Parental concern over data privacy and security
Are you prepared to answer an e-mail like this?*
As a parent, I am trying to learn about the school's technology: how it works, what is available, and its privacy.
At my child's school, students are using Scootpad and Edmodo. Is this information kept on a local or district server or is it out there in the web or cloud?
How many different sites have students' information such as name, gender, grade etc.
If teachers are using school computers to access these sites, is my daughter's information safe? Can someone get her information off the teacher's computer when sending it?
How secure are the schools' networks?
My child has also been signed up for several sites by special education so that teachers can find adaptive materials and books**. The sites include the state school for the blind, the State of MN, Bookshare.org etc. How are these sites being protected?
Let's face it - data privacy is a hot topic in the media and I am sure part of a lot of conversations among parents. School districts need to take questions like these seriously and be able to give complete, understanable, and honest answers that reflect good data privacy practices.
Here is my response to this parent:
Both Scootpad and Edmodo are hosted applications - in other words the program and data are indeed stored in the cloud (on servers outside our own district that we do not own). Since neither of these programs contains data that are subject to FERPA regulations, we feel comfortable using these cloud-based sites. For sites that do have data that is covered by FERPA laws, we make sure there is an encrypted (https) connection to those resources - and that the companies are reputable. Studies consistently show that cloud-based security is very good.
Student names and data are also a part of many other databases in the district including Naviance (guidance), Viewpoint (data warehousing and analysis), Moodle (online course management), GoogleApps for Education (email and online productivity tools), the library catalog, and many instructional programs that track student goals in content areas such as reading and math programs.
The primary database is our student information system (Infinite Campus) and most student information in other databases is imported from it. Infinite Campus is housed within our district, behind our firewall and on our network. The physical server itself sits in rented space at the secure data center of our local telephone company. Our IP addresses are all subnetted - in other words, the outside world only sees a single IP address for all equipment on our network - another security precaution.
We also recognize that school computers are only as secure as the people using them are knowledgeable. We ask that all computers be password protected, that screen-savers that require passwords to disable be used, and that staff change passwords on a regular basis (and of course that they do not leave passwords on sticky notes near their computers.) The district staff technology security guidelines can be found here. Your comment is a good reminder that we need to do a better job of reminding staff members of this document.
We have an independent company do a regular security audit of our networks and processes and have always passed with flying colors. The most recent one was completed last spring.
Our district, of course, is not alone in this use of technology to record student data and we do take data security and privacy seriously.
I hope this makes sense. Please e-mail or call me if you ever have questions regarding the privacy of your children's data. It's a valid concern to raise.
* An actual letter that I received last week, edited for privacy, etc...
** Even as the all-knowing, all-seeing technology director, I was unware of these databases and had to contact our special education department to learn more about them. It makes me wonder just how many other places staff is storing information about kids without any sort of vetting process - including confidential data. Such realizations always humble me.
Reader Comments (13)
Great response, and one that may be very useful as a model for me later! As a librarian, I'm all about privacy, and it gets tough to balance that with the great tools available online for students at times. While I think a policy might help, I wonder how many others work in places where no matter what the policy, there are too many players to make standards feasible. When I see what individual teachers with a tech yen, departments like special education or bilingual services that go whole hog adding student tools, and even outside services (vision, hearing) that have specialized web tools for individual students, can do without apparently considering student data privacy, I sometimes feel a little sympathy for the lock-it-all-down-you-can't-do-that type of IT tech. How can we keep up with the latest and neatest and protect student privacy as well (considering we can't get teachers to stop printing out student test scores to the group printers used by teachers and students alike and forgetting to pick up that sensitive data for days or even weeks)?
Hi Kate,
Privacy and security is always a balance between access and utility and control - and a topic to seldom considered in working with teachers and data. And yes, librarians need to have some authority in the topic. If we don't who will? Librarians as well need to consider these issues when getting students into reading programa and lit sharing sites. And yes, printing to group printers and copiers is another whole issue. Our copiers require a code to be input at the copier to actually print so that helps, I think.
