3 ways to keep student data privacy top-of-mind in ed tech procurement
This audio is automatically generated. Please let us know if you have any comments.
As more districts manage an increasing number of applications for educational technology applications and tools, there are more opportunities for student data privacy. at risk.
In Connecticut alone, the number of technology products used in schools has doubled since the pandemic began, said Doug Casey, executive director of the Connecticut Education Technology Commission.
“The middle school district is using hundreds of technology products,” Casey said. “The COVID process expanded dramatically.”
The Federal Trade Commission doubled in a May political statement announcing that it will review compliance by building technology providers with the Child Online Privacy Protection Act, or COPPA. Specifically, the commission plans to focus on banning the mandatory collection of student data, laws prohibiting the use of student data for commercial purposes such as marketing and advertising, the length of time they are retained. student data and ed tech responsibility to maintain reasonable security measures.
That FTC message was applauded in a statement by Sara Kloek, Senior Director of Educational Policy for the Software and Information Industry Association.
“The FTC’s policy statement is useful in reiterating what has long been demanded by COPPA, FERPA [the Family Educational Rights and Privacy Act], and many statewide student privacy laws: that educational technology providers should prioritize data minimization, security, and usage restrictions. These are key priorities for SIIA members, “said Kloek.
Less than a week after the FTC released its statement on the application of ED technology compliance with COPPA, a Human Rights Watch report found that 146 of the 164 ed technology products — or 89 percent — reviewed by the non-partisan international organization used data practices that could jeopardize or infringe on students’ privacy rights.
As the FTC increases its public focus on technology companies and more reports begin to reveal violations, data privacy and educational technology experts are weighing three ways in which districts can sign contracts. securely ensuring that they do not allow providers to violate the privacy of student data. .
1. Make an inventory of the building technology you use
As more districts sign contracts with more technology companies, Casey said it is useful for districts to make an inventory of all the technology applications and tools used, and then consider consolidating them.
“Distribute them, classify them, and ask yourself, “Why do we have five, 10, 12 products that do the same thing,” Casey said. “That’s part of what makes data management so much easier … The fewer trusted products you have, the better when it comes to protecting student data.”
He also said that while teachers may be excited to try new tools, these new technology programs may not be used often. Or maybe a company’s data privacy terms have been overlooked, Casey said.
2. Know your state and federal laws
It’s important to use language that requires compliance with state and federal laws in contracts with building technology vendors, said Janis Kestenbaum, a former senior legal adviser to the FTC.
Casey said as districts review contracts, it is helpful to have a checklist that complies with state and federal laws on the protection of children’s data privacy. If feasible, there should be a district leader who is well versed in state and federal laws, especially COPPA and FERPA, Casey said.
Some districts may also have access to data from the state Compensation Center of trusted technology providers to take advantage of them, he said.
3. Read the terms and conditions of a company
While the FCC statement reiterates that the responsibility for student privacy lies more with technology companies than with schools, Kestenbaum said schools should look closely at how the provider plans to use the data and student information.
But in many cases, schools are not equipped to read in depth the terms of service or privacy notices of a company, said Kestenbaum, who is now a partner in the law firm of Perkins Coie, where he advises clients on compliance with privacy, data security and the consumer. protection requirements.
Casey added that it is key for district leaders to ask questions and push back on building technology vendors when signing a contract. He said districts should be skeptical of companies willing to provide services to schools for free.
“Just because something is free doesn’t mean you don’t have to worry about data privacy,” Casey said. “In fact, if it’s free, your flag should go very high. Because if they don’t charge it, their business model is that they’re doing something with that data.”