Search this site
Other stuff

Follow me on Twitter at:

@BlueSkunkBlog

All banner artwork by Brady Johnson, college student and (semi-) starving artist.

Locations of visitors to this page

My latest book:

       Available Now

Available now 

My book Machines are the easy part; people are the hard part is now available as a free download at Lulu.

 The Blue Skunk Fan Page on Facebook

 

Must-read K-12 IT Blog
EdTech's Must-Read K-12 IT Blogs 

 

Teach.com

 

 

 

« A world without work | Main | Wise words from Stephen Downes »
Thursday
Jan312013

Parental concern over data privacy and security

Are you prepared to answer an e-mail like this?*

As a parent, I am trying to learn about the school's technology: how it works, what is available, and its privacy.

At my child's school, students are using Scootpad and Edmodo. Is this information kept on a local or district server or is it out there in the web or cloud?

How many different sites have students' information such as name, gender, grade etc.

If teachers are using school computers to access these sites, is my daughter's information safe? Can someone get her information off the teacher's computer when sending it?

How secure are the schools' networks?

My child has also been signed up for several sites by special education so that teachers can find adaptive materials and books**. The sites include the state school for the blind, the State of MN, Bookshare.org etc. How are these sites being protected?

Let's face it - data privacy is a hot topic in the media and I am sure part of a lot of conversations among parents. School districts need to take questions like these seriously and be able to give complete, understanable, and honest answers that reflect good data privacy practices.

Here is my response to this parent:

Both Scootpad and Edmodo are hosted applications - in other words the program and data are indeed stored in the cloud (on servers outside our own district that we do not own). Since neither of these programs contains data that are subject to FERPA regulations, we feel comfortable using these cloud-based sites.  For sites that do have data that is covered by FERPA laws, we make sure there is an encrypted (https) connection to those resources - and that the companies are reputable. Studies consistently show that cloud-based security is very good.

Student names and data are also a part of many other databases in the district including Naviance (guidance), Viewpoint (data warehousing and analysis), Moodle (online course management), GoogleApps for Education (email and online productivity tools), the library catalog, and many instructional programs that track student goals in content areas such as reading and math programs. 

The primary database is our student information system (Infinite Campus) and most student information in other databases is imported from it. Infinite Campus is housed within our district, behind our firewall and on our network. The physical server itself sits in rented space at the secure data center of our local telephone company. Our IP addresses are all subnetted - in other words, the outside world only sees a single IP address for all equipment on our network - another security precaution.

We also recognize that school computers are only as secure as the people using them are knowledgeable. We ask that all computers be password protected, that screen-savers that require passwords to disable be used, and that staff change passwords on a regular basis (and of course that they do not leave passwords on sticky notes near their computers.) The district staff technology security guidelines can be found hereYour comment is a good reminder that we need to do a better job of reminding staff members of this document.

We have an independent company do a regular security audit of our networks and processes and have always passed with flying colors. The most recent one was completed last spring.

Our district, of course, is not alone in this use of technology to record student data and we do take data security and privacy seriously. 

I hope this makes sense. Please e-mail or call me if you ever have questions regarding the privacy of your children's data. It's a valid concern to raise.

* An actual letter that I received last week, edited for privacy, etc...

** Even as the all-knowing, all-seeing technology director, I was unware of these databases and had to contact our special education department to learn more about them. It makes me wonder just how many other places staff is storing information about kids without any sort of vetting process - including confidential data. Such realizations always humble me.

EmailEmail Article to Friend

Reader Comments (8)

Great response, and one that may be very useful as a model for me later! As a librarian, I'm all about privacy, and it gets tough to balance that with the great tools available online for students at times. While I think a policy might help, I wonder how many others work in places where no matter what the policy, there are too many players to make standards feasible. When I see what individual teachers with a tech yen, departments like special education or bilingual services that go whole hog adding student tools, and even outside services (vision, hearing) that have specialized web tools for individual students, can do without apparently considering student data privacy, I sometimes feel a little sympathy for the lock-it-all-down-you-can't-do-that type of IT tech. How can we keep up with the latest and neatest and protect student privacy as well (considering we can't get teachers to stop printing out student test scores to the group printers used by teachers and students alike and forgetting to pick up that sensitive data for days or even weeks)?

February 1, 2013 | Unregistered CommenterKate W

Hi Kate,

Privacy and security is always a balance between access and utility and control - and a topic to seldom considered in working with teachers and data. And yes, librarians need to have some authority in the topic. If we don't who will? Librarians as well need to consider these issues when getting students into reading programa and lit sharing sites. And yes, printing to group printers and copiers is another whole issue. Our copiers require a code to be input at the copier to actually print so that helps, I think.

Thanks for the comment,

Doug

February 2, 2013 | Unregistered CommenterDoug Johnson

Wondering about Edmodo and COPPA compliance. Do all of your parents agree in writing specifically to the Edmodo TOS and Privacy Policy? Thanks!

February 4, 2013 | Unregistered CommenterKaren

Hi Karen,

We have parents sign a general permission form for their students and feel we do not need a separate form for each product we use - especially when they are a walled-garden application like Edmodo.

Hope this helps,

Doug

February 5, 2013 | Unregistered CommenterDoug Johnson

Our district has fully embraced Naviance and is having middle school students create accounts with personality profiles, resumes and other "survey" items. Concerns are that the type of information collected has not been communicated to parents (you have to constantly check the site to see what your student has been asked to do) AND when asked, the district personnel do not answer the questions HOW LONG that information is available to view and WHO can see it.

My student has a 504 plan that asks for extra time on all writing assignments that require organizing thoughts and putting it in writing with correct grammar and spelling due to dyslexia. This request is ignored for Naviance "assignments" so the information posted would leave someone thinking my child is not proficient in writing. I am told there is not enough time to devote to these activities and complete the other academic requirements.

However, I think the Naviance input is critical to whether a student gets honors, AP and other opportunities in high school and later for college consideration since there seems to be more demand than supply of advanced programs in k-12 and more demand than supply of college acceptances. No one has said this is how the information is used, but school counselors are saying this is a primary tool for deciding appropriate high school graduation plans and that colleges do access the databases.

Are my concerns founded?

November 22, 2013 | Unregistered CommenterConcerned Parent

Hi Concerned,

I can only speak for my own district, but the guidance department that runs Naviance assures me that only the student, his/her parents, and the counseling staff can view data in Naviance. It is not shared with anyone or any organization beyond that without parental permission.

I would definitely check with your school to see what its data privacy rules are.

Good luck!

Doug

November 22, 2013 | Registered CommenterDoug Johnson

This is a big reason for parental concern over data harvesting. The 2nd and 3rd parties that the data is submitted to beyond the district level is being saved and sold. Also, beware of signing your kids up for programs without the parents permission and without disclosing all of the privacy disclosures for each program (Scootpad, etc...) Especially if they are under the age od 13.

https://www.youtube.com/watch?v=Lr7Z7ysDluQ&feature=youtu.be

September 26, 2014 | Unregistered CommenterMichie

HI Michie,

Good advice, but I would not get overly paranoid either. I have to believe companies will abide by their own data privacy statements.

Doug

September 26, 2014 | Registered CommenterDoug Johnson

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>