Thanks for the comment,
Doug
Wondering about Edmodo and COPPA compliance. Do all of your parents agree in writing specifically to the Edmodo TOS and Privacy Policy? Thanks!
Hi Karen,
We have parents sign a general permission form for their students and feel we do not need a separate form for each product we use - especially when they are a walled-garden application like Edmodo.
Hope this helps,
Doug
Our district has fully embraced Naviance and is having middle school students create accounts with personality profiles, resumes and other "survey" items. Concerns are that the type of information collected has not been communicated to parents (you have to constantly check the site to see what your student has been asked to do) AND when asked, the district personnel do not answer the questions HOW LONG that information is available to view and WHO can see it.
My student has a 504 plan that asks for extra time on all writing assignments that require organizing thoughts and putting it in writing with correct grammar and spelling due to dyslexia. This request is ignored for Naviance "assignments" so the information posted would leave someone thinking my child is not proficient in writing. I am told there is not enough time to devote to these activities and complete the other academic requirements.
However, I think the Naviance input is critical to whether a student gets honors, AP and other opportunities in high school and later for college consideration since there seems to be more demand than supply of advanced programs in k-12 and more demand than supply of college acceptances. No one has said this is how the information is used, but school counselors are saying this is a primary tool for deciding appropriate high school graduation plans and that colleges do access the databases.
Are my concerns founded?
Hi Concerned,
I can only speak for my own district, but the guidance department that runs Naviance assures me that only the student, his/her parents, and the counseling staff can view data in Naviance. It is not shared with anyone or any organization beyond that without parental permission.
I would definitely check with your school to see what its data privacy rules are.
Good luck!
Doug
This is a big reason for parental concern over data harvesting. The 2nd and 3rd parties that the data is submitted to beyond the district level is being saved and sold. Also, beware of signing your kids up for programs without the parents permission and without disclosing all of the privacy disclosures for each program (Scootpad, etc...) Especially if they are under the age od 13.
https://www.youtube.com/watch?v=Lr7Z7ysDluQ&feature=youtu.be
HI Michie,
Good advice, but I would not get overly paranoid either. I have to believe companies will abide by their own data privacy statements.
Doug
My daughters school, after threatening that her honor roll grades all suffer if she does not partake in Naviance testing, I was told it was all private information. If you go in the Naviance sight, read their privacy statement, it clearly says if you use Naviance, you give permission to let them share their personal data with all kinds of parties. Read the privacy statement, it's all there. They even go so far as to say they acquire kids ip addresses and keep tabs on where they go online, how often, how much tie spent on sites, and can even locate them using their IP address to find them online. This is terrible. It's data mining in the guise of helping your kids. Maybe they do, but they also categorize them by their personality, and tailor their classes etc..to what they feel the tests show where they belong. At what cost to our kids is this really costing us?
Hi Tara,
I am sorry to read about your school's policy on testing. No testing should be required of any child - all parents should be able to opt out without penalty. Have you talked to one of your school board members about this?
I am not familiar with Naviance's data privacy protections but they should be held to COPPA standards which limits a vendor's use of any kind of student data.
Hope things work out.
All the best,
Doug
Just read the Naviance privacy statement. When I asked about the schools claims of privacy, but Naviances privacy statement which clearly reads, by using any Naviance programs, etc.. You agree to share your information. The school could not answer this, and still cannot. Also, after reaching out and much research, there is one boy, a senior who was being forced to out his rejection letters on the Naviance site for all other colleges, etc.. To see. He did not want to put that information on, but they are making him via fines!!! Please, you need to do your research on this. Where is the line drawn? A 10th grade student told me that his questions for his grade were worse and more private than the 9th grade questions. I have been told my many students, that they are so uncomfortable with answering them, that they are purposely lying, not to look bad. Doesn't that invalidate what they claim they are trying to do? Why can't it just be a school system database that keeps your grades? Why the personality tests, or arguably a psych evaluation, data mining and all the privacy issues? If it's for the kids, why not keep t local and private, and kids use guidance counselor as we always did. I don't want an algorithm saying who my child is or what should be. Fact that most schools don't use Naviance or use other programs, or none at all, if it's so wonderful, why not tell the parents about it? Why so secret? And why pushing it upon us via threats? It should be opt in, not opt out!
