3 Tactics for Effective Student Data Privacy Protection

After the widespread technology boom in education, district leaders and teachers are inundated with a seemingly infinite number of applications for digital learning. IT professionals are now casting all eyes to the safety and security of student data collected by the growing list of new resources, as district systems full of sensitive data become more vulnerable to cyberattacks and data breaches. Since 2018, the number of reported cyber incidents in schools has increased from 400 to over 1,300, according to a 2021 report by the Cybersecurity and Infrastructure Security Agency.

The urgency is evident as more states pass laws to protect districts and student data privacy, adding more requirements for district IT teams to manage. With the building pressure surrounding student data privacy, it’s crucial for IT professionals to have the resources and network to ensure data is protected.

In a recent discussion hosted by Lightspeed Systems®, leading voices in student data privacy—Kevin Lewis, Data Privacy Officer from 1EdTech Consortium, Jim Siegl, Senior Technologist at the Future of Privacy Forum and former Technology Architect for the Fairfax County Public School District in Virginia, and Jim Farmer, Chief Technology Officer at Fayette County Public Schools (FCPS) in Georgia—gathered to provide insights in effective protection of student data.

The following are three action items districts can take for effective student data privacy protection:

1. Make student data protection a district-wide priority and effort

District technology teams are often infiltrated with new applications on their networks and requests for even more applications to be vetted. With the large task of securing student data privacy on an abundance of applications, the panel discussed the power in a “district-wide awareness and action” approach to student data privacy protection. 

In this approach, Jim Farmer explained how members of the FCPS district gathers as a “data governance council,” consisting of voices from across the district to raise awareness, education, and explanations on student data privacy protections within the organization.

“We had to raise the level of [awareness] of everyone at the table so they could go back and work with their departments and disseminate the information and awareness that we’re doing because we are tackling things like vetting of apps, password policies, security procedures, and data cataloging,” shares Farmer. “Just about anybody in your district is going to have access to information or student data. So, it can’t just be a technology initiative. It has to be done as a team and has to be taken on as one of the most important things.”

Diving in deeper, the panelists highlighted communications and education that enable district-wide personnel to be part of the app vetting process themselves. Jim Siegl, from the Future of Privacy Forum, shared a mnemonic of considerations when opening up conversations on the app vetting process for educators: ITPASSES – interoperability, training, privacy, accessibility, security, safety, effectiveness, and sustainability. 

“These are all part of the conversations we would have as a district, and as educators, and technologists,” says Siegl. “It was a very inclusive way of bringing people into the conversation to talk about this. It’s more than just a privacy checklist or a privacy gateway. It was how are we bringing this particular education tool into the district to support student learning and make it sustainable, private, and secure.”

To support educators in his district, Farmer provides a rubric outline to enable them to be an active part of the vetting process. “When they go to a conference, they usually find all these wonderful apps they want to come back and use,” shares Farmer. “We’ve given them a rubric that they can pre-vet these apps and determine if this is something that’s going to fit and work, as opposed to coming back and downloading 5 to 10 new things they just saw over the last few days at a conference, and that has helped with awareness and education.”

Finally, the panel shared the need to work with edtech partners about safeguarding district data. “Make sure you work with the partners that you have, because there’s already a relationship there,” said Lewis. “Having these important discussions about privacy, about security, about your concerns as a district … because they’re the ones that can make it happen.”

2. Stay connected within the edtech network of organizations for continuous learning and leverage helpful resources

As the need for effective student data privacy protection grows, new regulations pass, and protocols change, the panel stressed the importance of leveraging the wealth of knowledge among the edtech network and resources available through them. Organizations like 1EdTech (formerly IMS Global), Consortium for School Networking (CoSN), and International Society for Technology in Education (ISTE) provide members with resources, networking, and support for IT professionals seeking assistance with student data privacy. Farmer highlighted the Annual Horizon Report by CoSN for education and awareness on key issues in edtech, like data privacy.

Kevin Lewis, from 1EdTech, shared the ways his organization is helping districts protect student data. In collaboration with K-12, higher education organizations, state departments of education, and other edtech providers, 1EdTech created a rubric for app vetting. “It was meant to give schools who want to vet their applications a quick snapshot into what that supplier’s doing and how transparent they are with their policies,” Lewis shares. 

For example, Lightspeed Digital Insight clearly displays badges from the Student Data Privacy Consortium and 1EdTech’s TrustedEd Apps Seal of Data Privacy so that district admins can quickly identify which apps are Certified for Data Privacy. Similarly, IT professionals can look to the Future of Privacy Forum for a comprehensive list of vendors who underwent privacy policy reviews and committed to the security of student data as part of the Student Data Privacy Pledge.

