As a teacher, why should you learn about student data privacy? Given everything else on your plate, why should this topic be part of your education and professional development? These are fair questions, especially considering that you already spend a good deal of time juggling the professional development requirements of your state and your educational institution to maintain your accreditation and improve your practices.
Its not uncommon for educators to spend at least 1520 hours each year, and in some states quite a bit more, in mandatory training covering everything from child maltreatment, active-shooter drills, handling blood-borne pathogens, and, yes, classroom management and subject matter training. That, of course, is in addition to the professional development you undertake on your own to improve your techniques and open your eyes to new approaches to the work. Why yet another topic to unpack and understand?
As a teacher, you make decisions about your students data privacy every day. Whether deliberately or not, almost everything you do with and for your students involves a decision that may impact their privacy. Some examples include:
Yet, with all of these decisions being made all of the time, many of you are not receiving the education you need to ensure that you construct your decisions in a way that appropriately protects your students.
As a dedicated educator, you take on the enormous responsibility of providing a high standard of care for your students. You go far beyond ensuring that they are educated, and look out for their well-being, often encompassing on some level their mental, social, and emotional care. With all of the hours you spend with your students, you see their triumphs, their struggles, and everything in between. However, more often than not you are left without real guidance on how to care for their personal information, which is simply an extension of their being.
To change that and to empower you with the information you need to properly manage your students privacy, it is critically important that you learn how to protect their data while still being able to effectively leverage the information you need to support and guide them on their pathways to success.
WHAT DO WE MEAN BY DATA PRIVACY?
Privacy means different things to different people. As a result, its helpful to define our terms before we delve into the work.
For many parents, when they think about the privacy of student data, especially student data collected by technology providers, their concerns often veer into considerations for the security of their childs information. That is, assurance that bad actors will not hack into a data server and steal their childs information, or that their childs information wont be left exposed for others to see.
Much of that is actually consideration for data security, which is related to privacy but is a distinct discipline. Security practices focus on maintaining the confidentiality, integrity, and availability of the data. A variety of technological tools are available and necessary to help ensure the security of information, the servers on which it is stored, and the networks through which it flows. Firewalls, secure coding practices, multi-factor authentication, patching, and virus scanning are just some of the tools and tactics at our disposal that, when implemented properly, help protect the security of the data.
Security also encompasses physical protections, including locks on doors, and administrative tools, such as rules about password complexity and policies about who may access what data, that often are enforced with the help of technology.
For many parents, a lock on the door of dataliterally and figurativelywould be a comfort. If only it were that simple.
All of the technology in the world wont maintain the security of the data. Instead, our behavior is the ingredient that can make or break security. More than any technology, human error is often the culprit in compromising the security of the data. If the technology is not built properly, if we dont configure it properly, if we act in a way that compromises or negates the protections that technology provides, the information is put at risk.
What does it look like to have behavior compromise security? Downloading student data onto an unencrypted laptop, leaving a password next to the computer for convenience, using simple passwords, using the same password for all systems, using public Wi-Fi for work purposesthese are common examples of the human behaviors that have resulted in very challenging data security incidents in educational institutions. Acting in accordance with solid, fundamentally sound privacy principles can do much to help protect the security of the data.
However, its not just security that concerns parents. Parents often are concerned that, even though you may bring technology into your classroom to serve a specific educational purpose, the technology provider may use their childs data, especially personal information, for reasons unrelated to that educational purpose.
A common question is whether a technology provider is using student data to generate revenue. For example, is the technology provider selling the students personal information? Is the provider using the data to track students across unrelated sites and services on the internet for the purpose of serving them advertising?
As you may know, legal prohibitions on this type of behavior exist when the technology provider knowingly obtains access to the student data through your educational institution. However, the fear remains real. If youre not choosing technologies that are compliant with the lawsin some cases because the technology simply wasnt intended to be used with studentsthere is risk.
Yet another common concern for parents is if the data being collected today might adversely impact their childs future. Questions abound about whether it may become a true permanent record.
Unlike in the past, where any semblance of a permanent school record either has been destroyed or still sits in a dusty file cabinet in a school basement, long forgotten and deteriorating with time, todays school record is most commonly in cloud-based storage. Parents often fear that, as a result of that storage, the record will be attached to their child forever and, somehow, will be used against them. A low grade, a behavioral misstep, or any number of other troubles a child might get into when very young, no matter how small or insignificant, might come back to haunt them when they apply to college or enter the workforce.
No evidence may exist that this particular concern will come to fruition, but questions linger about how permanent the permanent record really is, how pervasive it is, and how it might be used.
Young people, on the other hand, are more likely to equate privacy with personal, and their level of interest and concern with their privacy may vary with the circumstances. For example, a young teen may connect with a parent on a social media platform and keep all of their activity on that site open to their parent. However, if the teen is engaged in a conversation on social media with friends, they may find it intrusive if the parent chimes in on the discussion. To young people, those discussions are meant to be private even though theyre happening in public.