TCEA 2019: As Ed Tech Expands, So Do Privacy Concerns

Louisiana CTO argues that districts need to change the conversation around privacy and take proactive steps to keep students’ data safe.

Educators and IT leaders gathered on Wednesday to talk about privacy in education — or, as Sheryl Abshire put it, “the things that keep you up at night.” Abshire, CTO of Calcasieu Parish Public Schools, presented “From Privacy to Trust: Strengthening Your District” at the Texas Computer Education Association Convention & Exposition in San Antonio.

“What’s the state of privacy in education today? Scary,” Abshire said. “So how do we change this conversation in our school districts?”

Privacy concerns are increasing among parents and lawmakers, Abshire said. Parents want more regulation of how districts handle children’s sensitive information, and states are responding with new laws. 

Public data breaches, such as the massive compromises at Equifax, Target and other companies, have increased awareness, Abshire said. But the other major change is the increased reliance on technology — a far cry from the days when all administrators had to worry about was whether they’d locked the filing cabinet where students’ paper records were kept.

“I’m going to suggest to you that everything is different, because education is changing,” said Abshire. “Technology has shifted and changed and redirected the way we use data. We’re moving things to the cloud like crazy, because it’s easier and it’s cheaper.” 

JOIN THE CONVERSATION: Follow @EdTech_K12 on Twitter for continued TCEA 2019 coverage.

K–12 Data Privacy Policies Must Catch Up to Technology Use

The problem, Abshire said, is that data applications are evolving faster than policy. 

Together, these circumstances have created the potential for a lack of trust in districts’ ability to keep children’s data safe, and that’s a problem, Abshire said. 

“For us as leaders … people have to trust us with what we’re doing,” she said.

The other risk is that if parents lack confidence in districts’ ability to protect students’ information, they may call for restrictions on educational technology, a trend that Abshire said is already taking place. 

“These concerns over privacy are chilling the use of technology in some places,” she said. 

That means district leaders must learn to manage both educational technology and data privacy, and therein lies the challenge, said Abshire: “The more we rely on technology, the more our privacy is threatened.” 

K–12 districts are a particularly attractive target because they contain both the financial information of employees, collected for direct paycheck deposits and other functions, and the spotless credit records of young people. The latter are valuable, Abshire said, because the majority of parents don’t keep a close eye on their children’s credit reports for suspicious activity.

“By the time it’s discovered, it will have been used up,” she said. 

Cybersecurity_IR_howstrong_700x220.jpg

5 Threats to Keep on the Data Protection Radar

To guide them in developing data protection programs, K–12 leaders should have five types of threat on their radar, said Abshire.

Security breaches are situations in which someone gains intentional, unauthorized access to district data. These can result from malware that introduces a backdoor network vulnerability, a hack into a system or a lost device with an unencrypted hard drive.

“If you get breached, you must have procedures and policies in place to guide you,” Abshire said.

The next area of concern is the “need to know.” Leaders should establish a structured, role-based system for data access and ensure that it reflects job changes and other issues. Too often, Abshire said, “data is too accessible by too many people.”

The potential for the commercial use of data is a red flag for parents and privacy advocates, who are concerned that children could be targeted for marketing and other noneducational purposes.

What Abshire called “self-inflicted, unintended consequences” — accidental compromises that occur, often because an employee falls victim to a phishing attempt and clicks on a dangerous link — present another major risk. 

Finally, leaders must be mindful of students’ digital footprint, helping them to set the right privacy settings on social media and avoid oversharing. 

Even as more states introduce data privacy laws designed to protect students’ information, Abshire said she believes “laws are not enough.”

“We’ve got to be leaders in that area,” she said.

Keep this page bookmarked for articles from the event. Follow us on Twitter at @EdTech_K12 or the official conference Twitter account, @TCEA, and join the conversation using the hashtag #TCEA.

skynesher/Getty Images

Sponsors