modification, or disclosure; Data integrity - whether student data is backed up on a regular schedule; and Data retention - whether there is a data retention policy stating that data will only be retained for as long as it serves an educational purpose. The District ultimately decides whether or not to use the particular website, software or app based on the privacy quality score provided by EdPrivacy and any other relevant information. Other relevant information may include consideration about the group of individuals who will be using the website, software or app, the manner in which the website, software or app will be deployed, and the intended reasons for use. During the student registration process, parents are asked to agree to let the district act as an agent for their student in this area. Martin said, “we look specifically for education apps that are not selling student data, and we explain that to parents in our policy.” "Now that teachers understand our privacy policies, having the assurance that EdPrivacy has rated them as good to use makes them feel more positive about using the programs in their classrooms,” said Martin. How EdPrivacy Can Help Your District EdPrivacy from Education Framework provides a K–12 privacy management solution that vets the security and safety of all online applications based on their compliance with FERPA, COPPA, and state privacy laws. EdPrivacy’s proprietary rating system provides student data privacy peace of mind as it allows users to see at a glance whether or not the apps they are using are in compliance with state and federal data privacy laws. EdPrivacy has a searchable database of more than 10,000 vetted online applications, and expertise districts can rely on when it comes to FERPA, COPPA, and state data privacy requirements. With EdPrivacy, districts can review a privacy scorecard for any vendor and quickly determine the safety of the application. Further they can understand whether or not the district can grant consent on behalf of the parents for each individual online resource. For a free trial or to learn more about EdPrivacy by Education Framework, visit here. Related Posts The California Consumer Privacy Act Bolstering Student Data Privacy Goes into Effect Beginning January 1, 2020, The California Consumer Privacy Act of 2018 (CCPA) is in effect. This comprehensive law protects the personal information of all California residents collected by any company doing business in the state of California. Edtech companies that collect PII from California students are bound by this new law. Read more about CCPA and learn how EdPrivacy helps school district leaders navigate the requirements of multiple laws and ensure student data is properly protected. Student Data Privacy Policy for Schools—How to Ensure Your Data Stays Private Keeping students’ PII can be complicated - learn how to create a student data protection policy for your school today. District Challenges in Executing a Student Data Privacy Policy Districts must develop a comprehensive K-12 student data privacy policy. Get our top 5 policy best practices today. EdPrivacy by Education Framework: Student Data Privacy Peace of Mind [Video] Protecting student privacy is a big challenge for U.S. school districts. Learn how EdPrivacy helps simplify and streamline the privacy management process, protecting student data and providing privacy peace of mind. Managing Student Data Privacy: How One District is Doing it Right Learn how a school district in Georgia is effectively supporting their student data privacy policy with EdPrivacy, a comprehensive privacy management tool that vets vendor privacy policies, monitors policies for changes, and protects sensitive student information. Optimize Student Data Protection with this EdPrivacy Checklist Take full advantage of the student data privacy and security benefits that EdPrivacy provides. Follow this simple checklist to enhance your data protection program and get the year off to a smart start.