When it comes to student privacy, schools are stuck between a rock and a hard place. The government has not yet sent a coherent message about how student privacy will be protected, yet students continue to use technology provided by an industry whose most valuable resource is data. The only way to protect student privacy is for schools and districts to take a leadership position and build internal processes that safeguard students. Districts must focus on these processes now, even as policies are still being formed, and private companies are working on becoming more transparent about what they collect. It will give educators a well-deserved voice in the coming debates about student privacy, and allow schools and districts to help shape the inevitable legislation and industry practices.
Once answered, these five questions will provide a framework for your organization to develop a privacy practice that serves the interests of your unique learning community.
1. Where does the information flow?
You’re almost certainly using some sort of instructional technology, so begin by auditing the path of your students’ data, from the apps and websites they visit to the third-party file storage providers you use. Only then will you know exactly where student data ends up. And make sure that you actually get answers. If you run into an unclear privacy policy and you don’t understand the the who, what, when, where, why and how related to your student’s data, get on the phone, and either get satisfactory answers or switch providers.
Schools can also track the flow of student data by adopting software solutions that focus on student safety and privacy by allowing close tracking of content, communication and access. Packages such as Gaggle allow administrators and teachers access to student accounts, interactive learning, social networking and other features.
2. Who is in charge?
All stakeholders should agree on where the privacy buck stops. The alternative could be false assumptions about who should be safeguarding student data. It’s best to be explicit so privacy doesn’t fall through the cracks. A healthy dose of self reliance on the part of education institutions is prudent: don’t assume others are as concerned about your student’s privacy as you are.
With an increasingly blurred line between personal data collected at home and student data collected at school, districts need to think holistically about student privacy. A multi-stakeholder approach to safeguarding privacy is best. Make sure you’re fostering an ongoing dialogue between parents, administrators, the IT department, software service providers, and most importantly, the students.
3. What does “privacy” really mean?
You’ve done your student information audit and found the right owner(s) of your privacy initiative, but what exactly is this “student privacy” you’re protecting? Again, stakeholder conversations will be important, because opinions on privacy exist on a wide spectrum. It will be important to have developed this internal compass within your learning community because while the laws answer some questions, they most certainly do not answer all of them.
The next step is to read the laws--FERPA and COPPA as well as any applicable state laws. Know your obligations, but also identify places where you think you could do better than the bare minimum requirements.
4. What are the desired student behaviors, and how will you cultivate them?
It’s safe to assume students will be online almost everyday, but how much do you really know about their behaviors? What are the digital controls that are protecting them? How are adults guiding them as they navigate the internet? Are they guiding them at all? Which decisions are the students being taught to make on their own? What devices and software do students use?
Cultivating desired user behaviors has always been part art and part science. It is a matter of creating a habit by making it easier and more valuable to take the desired course of action. Headline news was hugely successful in driving user behavior because it capitalized on a mismatch between what was offered and what consumers of news wanted. Cable television gave viewers a quick overview of the news in half an hour, every half hour, around the clock, rather than forcing users to rely on the morning paper and the evening news. Viewers could miss part of the broadcast and then check back in.
Think about students and technology in a similar way. What is the easiest, most convenient way to keep children protected? What are their digital media expectations? What are they doing already and how do we meet them where they are? Few preventive methods are as effective as purposefully cultivating good habits, and the best way to cultivate sticky habits is to build on pre-existing patterns of behavior.
5. How will we revisit this regularly?
Privacy is a practice, not a destination. You must take continuous action to make your privacy practice self-enforcing and functional. That means revisiting the steps you’re taking internally and with students, following up to see if stakeholders are keeping up their end of the bargain (and if they’re even the right stakeholders), and monitoring how both internal controls and policies evolve.
The bottom line is that schools should be able to offer students a safe, experimental place to learn, without opening them up to serious repercussions, either for their identities or their learning experience. It will take time to establish effective processes, but it will be worth it.