Dec 14 2023

How to Vet Schools' Apps for Student Data Privacy

No program that vets ed tech for student privacy would be complete without considering federal laws, training, monitoring and more.

While many educational software providers offer students helpful and engaging content, some can end up exposing student data. A December 2022 report from Internet Safety Labs confirmed that 96 percent of school apps shared student data with third parties, and 28 percent exposed kids to advertising. These findings highlight the need for K–12 schools to improve their data privacy and security practices governing educational technology use.

Here are some recommendations to support your school’s commitment to student safety and privacy while ensuring students have access to technology that supports their learning.

1. Technology Leaders Should Spearhead Data Privacy Education

Data privacy and security are shared responsibilities within the school community, which means administrators, staff and classroom teachers all play a role. District IT professionals and security officers should lead multifaceted educational efforts that include the entire school community and emphasize the significance of student data privacy. They can do this by offering clear data privacy and security policies and regular data privacy training.

Click the banner to learn how to optimize your connection to the hybrid cloud.

They should also:

DIG DEEPER: Forthcoming legislation governing online safety for minors may impact schools.

2. Implement a Comprehensive Strategy to Regulate Forbidden Apps

Educational institutions can use various methods to effectively screen and regulate software applications. Implementing a comprehensive app management strategy helps schools monitor the ones used on student devices and ensures compliance with data privacy and security policies.

This might involve investing in a mobile device management system, creating lists of approved and prohibited apps, writing clear policies on downloads to school devices, conducting routine audits of school devices and sharing app guidelines with parents.

Schools will find that investing in a mobile device management system is essential for tracking app installations, managing apps remotely and enforcing app usage policies.

It’s also important for schools to establish and communicate clear policies regarding app downloads and installations on school devices. They can then create a list of approved and prohibited apps and share that information with parents, who can guide app usage at home. IT staff should also back up these policies with routine audits of school devices to identify unauthorized apps.

EXPLORE: How to communicate student data privacy protections to families.

3. Here’s How to Vet Apps to Better Protect Student Data Privacy

School vetting policies should prioritize apps that collect and store only the minimum amount of data necessary. Choose apps with easily understandable consent mechanisms for all users.

Verify that the software provider maintains comprehensive records of data processing activities, data privacy impact assessments and consent forms. Ensure the software provider commits to regular updates that address security vulnerabilities and privacy concerns. Schools should also consider apps with continuous monitoring tools to detect and respond to data privacy breaches in real time.

Source: LearnPlatform, “EdTech Top 40: Fall 2022 Report,” September 2022

4. Schools Need Technical Directives in the App Approval Process

Numerous technical directives can simplify the assessment and integration of new educational apps. When incorporated into the app evaluation and adoption process, technical directives can streamline application selection to ensure they meet technical and educational requirements while minimizing potential challenges.

Directives can also verify that apps are compatible with the school’s devices, software and operating systems while complying with federal data privacy regulations like FERPA and COPPA.

Schools should also select apps with intuitive interfaces to reduce the learning curve for teachers and students. Consider apps that offer a feedback mechanism for users to report issues and request assistance.

RELATED: Learn about the widely used data privacy agreement that got its start in Massachusetts.

5. Get Additional Student Data Privacy Guidance

While it may seem as if they work in isolation, ed tech leaders do not have to go it alone. The following resources can go a long way in supporting student data privacy initiatives:

The Consortium for School Networking’s Student Data Privacy Toolkit provides guidelines on how to create and improve student data privacy programs.

The U.S. Department of Education’s  Privacy Technical Assistance Center provides guidance on student data privacy laws and best practices.  

Common Sense Media offers privacy reviews that help districts and schools make informed decisions about the safety and privacy of digital tools for students.

The Student Data Privacy Consortium is a repository of student data privacy resources and offers a National Research Data Privacy Agreement to streamline vendor contracts and address common concerns.

The Student Privacy Pledge is a joint effort of Common Sense Media and the Future of Privacy Forum to encourage ed tech companies to protect student data. Those who sign the pledge promise not to sell student data, maintain transparency and ensure robust data security.

Getty Images: Isovector, Anna Pylypets, Tanya St

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT