Today’s students come to the classroom with more than just fascinating personal histories and interesting outlooks on the world. They come with data. Lots of it.
Ed tech tools designed to assess students as individuals – how they learn best, what subjects they excel in, where potential problem areas are – hold a treasure trove of data that can be extremely helpful to ensuring a student’s success.
But with these digital data-collection and storage tools comes a new danger: protecting students' personal data.
Generally, there are two ways we think about student data.
The first includes more traditional data points such as:
Then there are the data points that are relatively new on the scene, as 21st-century education becomes more and more dependent on digital learning tools. These types of data include:
Information like this is what’s typically known as “personally identifiable information,” or PII. According to eSchool News, the proliferation of this data – and the ease of access – is a double-edged sword.
“This [data collection] can be knowingly done for gain — i.e. marketing or future sales — or it can be done with good intentions, as in capturing and using data about an individual to deliver more tailored learning experiences. Even if being done in the aggregate, there are still concerns of misuse," writes James Litton.
Increasingly, PII security is a new frontier of concern for district administrators, IT teams and teachers.
As reported in a special EdWeek report on student data privacy, Houghton Mifflin Harcourt surveyed 1,000 teachers and administrators around the world. What they found: fifty-eight percent of those surveyed were either “very” or “somewhat” concerned about the privacy of their students’ data.
And when a data breach does happen, it can be more than just an embarrassment for the IT department. It can be a costly enterprise for school districts whose budgets are already pretty tight.
One example from the EdWeek report is of a 2015 data breach in Mount Pleasant Independent School District in Texas that put former employees’ private information (including Social Security numbers) at risk. While this breach didn’t compromise student data specifically, it ended up costing the district $36,000 in annual credit-monitoring services.
Threats of data breaches have also prompted a rise in the number of districts purchasing cyberinsurance. Many cyberpolicies cover everything from accidents (like emailing sensitive information to the wrong person) or malicious attacks (such as coordinated hacks), writes Malia Herman in EdWeek.
Herman goes on to note:
“Expenses following any of those scenarios could be astronomical, depending on how many current or former employees’ or students’ information was compromised. Laws differ by state on who must be notified, how quickly, and how the notifications must be handled.”
Want an idea of what cyberinsurance policies cost several U.S. school districts that’ve purchased them? Three cyberinsurance policies noted in Herman’s article (from school districts in Ann Arbor, M.I., Paulding County, G.A., and Garden City, N.Y.) span from $11,000 to $25,000 annually.
The onus, at the end of the day, is on the schools themselves to protect the data they collect and use.
Here are just a few of the many recommendations out there on how schools can keep student data private. These recommendations come from the U.S. Department of Education’s Privacy Technical Assistance Center and eSchool News.
Yes, there are security dangers out there. Yes, there are people who would use student PII for malicious ends. But that doesn’t mean your outlook should be bleak.
The important thing is to always be mindful and vigilant of the data you collect, or that students provide how it’s gathered, where it’s stored and – of course – how it’s deleted.