Much of the information available about data privacy in education is written to target parents or district/school administrators. While it is essential for these stakeholders to understand the policies and practices that will keep children safe, the people who are using technology and data every day with students are classroom teachers. Education technology administrators tend to have a good grasp on data privacy regulations and are able to set up necessary vetting processes. However, the reasons behind those processes and the implications of data privacy are not effectively communicated with the students and classroom teachers affected.
This lack of communication can lead to frustration. Teachers don’t understand the vetting process and see as another obstacle in their way when they want try new strategies and tools. Students don’t understand why they are unable to access certain platforms while at school. Administrators are just trying to protect everyone involved while respecting teachers’ precious time.
Teachers and students should understand their role without feeling overwhelmed or intimidated by legal and technical jargon.
The Educator’s Guide to Student Data Privacy, a joint effort between ConnectSafely and Future of Privacy Forum, is an answer to this dilemma. As one of the co-authors I can confirm that we worked hard to focus on the essentials and provide applicable strategies. Teachers and students should understand their role without feeling overwhelmed or intimidated by legal and technical jargon. Now that the guide has been available for nearly a year, I have had the opportunity to speak at a few conferences and schools to help with implementation. Here are my recommendations based on those experiences:
Define the Basics
Classroom teachers are accustomed to what they call the “alphabet soup” of education terminology, so they won’t be unnerved by the data privacy acronyms. There are many, but I’ve narrowed it to 3 necessary starters.
- Personally Identifiable Information (PII) – Student personal information includes any information about a student’s identity, academics, medical conditions, or anything else that is collected, stored, and communicated by schools or technology vendors on behalf of schools that is particular to that individual student.
- Family Education Rights and Privacy Act (FERPA) – A federal law enacted in 1974 that guarantees that parents have access to their child’s education record and restricts who can access and use student information.
- Children’s Online Privacy Protection Act (COPPA) – Controls what information is collected from young children by companies operating websites, games, and mobile applications directed toward children under 13.
Reassure teachers that many of the workflow tools they use every day – their LMS, digital gradebook, and email system – have likely already been vetted before they were adopted institution-wide. In my experience, it is comforting for teachers just learning about data privacy to find out that the tools they depend on the most are okay.
“What if I find a new tool? Can I use it?”
To help classroom teachers better understand the vetting process, the guide outlines 10 questions. When I run workshops and trainings I tend to distill them down to 4. This list is not meant to charge teachers with doing their own vetting, but it can help them determine whether it is worthwhile to ask for an app to be vetted and to better understand the vetting process. Here are the top 4 questions:
- Does the product collect PII? Hint: It isn’t categorically bad if it does, but it is an important element of the vetting process.
- Does the vendor scrub PII from deleted accounts? The answer should be yes.
- Does the product display targeted ads? The answer should be no.
- Does the service share information? This is more complicated and there are follow up questions, but this question can help teachers understand what to look for when reading privacy policies.
“What if a student introduces me to a new tool? Can I let her/him use it?”
The first reaction should be to express interest and ask about the tool. Anytime a student is bringing his/her original idea to their learning they should be encouraged. In order to help them learn to evaluate tools for privacy practices themselves, here are a series of questions to ask:
- Do you have to create an account? If yes, that means they are sharing PII with that company.
- Does the tools ask for your birthday or age? If yes, then you should be honest. It might ask for parent permission in order to comply with laws created to protect you.
- As you use the app, does it collect information about your location, contacts, or usernames for social media? This could mean that you are not just sharing your own information, but your friends’ and family members’ information without their consent.
- Does the company share the information they collect about you? Don’t underestimate the ability of children to understand privacy policies. If taught to look for a few keywords, they can understand more than you think!
Student data privacy has been a topic reserved for involved parents and education technology administrators. It is time to start talking about boots-to-the-ground strategies for bringing classroom teachers and students into the conversation. Check out The Educator’s Guide to Student Data Privacy for more strategies and ideas to bring to your school.
Kerry Gallagher is a passionate award-winning educator. Trained as both a teacher and attorney, she understands that a combination of effective pedagogy, policy, school culture, and global connections are necessary to make meaningful progress that puts learners first. Kerry has experience as a classroom teacher, education trainer, writer, TEDx and keynote speaker, and policy advocate.
Image: “Teacher Helping Students Working At Computers In Classroom” by City of Seattle Community Tech is licensed under CC BY-NC 2.0.