Attai - Protecting student data privacy: classroom fundamentals

Privacy means different things to different people. As a result, its helpful to define our terms before we delve into the work.

For many parents, when they think about the privacy of student data, especially student data collected by technology providers, their concerns often veer into considerations for the security of their childs information. That is, assurance that bad actors will not hack into a data server and steal their childs information, or that their childs information wont be left exposed for others to see.

Much of that is actually consideration for data security, which is related to privacy but is a distinct discipline. Security practices focus on maintaining the confidentiality, integrity, and availability of the data. A variety of technological tools are available and necessary to help ensure the security of information, the servers on which it is stored, and the networks through which it flows. Firewalls, secure coding practices, multi-factor authentication, patching, and virus scanning are just some of the tools and tactics at our disposal that, when implemented properly, help protect the security of the data.

Security also encompasses physical protections, including locks on doors, and administrative tools, such as rules about password complexity and policies about who may access what data, that often are enforced with the help of technology.

For many parents, a lock on the door of dataliterally and figurativelywould be a comfort. If only it were that simple.

All of the technology in the world wont maintain the security of the data. Instead, our behavior is the ingredient that can make or break security. More than any technology, human error is often the culprit in compromising the security of the data. If the technology is not built properly, if we dont configure it properly, if we act in a way that compromises or negates the protections that technology provides, the information is put at risk.

What does it look like to have behavior compromise security? Downloading student data onto an unencrypted laptop, leaving a password next to the computer for convenience, using simple passwords, using the same password for all systems, using public Wi-Fi for work purposesthese are common examples of the human behaviors that have resulted in very challenging data security incidents in educational institutions. Acting in accordance with solid, fundamentally sound privacy principles can do much to help protect the security of the data.

However, its not just security that concerns parents. Parents often are concerned that, even though you may bring technology into your classroom to serve a specific educational purpose, the technology provider may use their childs data, especially personal information, for reasons unrelated to that educational purpose.

A common question is whether a technology provider is using student data to generate revenue. For example, is the technology provider selling the students personal information? Is the provider using the data to track students across unrelated sites and services on the internet for the purpose of serving them advertising?

As you may know, legal prohibitions on this type of behavior exist when the technology provider knowingly obtains access to the student data through your educational institution. However, the fear remains real. If youre not choosing technologies that are compliant with the lawsin some cases because the technology simply wasnt intended to be used with studentsthere is risk.

Yet another common concern for parents is if the data being collected today might adversely impact their childs future. Questions abound about whether it may become a true permanent record.

Unlike in the past, where any semblance of a permanent school record either has been destroyed or still sits in a dusty file cabinet in a school basement, long forgotten and deteriorating with time, todays school record is most commonly in cloud-based storage. Parents often fear that, as a result of that storage, the record will be attached to their child forever and, somehow, will be used against them. A low grade, a behavioral misstep, or any number of other troubles a child might get into when very young, no matter how small or insignificant, might come back to haunt them when they apply to college or enter the workforce.

No evidence may exist that this particular concern will come to fruition, but questions linger about how permanent the permanent record really is, how pervasive it is, and how it might be used.

Young people, on the other hand, are more likely to equate privacy with personal, and their level of interest and concern with their privacy may vary with the circumstances. For example, a young teen may connect with a parent on a social media platform and keep all of their activity on that site open to their parent. However, if the teen is engaged in a conversation on social media with friends, they may find it intrusive if the parent chimes in on the discussion. To young people, those discussions are meant to be private even though theyre happening in public.