For assistance at the state level, Farmer recommended Cybersecurity and Infrastructure Security Agency (CISA) and state departments of education. Through recent expansions, districts can utilize CISA’s contacts for guidance and assistance in student data privacy protection.

3. Have a system in place to track and monitor applications on the district network and their student data privacy policies

In today’s learning landscape, the volume of threats, an abundance of new applications, more devices in the hands of students, and increased parent awareness all contribute to the need for district IT leaders to take ownership, including having visibility at all times of technology active used on devices and network across the district. As a CTO, Farmer recalls running a snapshot of one week in his district and finding over 4,500 apps in use.

To streamline student data privacy management, districts are turning to trusted edtech partners with tools, like Lightspeed Digital Insight. Lightspeed Digital Insight was designed to provide privacy policy scanning to help schools meet regulations and save time while managing third-party policies. With Lightspeed Digital Insight, IT leaders gain a comprehensive overview of all applications used on their network and devices, across all OSes, and can identify apps that need to be reviewed, ensuring teachers can safely pilot apps and IT has visibility.

While keeping up with new and existing regulations around student data privacy can be a challenge, Lightspeed Digital Insight also integrates with top privacy policy standards, such as 1EdTech and Student Data Privacy Consortium badges, to ensure compliance with regulations like GDPR, FERPA, and COPPA.

Learn more from leaders in student data privacy protection by watching the free on-demand webinar The Student Data Privacy Landscape: How to Set Yourself up for Successful SDP Management this Year

To get a comprehensive view of resources used on network and visibility into third-party privacy policies, schedule a demo of Lightspeed Digital Insight today.


  • Klaire Marino

    Klaire Marino is passionate about education, technology, and the intersection of the two. Over the past 15 years, she has successfully managed various marketing functions at Blackboard, ISTE, Amazon Web Services (AWS), and currently leads the product marketing team at Lightspeed Systems, working closely with product and design teams to evangelize solutions that help districts provide safe, secure, and equitable education—effortlessly.

Recommended Content

cybersecurity webinar graphic with title

Cyber Nightmares: Attacks, Breaches, and Leaks

View Resource

You May Also Like

screenshots on desktop and mobile devices for distance learning software

Here's a demo, on us

Still doing your research?
Let us help! Schedule a free demo with one of our product experts to get all of your questions answered quickly.

man sitting at desk on laptop looking at Lightspeed Filter dashboard

Welcome back!

Looking for pricing information for our solutions?
Let us know about your district’s requirements and we’ll be happy to build a custom quote.

Reimagine the inspired and interactive classroom for remote, hybrid, and in-person learning. Lightspeed Classroom Management™ gives teachers real-time visibility and control of their students’ digital workspaces and online activity.

  • Ensure all students interact with only the right online curriculum — precisely when they’re supposed to use it.
  • Push out vetted curriculum links to all students at the same time.
  • Block inappropriate or distracting web sites and apps.

Ensure scalable & efficient learning device management. The Lightspeed Mobile Device Management™ system ensures safe and secure management of student learning resources with real-time visibility and reporting essential for effective distance learning.

  • A centralized, cloud-based solution for infinitely scalable device, application, and policy controls
  • Self-Service App Library, where teachers and students
    can access and install approved curriculum and learning tools
  • Remotely deploy, change, and revoke hundreds of policies and educational applications, while reducing typical downtime and costs

Prevent suicides, cyberbullying, and schoolviolence. Lightspeed Alert™ supports district administrators and selected personnel with advanced AI to detect and report potential threats before it’s too late.

  • Human review
  • Real-time alerts that flag signs of a potential threat
  • Intervene quickly before an incident occurs.
  • Activity logs provide visibility into online activity before and after a flagged event

Protect students from harmful online content. Lightspeed Filter™ is the best-in-class solution that acts as a solid barrier to inappropriate or illicit online content to ensure students’ online safety 24/7.

  • Powered by the most comprehensive database in the industry built through 20 years of web indexing and machine learning.
  • Ensure CIPA compliance
  • Block millions of inappropriate, harmful, and unknown sites, images, and video including YouTube
  • Keep parents informed with the Lightspeed Parent Portal™

Gain complete visibility into students’ online learning. Lightspeed Analytics™ gives districts robust data on the effectiveness of any tools they implement so they can take a strategic approach to their technology stack and streamline reporting.

  • Track education technology adoption and usage trends, eliminate redundancy, and drive ROI
  • Monitor app and content consumption to facilitate early adoption and effective utilization
  • Assess risk with visibility into student data privacy and security compliance