With the continuing concern of Covid-19, many school districts are planning to have all or mostly online classes this fall. Remote learning comes with a variety of challenges, and it means that schools are quickly increasing the digital learning tools available to students. Although the switch to online education is unfamiliar for many, schools have constantly been updating their technology and finding ways to integrate it into the classroom. Remote learning is not new, but a sudden expansion of this scale is unprecedented.
To make the transition as smooth as possible, school administrators must anticipate issues that can result from digitizing education. ‘Safety first’ should still be a guiding principle for schools, and it now applies even more to data protection and privacy. Especially with cyber attacks on the rise, it is vital for educators to know the laws regarding student data and to be proactive in protecting and managing school-owned devices.
Step 1: Know the laws.
Several laws are in place to protect students’ personally identifiable information (PII).
- The Family Educational Rights and Privacy Act (FERPA) gives parents and students 18 and older rights over the student’s education record and PII.
- The Protection of Pupil Rights Amendment (PPRA) addresses rights regarding surveys that ask students personal questions.
- The Children’s Internet Protection Act (CIPA) provides discounted E-rates to schools that meet certain internet safety policy requirements.
- The Children’s Online Privacy Protection Rule (“COPPA”) places requirements on websites and online services that are directed toward or collect information from children under 13 years of age.
This PDF from the USDE Privacy Technical Assistance Center (PTAC) provides more information about these laws in the context of online learning.
Step 2: Be vigilant.
Not all EdTech products and services prioritize privacy and data protection. Only use products from companies that have clearly outlined their data practices and privacy protections, and that are compliant with student privacy laws.
If your school does not already have a thorough vetting process for educational apps and software, now is the time to create one. With students and teachers doing their work online, using video conferencing technology, and using new apps, websites, and software to streamline the remote learning process, it is absolutely critical for schools to have safeguards and vetting procedures in place.
Schools should have their own process for evaluating EdTech product safety and compliance, but it can be helpful to start with resources and evaluations that have already been compiled.
Common Sense Education provides reviews and privacy ratings for EdTech products. The privacy ratings are separate from their learning ratings for products.
They explain their criteria and method for judging privacy policies.
Their 2019 State of EdTech Privacy Report is a comprehensive overview of how various privacy practices are worse, unclear, or better from 2018 to 2019. It contains valuable information for educators, parents, security experts, tech designers, and vendors, and anyone else interested in learning how well EdTech products align with student privacy laws and best practices.
The Student Privacy Pledge is a statement companies can sign to demonstrate their commitment to student privacy. Companies must clearly disclose their privacy practices in order to sign the pledge, and are asked to re-commit yearly to ensure any policy or procedure changes still comply. The Student Privacy Pledge is not a contract, but it is legally enforceable by the Federal Trade Commission.
PTAC provides a guide for judging EdTech products’ terms of service.
In general, transparency is the bare minimum for determining the safety of a product. Companies without accessible and understandable policies at best cannot be properly evaluated, and at worst cannot be held accountable for privacy breaches or malicious practices.
Step 3: Protect school devices.
Because students and teachers will not be using devices in the contained and supervised environment of the classroom or school library, administrators will need to take extra precautions to avoid loss, theft, misuse, and data compromise. Loss or theft of a school device is a privacy risk as well as a setback in a student’s education. In addition to antivirus software and a VPN, school devices should have measures in place to keep data secured in the event of loss or theft. Schools should be able to answer the following questions about their devices and policies:
- Are our device policies and remote learning practices in compliance with student privacy laws?
- What security and liability issues does our device insurance policy cover?
- Do we have a way to locate missing devices?
- Is the data on our devices encrypted?
- Can our devices be locked or wiped remotely?
- Do we have a way of managing devices from a central console?
Sign Up Now For a Free 30 Day Trial
The 2020-2021 school year is going to be a learning opportunity for everyone, but don’t wait for a data breach or privacy compliance issue to arise before taking action. Anticipate the risks associated with an increase in remote learning, and make sure your school’s students, teachers, and their devices, data, and privacy are protected.
DriveStrike offers enterprise-level device and data protection, including the ability to locate, lock, wipe, and reboot devices remotely. DriveStrike complements any MDM policy, and works seamlessly on all major platforms. See more information about DriveStrike for Education, and call us at 877-375-2468 to learn how DriveStrike can help your school. Sign up for a free trial to start protecting your school’s devices and data today!