Blog

Schools aren’t doing enough to keep student data private

  |   Advocacy

Originally published in the Baltimore Business Journal

Today, most of us assume – or should assume – that every click we make with our mouse or tap we make on our screen is recorded, analyzed undergoes data profiling and used to market, sell and promote goods and services back to us.

As technology entrepreneurs have a way of saying, “if you’re not paying for a product, you are the product.”

Most of us engaged in this type of consumer relationship are consenting adults. And there are suites of tools for parents to control how and when their children use the Internet, apps and software in the home. Some expect that sites like TokenEx will be used across the board by companies and organizations to ensure this security is in place.

One place, however, where parents have not been able to secure a say in their children’s online privacy is in the classroom.

In too many states, cities and school districts around the country, it’s perfectly legal for education software providers to collect data on the students who, without parental input or a way to opt out, are required by districts to use these products. The resulting abuse of data privacy has been astonishing.

Last year, education technology nonprofit inBloom closed its doors after personal details – including Social Security numbers and whether a student had been a victim of a violent incident – were being uploaded by teachers and school administrators into its cloud-based data storage system. Of course, so many schools and businesses make use of the Cloud as it’s so much easier for them. However, there are sometimes security concerns, especially when people use the public cloud. Perhaps schools should instead consider using the cloud service available at https://www.mirantis.com/blog/infrastructure-as-a-service/. That should increase security, allowing the school to keep their data private.

Unfortunately, data collection is just the tip of the iceberg.

In 2014, Google Inc. was caught mining student emails – through its free Apps for Education service, used by more than 30 million students, teachers and administrators – for advertising ideas. In late 2013, scholarships.com was found to be sharing all of its student data with an affiliate, American Student Marketing. More than 14 million students entered health, financial, religious, political, and sexual orientation information into scholarships.com, only to have American Student Marketing sell that data to advertisers.

President Barack Obama on Jan. 12 proposed the Student Digital Privacy Act. With more than two dozen student privacy laws passed across the U.S. in 2014, a federal standard – one that disallows marketing to students, selling data to third parties, and profiling of students based on data – is a welcome step in the right direction. The president argued that data collected on students should be “used for educational purposes only.”

We’d go a step further: to be eligible for federal funding, schools should be required to certify that student privacy is being protected.

Ban federal funding to districts and schools whose vendors sell any information about students. Yank tax-exempt status from private schools that do the same. By tying data privacy with districts’ financial survival, compliance with data privacy laws becomes a critical issue.

For too long, students and parents have had surprisingly little say on the use of technology in the classroom. The outcry over student data privacy underscores that it’s time to reverse that and create safer online experiences in the classroom. What you can do to protect your child is to install VPN software on their computers and your at-home computer, also encourage schools to do it for theirs, this can help protect identities and their privacy so they aren’t targeted online by cybercriminals and spam that can be distressing. You can find the best ones by looking up which works well in your state/country, e.g. searching for ‘vpn reviews canada‘ will get the user to see what would be best for them where they are, we must protect our kids from having data collected on them.

Children are not products. It’s time school districts and their vendors ensure education software serves students, not the other way around.