Getting Proactive in the Quest to Protect Student Data
The emergence of Big Data in education has created a paradox for K–12 schools. On one side, a tantalizing analytical engine by which to gauge student and institutional progress. On the other, a potential security threat that needs to be handled with care.
As Chief Privacy Officer for the U.S. Department of Education Kathleen Styles is the federal government’s foremost authority on issues related to student data and privacy. A primary adviser to Secretary Arne Duncan, Styles heads up the department's Privacy Technical Assistance Center (PTAC), a repository of guidance and information designed to help educators navigate the opportunities, and the potential pitfalls, of student data use.
As schools look for opportunities to leverage data in the classroom, Styles talked with EdTech: Focus on K-12 about the responsible collection of sensitive information, the need for transparency, and why it’s important for every school system to establish guidelines for the responsible management, use and protection of valuable student data.
EDTECH: As the Department of Education’s first chief privacy officer, you’re on the front lines of the fight to keep student information safe. Assess the current online environment, especially as it relates to students and schools.
Styles: The mere operation of a school requires a lot of collection, use and protection of a significant amount of information about students. Some of that information is sensitive information and some of it is statutorily confidential. But we are also now in a world where data creates opportunities to improve education, both through personalized learning and by providing parents and policy makers more information about how children are doing in school — and more information about how we can improve our education programs. We try very hard to take into account the benefits the data can bring as well as the need to ensure privacy. It’s all about being proactive and trying to plan for the use of data, and part of that needs to be transparency.
EDTECH: Talk about the Privacy Technical Assistance Center. What services and resources does it offer to students and educators? And how is it positioned to contribute to the conversation about student data and privacy?
Styles: The Privacy Technical Assistance Center (PTAC) was setup shortly before I arrived at ED, in recognition of the fact that we need to do more to support schools and school districts. We have for many years run a compliance operation where we have received complaints and answered questions. Privacy is so important, we felt that we needed to get in on the front end before problems arise and give guidance to schools and school districts about how to do it right in the first place.
We have released guidance documents through PTAC — on everything from data security and how to de-identify data so you can publish it to how to engage safely with online educational resources. I receive email from school officials thanking us for providing these services for them. There are about 14,000 school districts in this country and the challenge is getting technical assistance down to the level where it can do the most good, which is at the school and district level.
EDTECH: Despite the obvious need for privacy and security, student information, when leveraged effectively, is a powerful tool for education reform. How can data be used to improve student performance? What’s the difference between collecting and storing data and using it effectively in the classroom?
Styles: Data is used so many ways in schools, and not just Big Data. Some of it is traditional data that just happens to now be in digital format rather than in its original analog or paper format. When you are talking about data that’s born digitally, data that’s born through using a computer or through some other device that’s connected to the Internet, some of the promise comes from the possibility for more personalized learning. It comes from the idea that we can allow students to move at their own pace and have the teacher provide direct support for individual students in the areas in which they are struggling. We have seen some fabulous results in this arena already. It’s not just educational technology that creates data in schools. In many cases, that data is there already, from bus routes to lunch lines to attendance to grades.
EDTECH: New innovations invariably create new concerns. The popularity of the cloud in K–12 education is no exception. Are concerns about storing sensitive student data in the cloud valid? Are there certain weaknesses or pitfalls that schools should be mindful of when considering a move to this technology?
Styles: I think the term “cloud” is really frequently misunderstood and engenders an emotional reaction rather than a reaction based on understanding. Cloud-based services equate to remote storage. In my mind, whether a given database or a set of records is more or less protected, whether that is stored remotely or not, is one of the least relevant considerations. Whether your school or district is sharing its data faithfully is determined by whether they have a thought-out plan in place to protect that data. Cloud storage is safe, so long as you have built in the safeguards to make it safe. We see complaints about paper records, too — almost every year we get a complaint that a school has thrown student records out in the dumpster. The point about protecting data is that you need to be intentional about protecting data. Where it’s stored is not the most relevant consideration.
EDTECH: As more students move online, data security will continue to be an issue for schools. What’s your idea of a safe, responsible online environment, and what steps must the nation’s K–12 schools take to keep important student information secure?
Styles: I would start with data governance at the district level — it's important to have a written data governance plan that recognizes the different sources of data that the school district has. I think districts should have policies about how the data can be used — how do teachers sign up for apps, how is information given to online vendors, what’s the process before signing contracts for data use? The second really important thing, again at the district level, is to actually know what data you have. This means creating an inventory of what you are collecting, and then to be transparent, to post that inventory on your website. Also include information about what data the school collects, how it is being protected and what it is used for. Once you build in the governance and the transparency around your data systems, the technical challenges are the easy part.
EDTECH: Technology changes — fast. What’s the online environment for student data look like five or 10 years from now?
Styles: The changes that I have been seeing, particularly in the last year, relate to a greater awareness among schools and school districts about security and privacy challenges and a recognition that we need to move to address them. I am going to be optimistic and assume that this increased awareness is going to result in a higher level of data governance and a higher level of protection for student data. Because the truth is, it’s got to be that way. It's just too important.