EdTech privacy has become a major concern for students, parents, teachers, and school administrators as more schools turn to virtual learning amid the COVID-19 pandemic. Regardless of the current pandemic, education technology is becoming increasingly important to the modern learning experience.
As EdTech companies continue to innovate and create great learning products for students, they need to seriously consider student privacy. Data privacy is an important issue for everyone, but it is even more important when dealing with the personal information of children.
Let’s take a look at some of the ways you can protect and prioritize student data privacy when building an EdTech application. We’ll also review some of the important student privacy legislation that is guiding EdTech companies, educators, and school districts.
How to Prioritize EdTech Privacy
Data privacy is an important issue in all sectors of the technology industry right now. There are a lot of different, effective approaches to strengthening the privacy and security features of your app or digital services. While the data privacy ideas below could apply to other types of apps, the focus of this post will be EdTech privacy, so everything will be related back to education.
You can protect student data and promote data privacy by:
- Knowing the law
- Providing transparency
- Encrypting data
- Limiting access to sensitive information
Knowing the Law
When it comes to student data privacy, there are a number of different laws and regulations that you need to follow in order to remain compliant. In the United States, there are two big pieces of federal legislation that you need to know about, the Family Educational Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA).
There are also state laws and regulations that vary from state to state. One of the earliest and most widely copied EdTech privacy laws is California’s Student Online Personal Information Protection Act (SOPIPA). While every state is free to make its own privacy and security laws and regulations, many of the core tenets of SOPIPA have been adopted in other states.
We’ll take a closer look at the specifics of some of these laws later in this post, but the key takeaway is you need to understand the laws and regulations in place for your target audience. Understanding what data privacy restrictions are in place will help you to create better student privacy policies when you are working on developing your EdTech app.
Putting privacy and security at the forefront of your EdTech project will help ensure you remain compliant with all local and federal laws and regulations while you provide great service to educators and students. Teachers, parents, and students are all concerned about data privacy. The EdTech companies who understand the law will be able to provide more robust privacy and security measures and gain the trust of users.
EdTech companies should strive to be as transparent as possible with schools, educators, parents, and students when it comes to data privacy. Transparency is a strong ally, and it allows for the creation of better data privacy practices and security measures. Transparency has the added benefit of educating users on the potential risks posed to privacy and security as well.
Educated users make better security decisions and choose stronger passwords. Transparent, easy-to-understand data privacy policies help users understand what data is being collected and how it is being used. EdTech apps should strive for transparency so users can make educated decisions on what information to give and what information to withhold.
EdTech companies that give their users transparency will help their own brand image and create a lasting, trusting relationship with the key users that make their products and services successful. Educators work long hours. Reviewing dense, legal jargon in regards to data privacy is not an easy task for anyone, let alone a busy teacher or administrator. Be as transparent as possible with your data privacy policies.
In order to fully protect student data, all information gathered, stored, transmitted, etc., needs to be encrypted. Most EdTech apps focus on encryption during the transfer or transmission of data, but there are other times when student data could be put at risk besides when it is being moved around.
Even when student data is just sitting in storage, it needs to be encrypted. Encryption provides another level of protection should your security be compromised. Cyberattacks are getting more sophisticated, and EdTech apps are not immune to being targeted.
Limiting Access to Sensitive Information
A key way to promote privacy and security is to limit the people who can even access sensitive student data. Most data breaches occur because someone on the inside got careless or was duped online. The fewer people who even have access to student data, the less likely there will be unauthorized access.
EdTech companies can create strict protocols to limit the number of users who can access student data, but schools and school districts also need to be active participants as well. They need to thoroughly review the people who are given access to student data and ensure that only the users who absolutely need access are given it.
EdTech companies can help their cause and promote security by educating their users and providing demos. Create a security best practices guide that can be given to schools and districts that choose to use your product. This can help educate them on the best ways to ensure data privacy and security while using your app.
Important EdTech Privacy Legislation
While there are hundreds of different privacy laws and regulations passed by local and state governments, we are going to look at three important pieces of data privacy legislation and how they apply to EdTech.
The legislation we will cover includes:
- Family Educational Rights and Privacy Act (FERPA)
- Children’s Online Privacy Protection Act (COPPA)
- California’s Student Online Personal Information Protection Act (SOPIPA)
Family Educational Rights and Privacy Act (FERPA)
The Family Educational Rights and Privacy Act is the basis for all student privacy laws. FERPA was passed in 1974 to protect the confidentiality of education records. The law was passed in response to growing concerns over the way schools were compiling, in most cases in secret, detailed personal records about their students.
FERPA gives parents and students the right to access their own education records, request changes or updates, and restrict the disclosure of their records in certain cases. The simple summary that applies in most cases is that the contents of an education record cannot be disclosed without written consent.
FERPA is a great data privacy law, but it was written in a time before the Internet and cloud-based record keeping. The legal language in FERPA is a bit murky when it is applied to modern-day technology. The law allows for records to be shared with school officials that have a legitimate educational interest in the student data.
Issues arise when schools designate private EdTech companies as school officials. FERPA only applies to schools. If a company like Google were granted access to education records by a school, they would not be bound by FERPA.
Local legislation has been crafted in order to address the inadequacies of FERPA when it comes to EdTech and data privacy.
Children’s Online Privacy Protection Act (COPPA)
The Children’s Online Privacy Protection Act was the next major federal legislation passed in 1998 to address the data privacy of children. COPPA is not targeted at EdTech or schools, but it can be applied. The law is designed to give parents control over what information websites and services collect from their children (kids aged 13 or younger). The data protected under COPPA includes:
- Social security number
- Photos and videos of the child
- Any identifier that can be used to track a user
Operators who knowingly collect information from children 13 or younger must receive parental consent. In the case of EdTech used in schools, the school itself acts as the parent giving consent to use student data.
COPPA runs into data privacy issues because teachers and school administrators are faced with long, legal release forms to use software that they aren’t necessarily understanding or reading through. Once notice and consent have been given, companies are free to collect any information they want.
COPPA is a strong step towards data privacy in the digital age, but it doesn’t provide robust enough coverage.
California’s Student Online Personal Information Protection Act (SOPIPA)
SOPIPA is the culmination of FERPA, COPPA, and all of the other data privacy laws that have come before it. This law is only valid in the state of California, but many states have since taken key tenets of this law and adopted them in their own states too.
SOPIPA is a direct result of the issues we pointed out with COPPA. Mainly, teachers and school districts were using software and services without signing contracts with the provider or really understanding or reading through the privacy notice. As a result, student data was being collected at a high rate.
SOPIPA directly applies to EdTech apps and companies. Under SOPIPA, companies are forbidden from using any of the student data they collect to target ads, create commercial profiles or advertisements, or sell any of the collected data. SOPIPA is unique because it doesn’t give companies an avenue to maneuver around privacy issues with consent forms.
Typically, consent forms are dense, legal documents that are confusing for teachers, parents, and students. SOPIPA protects all student users regardless of whether a contract has been signed with the school district or not.
Data privacy is a major concern with all digital platforms, but it is very important to protect the data of our students. If you have a great idea for an EdTech app and you need help developing it and ensuring it is secure, reach out to Koombea.