Here's a question that many school administrators, boards of trustees, parents and teachers across the country are currently grappling with: how to protect student privacy and still take advantage of new internet-connected education technology, increasingly known as EduTech?

There are now a myriad of EduTech tools and services available and in use by schools. These include:

• Student Management Systems (SMS) which enable teachers and administrators to manage students’ academic-progress. Popular SMSs include MUSAC, KAMAR and Tribal
• career planning tools like Naviance and Dreamcatcher that allow teachers, students and parents to track how students are progressing towards further education and career goals
• social media platforms and apps which let students, teachers and parents connect and share thoughts about classroom learning, like this recent example
• e-modules which allow any-time learning and assessment and give students greater independence to manage their own learning.

Most EduTech services have great potential to raise student achievement and teach young learners how to be 21^st century citizens. But the adoption of e-technology needs to be done in ways that allow students to have some control over their information.

People assume that no business would have a commercial interest in the academic record of a Year 5 primary school student called Jenny. But when you drill down into what that record can tell you about Jenny’s attitude, motivation, health, ability-level and identity, it becomes apparent that this information is in fact extremely valuable to third parties. For example, Jenny’s attendance record could be used by future employers as a proxy for assessing her reliability.

One American example provides a cautionary tale to EduTech adopters and developers in New Zealand. InBloom was a free SMS that many US educational jurisdictions, such as New York, rapidly adopted. It then became apparent that the service was being implemented without schools having sufficient policies in place to protect student data.

As an illustration of the privacy dangers attached to this type of technology, parents in the state of Louisiana were horrified when they found out that their children’s social security numbers had been loaded onto InBloom. The widespread concerns about InBloom’s potential for damaging privacy breaches eventually shut the service down in 2014.

A creepier case in the United States happened earlier, in 2010, when it was revealed that a school district spied on students using webcams.

The district had remote control access of the built-in webcams which were installed on free laptops given to students and used to capture images of the students in their homes, as well as screenshots of their internet browsing. The surveillance programme on the laptops also had a security vulnerability that could have meant students were spied on by people outside the school.

Of course, keeping students personal information safe is more than privacy-proofing the infrastructure and tools educators are using. Students themselves need to be taught how to stay safe online. Our office helped develop a series of lesson plans for teachers called OWLS. 

There are also community initiatives to teach privacy-smarts to educators and learners, like Kiwicon. This year in December, Kiwicon will be running a session on information security training for teachers and students.

We regularly provide advice to the education sector to help ensure that systems are privacy-enhancing. Our office also frequently responds to enquiries from parents about the introduction of EduTech in schools. We are happy to help the education system wrangle with the privacy complexities that EduTech presents but we think that there is more we could do.

What areas would you like to see guidance from us on? Please let us know.

Image: Rural schoolgirl, circa 1939, USA, Creative Commons licence

children