Hi Tara,
First, I think that any parent should be able to opt out of any data collection system being used in a public school. (Private schools may be a different story.) Talk to your admin and your school board members and explain your concerns.
Why don't you call or email Naviance directly as well? Express your concerns to them. You might also contact the Electronic Freedom Foundation.
Please let me know if your effort bear fruit and all the best,
Doug​
I am certain that the following is accurate- if it is not please correct me, knowledge is power and I am eager to learn about this system my child's school is demanding she utilize. Naviance is owned by Hobson. Hobson has partial or whole ownership of PAR- PAR is Predictive Analytics Reporting framework who has self described themselves as a non-profit multi-institional data mining collaborative. Non-profit is key when dealing with education - it provides the company with a great deal of leeway when collecting data and sharing data. Naviance will claim they do not sell information= but the 6000 +members made up of organizations and institutions can join ($) and receive access to student data. Naviance does not contract with the student- rather the school or district. Naviance serves the school! When I asked Naviance about the data- storage of, detain of, how long it is kept, where it is kept, who has ownership, who has access, etc.. they plainly told me to go ask a school administrator- that naviance has a contract with them and services the school not individual students. Naviance will ask students, in a student account that was prepared for the student by the school,all kinds of questions- personality surveys, inner thoughts, health , anxiety about topics, transcripts, on some surveys (assessments) they student is asked about their political and or religious thoughts, sexual orientation,parental education, marital status, family size, ask about financial aid needs, etc.. etc. etc... most schools will have the students fill them out in school- so parents do not see all the invasive questions. Parents typically do not get access until junior year after the personality tests likes and dislikes are complete. High Schools will ask that you download Common App through Naviance (so that all this college info can be managed) they want to know what schools you are interested in, what schools you are applying to, what the decision is, and how much $ you were awarded from each school that offered admission to you.The school will make a data book so future students can see . If you use one of the Financial Aid links or pop-ups think of the information that they have now- parental names, birthdates, income, ss#, education and employee info, address, emails, phone numbers, charitable donations, possible health issues, They will encourage students and kids to use APPS on their mobile so the tracking can continue- they scan social media, may collect browsing info from your computer, location, log in how much time you spend looking at stuff from your computer, etc... IT IS CRAZY. They have your kids school ID and Naviance will track you in college if your school pays the additional fee for the service. IT IS GROSS. College records may include transcripts, major, medical absence reports, academic probations, etc..Naviance has career programs for pre-schoolers- they truly are tracking you from cradle to grave. I understand that they may store up to 400 points of data on each student. It's no wonder that they are such a profitable "non-profit". Common App asks students to "waive" rights to view the Teacher College Recommendation letter- Naviance will come to your school and "train" teachers how to write a LORecommendation- I'm guessing it has code words that members would understand and interpret also Naviance will "promote" certain "target" schools for student to apply to. So with the transcript being downloaded from Common App through Naviance- Naviance now has grades, rank, attendance , SAT, ACT, disciplinary, etc.. records. It will continue to get worse. Again I have not kept notes or a list of references- just did some digging around the internet. And none of this has been proven to help kids pick the right choice- nearly 80% of college students will change majors once and most of them will change 3 times. Of the college graduates that are employed, 41% are employees in a job that DOES not require a degree. In Delaware the State stores student Health records with ESchool, so if Naviance has a partnership with ESchools one could possibly match the school data, student data, parent data with the health records. I am not saying that Naviance is doing anything illegal but NO ONE needs this much information on a child that isn't your own.