Protecting Student Data Privacy When Reviewing EdTech Apps

Without question, digital classrooms have transformed the K-12 learning experience and edtech applications have delivered bushel loads of benefits to students and teachers alike. However, with every app, serious concerns remain about steadfastly protecting student data privacy.

Internet Safety Labs recently released a report based on a survey of 663 US schools and the analysis of 1,357 applications and determined that 78 percent of required or recommended school apps were “very high risk” in terms of privacy and 79 percent of apps collected student location information.

Before an application is used, it’s critically important to ensure students’ personal information and privacy is protected. Of course, digging through an application’s data privacy policy can be a laborious task.

Privacy policies are notoriously long and difficult to read, and with instructional coaches, educators, and IT professionals all pressed for time, vetting an app can be a demoralizing task.

Until now!

Earlier this week, Lightspeed Systems announced its collaboration with the Public Interest Privacy Center (PIPC) and the AASA, formerly the American Association of School Administrators, to produce The K-12 Privacy Policy Guide: How to Quickly Spot Red Flags, a definitive resource to help educators quickly discover issues in privacy policies that would likely restrict the tool from being used with students. This resource is immediately available for download.

Protecting Student Data Privacy

The K-12 Privacy Policy Guide: How to Quickly Spot Red Flags was created to help K-12 educators review an application’s privacy policy before seeking approval to use it with students in the classroom. Very specifically, it shares common “red flags” to be aware of in reviewing an app’s privacy policy that would preclude it from being recommended for students. Key search terms are listed to assist in filtering lengthy privacy policies to quickly navigate to areas of potential data privacy concerns. 

Key components of data privacy policies that need to be clearly understood by educators include the following: 

• Data Sharing: Is student data shared with third parties? 
• Data Usage: How is student data used? 
• Data Ownership: Who controls student data? 
• Data Retention: How long is student data stored? 
• Security: How is student data protected? 
• Updates and Changes: How will schools be informed of changes to the privacy policy? 
• Data Collection: What student information is collected? 
• User Rights: Do users and their parents have rights to access records? 
• Children Under 13: Are COPPA and parental consent addressed? 

When evaluating edtech applications, it’s important to consider that many companies offer two versions of their platform—one broadly directed to children and parents, and one offered specifically for schools. If an app offers an education-specific version, ensure you review their education-specific data privacy policy. 

Summary

Of course, The K-12 Privacy Policy Guide: How to Quickly Spot Red Flags is only the first step in a school district’s edtech app vetting process. After educators ensure a desired app’s privacy policy doesn’t contain “red flag” warning signs, they then need to follow the district’s official app review processes, something that Lightspeed Systems is making easy with a Teacher App Request Workflow integration between Lightspeed Classroom Management™ and Lightspeed Digital Insight™. Review policies and procedures vary by district, so faculty should ensure their district maintains a list of the technologies that have already been formally approved for use with students and find out how to request an official review of other technologies. In addition, Lightspeed Digital Insight allows for easy visibility into app usage, management, and publishing of a school or district’s approved applications list.