How to Use Evidence to Support Your Student Data Privacy and Risk Mitigation Efforts

Remote and hybrid learning led students and teachers to be online more than ever. In incredible numbers, over 2,500 to be precise, districts used digital learning tools to support teaching and learning. Along with this rise in technology use came a similar rise in cybersecurity and privacy risk.

Ransomware and data breaches have increased with such an influx of devices and online tools, and virtual classrooms (and the continued use of these technologies) reveal new opportunities for would-be attackers. As a testament to this, between 2016-2022, there have been over 1,600 incidents. Modern schools need to be proactive and build data protection into their culture.

There are many layers to a cybersecurity strategy – here, we dig into how an educated workforce, your staff and educators, is an essential component of your efforts. Here are 4 recommendations to help ensure the edtech tools used by your teachers and students aren’t increasing your risk. 

1. Discover what teachers and students are using, and uncover any unapproved edtech. 

Starting here sets a foundation for using evidence to help mitigate privacy risks. Take a step back to take an inventory of what is being used (known and unknown) and by whom. This can help you identify any unapproved (and unvetted) edtech in use that may increase your risk.

Resource: Claim your edtech Inventory Dashboard to get started today

2. Keep privacy requirements and compliance standards top-of-mind. 

Once you’ve taken stock of what is in use, you can turn your focus to providing a clear view of which tools are compliant with local, state, and federal privacy requirements, and are approved and available for your community to use. Consider building the following into your standard practices to further set up your district for success in protecting student data:

• Have a centralized library of approved edtech – this takes the guesswork out of edtech selection and usage, and ensures teachers choose compliant tools that don’t add to online safety risks.

• Educate teachers on why certain tools should/shouldn’t be used. We recommend having some kind of system in place for sharing resources, such as third-party reviews and insights, updates, and current approval statuses.

• If you have any teachers who have shown particular interest in student data privacy protection, lean into that. Encourage these educators to step up and serve as teacher leaders in their own classrooms and schools, helping educate others on the importance of risk mitigation through thoughtful tool selection and use.

3. Build student data privacy and cybersecurity checks into your edtech vetting and purchasing processes.

Administrators take a lot of steps when it comes to choosing edtech products for their teachers and students. There are a lot of pieces of evidence taken into account when it comes to vetting, including student data privacy commitments, SSO compatibility, systems interoperability, curriculum alignment, equity, accessibility, training requirements, budget and teacher/student feedback. 

Example questions to ask in the vetting process that support risk mitigation:

• What student data elements (PII) does the tool require?

• Does the web address use https: indicating it’s a secure site?

• Does it have advertisements?

• What federal and state data privacy agreements are in place?

Tip: Need a system for evidence-based product vetting? LearnPlatform gives administrators the tools they need to request, vet, and organize products – all in one place. 
 

4. Create a community of people dedicated to protecting student privacy.

Teachers are at the forefront of implementing tools in classrooms and should be part of all compliance work. While certain requirements must be met, engaging teachers early in the process will help garner that all-important teacher buy-in, while also preserving authority. Ask teachers what they are using, what is essential, and start with that list when kicking off your vetting processes.

In addition to teachers, engaging and being transparent with families and others in the community helps align all stakeholders in working to mitigate risks. By offering insight into compliance work, families can better support students at home, alongside teachers inside of classrooms. Make sure all stakeholders know about safe practices by sharing resources, and ensure that they know where to look to see which software/apps are approved for use. Consider including information about why something is not approved, a critical piece of creating a community of people dedicated to proactively protecting student data.

Want to learn more? Schedule a demo with one of our team members.