Introducing new technology into the classroom can be an exciting event for teachers and students alike. The latest products have attractive bells and whistles that promise to stimulate learning. But products that personalize the learning experience often capture and store student data to measure progress. Protecting the privacy of that data is one of the toughest challenges facing school and district leaders today.
Before buying any new technology, consider the advice of Linnette Attai, a privacy expert and founder of the global compliance consultancy PlayWell LLC. “The biggest challenge and opportunity for schools and districts is to understand what they need and expect in terms of data protection and matching that to what the technology provider is doing,” Attai says. “I see it as an opportunity because if it’s done right, the district becomes a savvier consumer and is only bringing in technology that meets its needs and serves the students in the best way.”
Tech providers have to supply information on what data they are collecting, adds Attai, who is the author of last year’s Student Data Privacy: Building a School Compliance Program and the newly released Protecting Student Data Privacy: Classroom Fundamentals. “The school has to know what it wants in terms of protection for different types of data to assess whether the tech provider can meet those expectations.”
Best practices
When a school or district is looking at a vendor’s product it should, at a minimum, carefully examine the vendor’s terms of service and privacy notice.
“If there are questions or if information about their data protection practices is not apparent, a school or district should be doing some due diligence around that with the technology provider and asking questions and assessing responses,” Attai says.
The work of vetting technology is not simple, but Attai offers six tips to smooth the process:
- Decide on what types of data that you will and will not share with technology providers. Make sure you are clear on the sensitivity of your data and how to protect it. Also, be sure those protections extend to the tech providers if and when you share data.
- Define the purpose. Many districts bring in technology and find they already have a product that serves the same purpose. What is unique about this new technology that will support administrators or students?
“Teachers have an affinity for bringing in new products,” Attai says. “There’s a lot of hype and noise, and it is exciting. But we don’t want to bring in something just for the sake of it being new. It has to have an actual purpose.” - Follow the rules and regulations. Make sure you consider your federal and state requirements, as well as your district policies when it comes to assessing the utility, privacy and security practices of each tech provider. “Don’t forget community norms,” says Attai. “The expectations of your community about how you protect privacy should help inform and customize your district policies.”
- Trust but verify. Carefully review the technology provider’s terms, privacy notices and the product itself. At this point, you should know why you want the product and what you expect it to do, and you should know how you want your data protected.
“We rely on the vendor to supply that security, but it is the responsibility of the school or district to see that it continues to meet the requirements of the school,” Attai says. - Have a dedicated team to review products and policies. Ideally, every district should have a chief privacy officer, a chief security officer and a chief technology officer. For many districts, however, one person covers all of those roles—and is often a teacher or a principal. “That’s unfair in some ways, but it is the cost of a technology-enabled district,” says Attai. “We don’t bring books into schools without reading them and understanding their curricular purpose. We have to treat technology in the same way. Districts need to resource this program appropriately, even if it is one person.”
- Once vetted, provide clear guidance on implementation. Some products may be used with students in certain age groups or with certain data, depending on the sensitivity. Those requirements need to be documented and passed on to the people who will ultimately be using the technology.
Tim Goral is the senior editor of DA.
