Mar 26 2020

CoSN2020: Experts Warn Districts to Prioritize Privacy, Security with E-Learning

CTOs should take the reins of e-learning by vetting tools to protect sensitive information.

As schools across the nation shift to online learning amid the coronavirus pandemic, some educators are trying out new mobile apps, free trials of software, and other tools that promise to enhance or at least support their efforts.

To that end, experts offer some advice: Be cautious. As they work to move instruction online, administrators and other educators should not deprioritize privacy.

“You obviously have all of the privacy concerns that carry over from the use of ed tech generally,” says Amelia Vance, director of education privacy for the Future of Privacy Forum. “Is this company using data in an inappropriate way? Is this a privacy-protected product? Does the school have a data governance policy? When is information going to be deleted? Who has access to that information? Do people just have what information they need to do their job and no more? Because every additional person who has access to information can increase the risk that that information is shared and inappropriately or breached.”

The current surge in online learning will likely contribute to dramatic growth in uncontrolled, unregulated use of technology by educators in K–12 schools and higher education, Vance says. Educators typically turn to those options when there is not a centralized alternative available from their school, she says.

But there’s a fundamental difference between an educational technology product and a general consumer product.

“The more that people can stick with ed tech products, definitely the safer they are and the better off their students will be,” Vance says.

Educators should not only choose products that were developed for education but also products that are vetted and tailored for educational uses, such as G Suite for Education and Microsoft Office 365 Education.

For example, schools or districts may have contracts with vendors for videoconferencing software that complies with federal and state privacy laws. That’s great, Vance says. But it’s a problem when educators adopt platforms on their own that are not compliant by default with student privacy laws.

Even more issues arise if educators require students to sign up for Facebook Live or other social media platforms, Vance says. “All the information on those platforms does get tracked, it does get shared, and, in some cases, it does get sold.”

MORE FROM EDTECH: Read Amelia Vance’s insights into what K–12 school officials should know about data privacy.

Vetting Is Key to Protecting Data in the Classroom and Online

Federal laws and regulations limit what information can be collected from children and shared. The Family Educational Rights and Privacy Act, commonly known as FERPA, creates protections for student educational records. The Children’s Internet Protection Act, a Federal Communications Commission regulation, ties E-rate discounts for internet access to monitoring security and safety. And the guidelines of the Children’s Online Privacy Protection Rule set restrictions on collecting personal information online from children younger than 13.

One way to ensure data privacy is to use single sign-on options, such as Clever or ClassLink, so the school or district controls the data, says Eileen Belastock, director of academic technology at Mount Greylock Regional School District in Massachusetts.

“We need to make sure that what we’re sharing with these vendors is what we want to share,” Belastock says.

For example, when teachers asked about starting a book club through Google Hangout sfor students younger than 13, Belastock had questions. Where will the videos be stored? Would the participants use the platform within the district’s system?

“We need to make sure that any type of virtual interaction that our students are having with teachers is completely secure,” she says.

Watch Eileen Belastock, director of academic technology at Mount Greylock Regional School District in Massachusetts, discuss ensuring data privacy in a remote learning environment.

Learning management systems such as Canvas or Schoology are also safe places for those interactions to occur, but administrators should ask the standard privacy questions.

“I’ve always said that free is never free,” Belastock says.

When tech directors assess product offerings for e-learning, they should use the same guidelines they would for the regular classroom. If a district does not have a vetting process, a CTO or IT staff leader should be figuring that out now, Belastock says. “Strong data privacy policies within a district are going to stand strong when it comes to online learning.”

Those privacy concerns don’t end with educators. It’s also important to help parents understand data privacy and that some companies are collecting sensitive information such as email addresses, locations and grades.

“Don’t make quick decisions on anything — and I think that’s the biggest part that teachers and building principals are struggling with,” Belastock says.

CTOs need to be at the forefront of e-learning, and administrators need to trust their expertise, she says. “We just need for school districts to realize we need time, we need resources, and we need collaboration.”

Web Editor Micah Castelo contributed to this report.

In light of CoSN2020 hosting their virtual conference in May, we’re doing special coverage on remote learning. Keep this page bookmarked for our ongoing coverage. Follow us on Twitter @EdTech_K12 and join the conversation using #CoSN2020.

Chainarong Prasertthai/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.