As more schools move education online thanks to Covid-19, privacy professionals are worried. It seems students’ data protection and privacy have taken a back seat to ease of use and affordability when choosing education technologies. What’s worse, most of these school administrators and parents have no idea of the risk they are putting their children through by using these online platforms.
Privacy issues as a result of using education technology are however, not new. In 2018, the FBI raised concerns about cybersecurity and privacy threats to pre-university students. Some issues that came up include exposure of personally identifiable information, I.P. addresses, web browser history, academic and medical information, geolocation, and biometric data.
The only reason why students’ privacy and protection concerns have risen is that there is a mass movement to online platforms due to school closure. This has meant that any online platform can set itself up as an education platform, and schools will jump on board.
Unfortunately, Common Sense reported that 80% of the applications reviewed in 2019 as edtech tools did not meet the minimum level of responsible privacy and protection safeguards. In fact, some of those platforms were designed for other purposes like social media, webinars, and gaming. For example, Zoom is a big player in online learning, but as recent reports show, it has scary privacy and security flaws.
Security and Privacy Issues you should worry about
Apart from the list given by the FBI above, there are other issues parents, and teachers alike should worry about including;
- Use of student information for marketing purposes
- Pornographic material
- Physical security issues such as burglary and kidnapping
- Tracking of the student’s online activities by government agencies
- Unrequested commercial and political interruptions during the study
- Identity theft, among others
What Does the Law say about Student Privacy?
As more parents rely on online learning platforms for their kids, they need to know what the law says about student security and privacy. The 1974 Family Educational Rights and Privacy Act or FERPA of the USA, states that educational institutions must have consent from parents to release student’s education records or personal information to outside parties.
The Children’s Online Privacy and Protection Act also outlines how vendors of these online platforms should behave regarding collecting and storing student data. Parents can refer to a hosted webinar by the U.S. Department of Education “FERPA and Virtual Learning During Covid-19” to know more about these requirements.
Schools and institutions are also required to have universal policies and structures to record evidence of how they comply with the law.
How to Ensure Online Learning Platforms are Safe
- The job of safeguarding student’s data and privacy, of course, starts with the school or the institution. That said, parents also have a role to play in this regard. It’s only when parents and teachers come together to discuss the privacy and security of their children that these unscrupulous vendors will stop.
- Ensure the technology platform you are planning to use the privacy laws in your country and state. At the very minimum, they should not collect more information than is required or agreed upon. While most of these platforms will only ask for an email address and password, some will collect data through cookies and other identifiers.
- Use internal servers. For a long time, institutions have used internal servers to store and process data. Today, more people are moving to cloud servers because the infrastructure is cheaper and easier to maintain. However, internal servers remain the safest option. For example, Global Indian International private school Abu Dhabi collects and stores data from more 7 countries with different privacy and security policies to safeguard its students.
- Conduct a risk assessment to mitigate any harm associated with the online sessions. For example, you can check if the platform enables the institution to allow or ban participants from the session. You can also check their privacy settings and age appropriateness.
- Update your data protection and security policies often. Online learning platforms are operated over computers and servers. Updating the security policies regularly is the least you can do to ensure they are doing their job correctly.
- Educate all involved. Finally, educating students, teachers, and parents about these privacy and security issues will help them take precautions when using the platforms. For example,
- If the students are using a teleconferencing platform like zoom, they should use a bland background to ensure that no additional information about their surroundings is visible from the other side.
- Ensure that cameras and audio is disabled after the meeting is over
- Use a separate email address or logins to access the platform. You should never use your regular email address as that exposes it to hacking.
- Teachers and administrators must also be educated concerning recording educational sessions and storing student’s data. There must be a lawful purpose for recording and storing such sessions.
Reports show a significant rise in cybersecurity threats to schools and universities in 2020 for obvious reasons. It’s important for everyone concerned to be aware of these issues and know how to handle them.