Blog: Student Data Privacy Articles

Practical tips, best practices, and useful student data privacy resources.

read the privacy policy

What is App Vetting and Why is it Important?

Digital resources and tools add richness to classroom learning experiences. Many tools can even help create transforming learning experiences for students. However, just as school and district leaders need to evaluate and approve the content of these resources, they must also evaluate them for compliance with federal and state privacy laws that protect students’ personally identifiable information (PII). 

The process of app vetting begins with a thorough review of an application’s privacy policy and terms of services agreement. Evaluating the policies of an application, website, or digital resource enables districts to verify whether a vendor has taken the necessary steps to adequately protect sensitive student information. It is of critical importance that the app vetting is executed and compliance with state and federal student privacy laws is verified and done for every online resource in use in the district.  

The essential core of student data privacy is the completion of privacy policy vetting and the ongoing monitoring of any changes to vendors’ privacy policies over time. While calls for student privacy protection are mounting, the immensity of the task is overwhelming districts. It is a huge effort to evaluate compliance with existing privacy legislation for every single digital tool used in the district—often numbering in the thousands – and education leaders are seeking ways to improve their efforts and properly manage this process.

There are three ways that districts can get this job done: 

  1. Crowdsourced vetting—there are a number of consortia that “pool” their knowledge once one of the members has evaluated a contract. The focus of this approach is based on establishing model contracts. However, this type of vetting can be limited in scope.
  2. Solo vetting—the district itself does the work of evaluating all the privacy policies. As the use of digital apps and resources continues to grow, so does the time required to evaluate the privacy policies of each. Then once cleared for use, privacy policies must be monitored for changes over time to ensure continued compliance with all applicable laws. This type of vetting can be time and labor-intensive.
  3. Outsourced vetting—the district hires an outside party to vet online applications for privacy. EdPrivacy by Education Framework is the only edtech vendor that provides vetting for 100% of a district’s apps, applications, and websites with a searchable database and on-demand privacy vetting. EdPrivacy also monitors changes in privacy policies over time. Other outsourced vetting options include lawyers and Certified Information Privacy Professionals (CIPP) who can be hired to provide software vetting services to districts. 

Software privacy policies are written using legalistic language. They can sometimes be opaque and difficult to understand. But it is necessary to have someone evaluate them for your district, as it is the only way to determine the safety of the online applications you are using with your students.

Providing Districts Student Data Privacy Peace of Mind

EdPrivacy from Education Framework provides a K–12 privacy management solution that vets the security and safety of all online applications based on their compliance with FERPA, COPPA, and state privacy laws. EdPrivacy’s proprietary rating system provides student data privacy peace of mind as it allows users to see at a glance whether or not the apps they are using are in compliance with state and federal data privacy laws. 

Privacy Quality Scoring System

EdPrivacy includes a searchable database of 10,000+ apps, websites and online resources that have been thoroughly vetted for data privacy, safety and security. EdPrivacy generates a Privacy Quality Score (PSQ) for each online resource and enables district leaders to quickly and easily determine the safety and usability of an application.  

The easy-to-understand privacy ratings system is based on the following criteria:

  • The privacy policy is posted clearly on the vendor’s website.
  • The app is for school use only.
  • Parents can request the deletion of data.
  • Student data transfer is encrypted.
  • Data is retained for educational purposes only.
  • Student data is securely protected.

With EdPrivacy, districts can review a privacy scorecard for any vendor and quickly determine the safety of the application. Further they can understand whether or not the district can grant consent on behalf of the parents for each individual online resource.  

Outsourcing the vetting of all privacy policies to a data professional makes good sense for district IT teams who feel overwhelmed by the task of doing it themselves. EdPrivacy can help, enabling district leaders to streamline the privacy management process and quickly determine which online applications are safe for student use.

For a free trial, visit here