IT Management Commentary

Five Principles for Securing Student-Data Privacy

By Cameron Evans — May 18, 2015 5 min read

From student-identity theft to the sale of student information for corporate gain, there is no shortage of news about challenges associated with the growing presence of technology in our nation’s schools and classrooms. And while these challenges affect organizations across all industries and social sectors, constrained financial resources make school systems particularly vulnerable. Moreover, although federal legislation, the Student Digital Privacy and Parental Rights Act of 2015, has recently been introduced in Congress, strong legal protections for student data do not yet exist.

Given the risks, one may ask: Is it worth investing more in technology in our schools? In fact, the benefits are huge. With the cloud-based tools available today, educators can personalize student instruction to a degree that wasn’t possible just five years ago. These tools can engage young minds in new ways, including many that no one has even thought of yet. By moving us past the days of assembly-line education plans based on a single textbook, they can allow us to make sure that no student has a lackluster learning experience, and that each is well prepared for the career path of his or her choosing.

Does that sound optimistic? It’s an ambition within reach. Over the nearly three decades I’ve worked in education, I have had a front-row seat as technology has become an integral part of the classroom, and I am confident that by collecting the right data, schools have the power to transform students’ lives for the better. Nevertheless, the risks are real, so it is also important for educators to dramatically rethink the approach to student-data privacy they’ve taken over the last 30 years.

Back in the 1990s, when I served as chief information officer of the Del Rio and San Angelo school districts in Texas, there was much greater naiveté around protecting data, and student data in particular, for a number of reasons. Outside of libraries, Internet access in schools was primarily used by administrators to share data with the state for funding purposes. Students and parents rarely knew what data schools had about them on file or who might have access to that information. Because computers were rarely connected online, paper files were the norm, as were unsecured campuses.

v34 31 OP1 Copyright ChrisWhetzel

Meaningful measures to better protect educational data didn’t pick up until the turn of the millennium, after the world raced to avert Y2K-spurred data-management vulnerabilities, “always on"—or Internet-ready—computing became commonplace, and online identity theft started to rise. Banks and other commercial enterprises were quick to invest in data privacy, but schools lacked the resources to do so, leaving students especially vulnerable. Suppose a 5th grader has her Social Security number stolen and used fraudulently to apply for credit cards and loans? She might not discover it for years, and enter adulthood at a serious disadvantage.

While awareness is better today, there is still a surprising willingness for people—adults as well as children—to share data when they shouldn’t. Not long ago, I was checking in to a hotel when the power was out and the computer systems were down. Guests were being asked to sign in on paper and to write down their credit card numbers—and many people were doing it. In a school, this lack of vigilance would place our students’ data at tremendous risk.

What this experience teaches us is that technology alone cannot ensure student-data privacy. Instead, we need to enact a massive cultural shift. School administrators must understand that student-data privacy is not just a concern for IT administrators, but also for the executive leadership, who must take responsibility to drive the change needed throughout their organizations. All the security patches in the world don’t do much good when information is locally stored on a laptop that can be left in a car, or a network-security password is taped to a computer monitor.

To drive this cultural shift, we must take a holistic look at how sophisticated and complex student-data privacy has become. We must rigorously explore the implications for kids, parents, and school systems alike.

While awareness is better today, there is still a surprising willingness for people—adults as well as children—to share data when they shouldn’t.”

A year ago, a nationwide snowstorm canceled classes after school had started, so the students needed to be picked up. Some were at school, some were still on the bus, and many parents were stuck as well. This created a situation in which parents did not know where their children were, and GPS technology could have played an important role. Location tracking, however, adds a host of privacy issues we haven’t had to deal with until recently: how to track student locations, whom to share this information with, and what to do if parents wish to opt out.

Regardless of whether a school is rural, suburban, or urban, or is large or small, there are a few fundamentals I can offer from my experience in school technology to help protect student-data privacy:

Build data-privacy policies into your school culture, so that every faculty and administrative staff member is thinkingabout it whenever student data is involved. Promote this approach among all employees, from the newest teacher up to the superintendent.

Be very wary of “free” technology solutions. You may end up paying with students’ data, rather than cash.

When you work with a technology company, don’t just ask for a product demonstration. Demand an executive briefing that will show you step by step and scenario by scenario exactly how data will be protected.

Data privacy often has legal implications; make sure school or district lawyers are involved in the policymaking process.

Take advantage of reliable online resources that clarify why data privacy is important, best-in-class privacy standards, and strategies for tailoring a school’s or district’s data-privacy policies.

Making these principles a priority will not only provide a solid basis for improving your student-data-privacy policy, but will also help create better and more equitable educational opportunities for all students.

When my daughter started middle school this year, I felt a tingle of déjà vu when I looked at her school supply list. I checked it against supply lists I found online for an array of districts around the country and realized it was the same school supply list I was given when I was her age. As William Gibson famously said in the early ‘90s, “The future is already here; it’s just not evenly distributed.” Even now, schools are often unable to make the best use of technology.

My daughter is fortunate in that I’m in a position to spark her curiosity at home through tech tools. She can use a USB microscope to look at a tooth that she lost, or navigate a drone in our backyard to learn about geospatial information and geography. But all children should have the opportunity for such customized and technologically enhanced experiences, while their parents and educators work together to ensure their privacy is protected.

A version of this article appeared in the May 20, 2015 edition of Education Week as Making the Right Commitment to Student-Data Privacy


This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Professional Development Webinar
Building Leadership Excellence Through Instructional Coaching
Join this webinar for a discussion on instructional coaching and ways you can link your implement or build on your program.
Content provided by Whetstone Education/SchoolMint
Teaching Webinar Tips for Better Hybrid Learning: Ask the Experts What Works
Register and ask your questions about hybrid learning to our expert panel.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Families & the Community Webinar
Family Engagement for Student Success With Dr. Karen Mapp
Register for this free webinar to learn how to empower and engage families for student success featuring Karen L. Mapp.
Content provided by Panorama Education & PowerMyLearning

EdWeek Top School Jobs

Washington Teacher Trainer - (WAVA)
Washington, United States
K12 Inc.
Strategic Account Manager
Portland, OR, US
Northwest Evaluation Association
President and CEO
Alexandria, Virginia
National Association of State Boards of Education
CCLC Program Site Director
Thornton, CO, US
Adams 12 Five Star Schools

Read Next

IT Management Goodbye, Adobe Flash: What Educators Need to Know
Programs that run on Adobe Flash will no longer work on any devices or browsers after Jan. 12.
2 min read
Image shows laptop computer with Adobe Flash headstone
F.Sheehan/Education Week + Getty
IT Management 4 Big Cybersecurity Priorities for Schools: Training, Purchasing, Monitoring, and Budgeting
A survey of 513 K-12 technology leaders on how they are dealing with the latest cybersecurity challenges showed that 63 percent are working on training end users.
4 min read
IT Management Leader To Learn From Making Technology Work for Schools
As the technology director in the Vail School District in Vail, Ariz., Mark Breen’s tech savvy and deep understanding of what principals need has simplified the technology educators need to do their jobs and freed up time for them to focus on students. He is recognized as a 2020 Leader To Learn From.
7 min read
IT Management Austin CTO Kevin Schwartz Speaks: 5 Ed-Tech Problems and Solutions
The school district tech chief talks about helping educators avoid common mistakes, pumping up usage levels for ed-tech tools, getting tech and curriculum folks to talk to each other, and more.
4 min read