Schools and educators have long since upheld their responsibility to protect students from harm and preserve a safe environment for learning. As technology has infiltrated the education sector, that responsibility has expanded for schools to include protecting student data.
That’s exactly why a group of school districts asked the nonprofit organization Common Sense to help them uphold privacy standards and keep vendors accountable. Since its launch three years ago, the privacy initiative has helped more schools stay on track and is making a significant impact on the way vendors and districts operate to keep student data safe.
The initiative consists of detailed product evaluations to assess safety, privacy, compliance and security levels of popular ed tech apps being used in K-12 classrooms. It also includes a privacy questionnaire to help teachers and districts evaluate vendors’ privacy terms and identify what is and isn’t covered. Last, the initiative includes an information security primer, which is a toolkit designed for education technology leaders interested in learning more about how to evaluate the information security practices of software.
Since the initial eight schools came together to create the initiative, approximately 115 schools nationwide are participating in the effort. Bill Fitzgerald, director of privacy review programs at Common Sense, notes that 110 products have been vetted, and more than 40 are in various stages of being evaluated for privacy. That evaluation process can be timely since vendors must be re-evaluated every time their terms are updated, yet that thorough approach seems to already be making an impact.
Within two to three months after the privacy evaluations were published, 40 percent of vendor policies were updated to align with best practices, Fitzgerald said. While a subset of vendors may have been focusing on privacy improvements regardless of the evaluation, Fitzgerald notes that some were directly correlated with the initiative. In addition to the privacy evaluation, an automated encryption survey run once in October 2016 and once in March 2017 showed an eight percent increase in the number of vendor sites that support encryption when users log in.
All in all, Fitzgerald says the response from vendors to the initiative has been overwhelmingly positive. While a small number of vendors have been unresponsive, he notes that creating a network of support is key. “The goal of this initiative is to help people do the right thing with less work. Privacy is complicated, and it’s difficult to ask for help on something that’s a hot-button issue and is sensitive,” he said. “We go out of our way to make ourselves approachable. We have helped a good number of vendors to improve their work in security and privacy policies.”
The initiative comes at a time when student data privacy is clearly growing as a priority across the nation. A similar initiative called the Trusted Learning Environment (TLE) Seal helps schools meet high standards for student data privacy initiatives and was developed by the Consortium for School Networking, in partnership with AASA, the School Superintendents Association, the Association of School Business Officials International, ASCD and school leaders from 28 districts. Twelve school districts have earned the seal, which shows that their practices in leadership, the classroom, data security, business and professional development meet the standards that the program set.
Omaha Public Schools is a member of the Common Sense privacy consortium and has been utilizing the privacy evaluation and standards to ensure optimal transparency and protection for data on the 52,000 students in its 90 schools. “This initiative was particularly valuable because we needed systems that would vet the solutions effectively and create relationships with providers so if they weren’t there, we could help them get there,” said Rob Dickson, executive director of Information Management Systems for Omaha schools. According to Dickson, the initiative has helped the district engage vendors to make changes to privacy statements that better align with best practices.
Keegan Korf, lead teacher of digital citizenship for Omaha Public Schools in partnership with Common Sense Media, points out that most ed tech companies just aren’t up to speed on current privacy rules. “You can guide ed tech vendors about best practices for safety for kids. A lot of times it simply means talking with vendors, and this initiative provides a strong voice,” she said. “Utilizing initiatives like this, school districts can come together to advocate strongly for what’s best for kids. And ed tech companies are listening because it’s good business practice and they want to do right by children.”
As the initiative moves forward, Fitzgerald is clear that the focus remains on growing the number of vendors and districts involved to get more ed tech apps evaluated. Common Sense is also looking into ways to improve data visualizations. Later this year, Common Sense will be publishing a privacy white paper that summarizes trends and key information observed within the evaluations.
Fitzgerald says he plans to continue to communicate regularly with schools and vendors via email, phone, Twitter and focus groups to get feedback and understand where attention is needed to improve privacy policies. “We are always looking to talk to more vendors, districts, teachers, parents and students on what matters to them and capturing it in the work we do,” he says. “We want to get feedback from people to make sure we meet the needs they have.”