What is App Vetting and Why is it Important? October 11, 2019By Katie Onstad Privacy Management app vetting Digital resources and tools add richness to classroom learning experiences. Many tools can even help create transforming learning experiences for students. However, just as school and district leaders need to evaluate and approve the content of these resources, they must also evaluate them for compliance with federal and state privacy laws that protect students’ personally identifiable information (PII). The process of app vetting begins with a thorough review of an application’s privacy policy and terms of services agreement. Evaluating the policies of an application, website, or digital resource enables districts to verify whether a vendor has taken the necessary steps to adequately protect sensitive student information. It is of critical importance that the app vetting is executed and compliance with state and federal student privacy laws is verified and done for every online resource in use in the district. The essential core of student data privacy is the completion of privacy policy vetting and the ongoing monitoring of any changes to vendors’ privacy policies over time. While calls for student privacy protection are mounting, the immensity of the task is overwhelming districts. It is a huge effort to evaluate compliance with existing privacy legislation for every single digital tool used in the district—often numbering in the thousands – and education leaders are seeking ways to improve their efforts and properly manage this process. There are three ways that districts can get this job done: Crowdsourced vetting—there are a number of consortia that “pool” their knowledge once one of the members has evaluated a contract. The focus of this approach is based on establishing model contracts. However, this type of vetting can be limited in scope. Solo vetting—the district itself does the work of evaluating all the privacy policies. As the use of digital apps and resources continues to grow, so does the time required to evaluate the privacy policies of each. Then once cleared for use, privacy policies must be monitored for changes over time to ensure continued compliance with all applicable laws. This type of vetting can be time and labor-intensive. Outsourced vetting—the district hires an outside party to vet online applications for privacy. EdPrivacy by Education Framework is the only edtech vendor that provides vetting for 100% of a district’s apps, applications, and websites with a searchable database and on-demand privacy vetting. EdPrivacy also monitors changes in privacy policies over time. Other outsourced vetting options include lawyers and Certified Information Privacy Professionals (CIPP) who can be hired to provide software vetting services to districts. Software privacy policies are written using legalistic language. They can sometimes be opaque and difficult to understand. But it is necessary to have someone evaluate them for your district, as it is the only way to determine the safety of the online applications you are using with your students. Providing Districts Student Data Privacy Peace of Mind EdPrivacy from Education Framework provides a K–12 privacy management solution that vets the security and safety of all online applications based on their compliance with FERPA, COPPA, and state privacy laws. EdPrivacy’s proprietary rating system provides student data privacy peace of mind as it allows users to see at a glance whether or not the apps they are using are in compliance with state and federal data privacy laws. Privacy Quality Scoring System EdPrivacy includes a searchable database of 10,000+ apps, websites and online resources that have been thoroughly vetted for data privacy, safety and security. EdPrivacy generates a Privacy Quality Score (PSQ) for each online resource and enables district leaders to quickly and easily determine the safety and usability of an application. The easy-to-understand privacy ratings system is based on the following criteria: The privacy policy is posted clearly on the vendor’s website. The app is for school use only. Parents can request the deletion of data. Student data transfer is encrypted. Data is retained for educational purposes only. Student data is securely protected. With EdPrivacy, districts can review a privacy scorecard for any vendor and quickly determine the safety of the application. Further they can understand whether or not the district can grant consent on behalf of the parents for each individual online resource. Outsourcing the vetting of all privacy policies to a data professional makes good sense for district IT teams who feel overwhelmed by the task of doing it themselves. EdPrivacy can help, enabling district leaders to streamline the privacy management process and quickly determine which online applications are safe for student use. For a free trial, visit here. Related Posts What is PII? What Districts and Families Need to Know Personally identifiable information, or PII, is any data point that can be used to identify a specific individual. Understanding how to protect student PII begins with knowing what data is being collected. Learn more about the federal and state data privacy laws that govern the protection of student information, and how EdPrivacy helps districts proactively protect PII. District Challenges in Executing a Student Data Privacy Policy Districts must develop a comprehensive K-12 student data privacy policy. Get our top 5 policy best practices today. Helping School Districts Address FERPA Compliance Meeting FERPA regulations and ensuring FERPA compliance is no easy task. Learn the solutions that schools use to manage student privacy. NY State Educators Approach July 1st Deadline to Demonstrate Compliance with Ed Law 2-d Part 121 Public school districts in New York state have until July 1, 2020 to complete the requirements of Education Law 2-d Part 121. The law protects student data privacy and security by limiting access to students’ personally identifiable information (PII) in all public schools and education agencies throughout the state. Learn how EdPrivacy helps district leaders quickly and easily identify safe technologies for the classroom and meet their obligations under the law. The California Consumer Privacy Act Bolstering Student Data Privacy Goes into Effect Beginning January 1, 2020, The California Consumer Privacy Act of 2018 (CCPA) is in effect. This comprehensive law protects the personal information of all California residents collected by any company doing business in the state of California. Edtech companies that collect PII from California students are bound by this new law. Read more about CCPA and learn how EdPrivacy helps school district leaders navigate the requirements of multiple laws and ensure student data is properly protected. Student Data Privacy Policy for Schools—How to Ensure Your Data Stays Private Keeping students’ PII can be complicated - learn how to create a student data protection policy for your school today.