Search this site
Other stuff

All banner artwork by Brady Johnson, college student and (semi-) starving artist.

Locations of visitors to this page

My latest books:

   

        Available now

       Available Now

Available now 

My book Machines are the easy part; people are the hard part is now available as a free download at Lulu.

 The Blue Skunk Fan Page on Facebook

EdTech Update

 Teach.com

 

 

 

« A world without work | Main | Wise words from Stephen Downes »
Thursday
Jan312013

Parental concern over data privacy and security

Are you prepared to answer an e-mail like this?*

As a parent, I am trying to learn about the school's technology: how it works, what is available, and its privacy.

At my child's school, students are using Scootpad and Edmodo. Is this information kept on a local or district server or is it out there in the web or cloud?

How many different sites have students' information such as name, gender, grade etc.

If teachers are using school computers to access these sites, is my daughter's information safe? Can someone get her information off the teacher's computer when sending it?

How secure are the schools' networks?

My child has also been signed up for several sites by special education so that teachers can find adaptive materials and books**. The sites include the state school for the blind, the State of MN, Bookshare.org etc. How are these sites being protected?

Let's face it - data privacy is a hot topic in the media and I am sure part of a lot of conversations among parents. School districts need to take questions like these seriously and be able to give complete, understanable, and honest answers that reflect good data privacy practices.

Here is my response to this parent:

Both Scootpad and Edmodo are hosted applications - in other words the program and data are indeed stored in the cloud (on servers outside our own district that we do not own). Since neither of these programs contains data that are subject to FERPA regulations, we feel comfortable using these cloud-based sites.  For sites that do have data that is covered by FERPA laws, we make sure there is an encrypted (https) connection to those resources - and that the companies are reputable. Studies consistently show that cloud-based security is very good.

Student names and data are also a part of many other databases in the district including Naviance (guidance), Viewpoint (data warehousing and analysis), Moodle (online course management), GoogleApps for Education (email and online productivity tools), the library catalog, and many instructional programs that track student goals in content areas such as reading and math programs. 

The primary database is our student information system (Infinite Campus) and most student information in other databases is imported from it. Infinite Campus is housed within our district, behind our firewall and on our network. The physical server itself sits in rented space at the secure data center of our local telephone company. Our IP addresses are all subnetted - in other words, the outside world only sees a single IP address for all equipment on our network - another security precaution.

We also recognize that school computers are only as secure as the people using them are knowledgeable. We ask that all computers be password protected, that screen-savers that require passwords to disable be used, and that staff change passwords on a regular basis (and of course that they do not leave passwords on sticky notes near their computers.) The district staff technology security guidelines can be found hereYour comment is a good reminder that we need to do a better job of reminding staff members of this document.

We have an independent company do a regular security audit of our networks and processes and have always passed with flying colors. The most recent one was completed last spring.

Our district, of course, is not alone in this use of technology to record student data and we do take data security and privacy seriously. 

I hope this makes sense. Please e-mail or call me if you ever have questions regarding the privacy of your children's data. It's a valid concern to raise.

* An actual letter that I received last week, edited for privacy, etc...

** Even as the all-knowing, all-seeing technology director, I was unware of these databases and had to contact our special education department to learn more about them. It makes me wonder just how many other places staff is storing information about kids without any sort of vetting process - including confidential data. Such realizations always humble me.

EmailEmail Article to Friend

Reader Comments (12)

Great response, and one that may be very useful as a model for me later! As a librarian, I'm all about privacy, and it gets tough to balance that with the great tools available online for students at times. While I think a policy might help, I wonder how many others work in places where no matter what the policy, there are too many players to make standards feasible. When I see what individual teachers with a tech yen, departments like special education or bilingual services that go whole hog adding student tools, and even outside services (vision, hearing) that have specialized web tools for individual students, can do without apparently considering student data privacy, I sometimes feel a little sympathy for the lock-it-all-down-you-can't-do-that type of IT tech. How can we keep up with the latest and neatest and protect student privacy as well (considering we can't get teachers to stop printing out student test scores to the group printers used by teachers and students alike and forgetting to pick up that sensitive data for days or even weeks)?

February 1, 2013 | Unregistered CommenterKate W

Hi Kate,

Privacy and security is always a balance between access and utility and control - and a topic to seldom considered in working with teachers and data. And yes, librarians need to have some authority in the topic. If we don't who will? Librarians as well need to consider these issues when getting students into reading programa and lit sharing sites. And yes, printing to group printers and copiers is another whole issue. Our copiers require a code to be input at the copier to actually print so that helps, I think.

Thanks for the comment,

Doug

February 2, 2013 | Unregistered CommenterDoug Johnson

Wondering about Edmodo and COPPA compliance. Do all of your parents agree in writing specifically to the Edmodo TOS and Privacy Policy? Thanks!

February 4, 2013 | Unregistered CommenterKaren

Hi Karen,

We have parents sign a general permission form for their students and feel we do not need a separate form for each product we use - especially when they are a walled-garden application like Edmodo.

Hope this helps,

Doug

February 5, 2013 | Unregistered CommenterDoug Johnson

Our district has fully embraced Naviance and is having middle school students create accounts with personality profiles, resumes and other "survey" items. Concerns are that the type of information collected has not been communicated to parents (you have to constantly check the site to see what your student has been asked to do) AND when asked, the district personnel do not answer the questions HOW LONG that information is available to view and WHO can see it.

My student has a 504 plan that asks for extra time on all writing assignments that require organizing thoughts and putting it in writing with correct grammar and spelling due to dyslexia. This request is ignored for Naviance "assignments" so the information posted would leave someone thinking my child is not proficient in writing. I am told there is not enough time to devote to these activities and complete the other academic requirements.

However, I think the Naviance input is critical to whether a student gets honors, AP and other opportunities in high school and later for college consideration since there seems to be more demand than supply of advanced programs in k-12 and more demand than supply of college acceptances. No one has said this is how the information is used, but school counselors are saying this is a primary tool for deciding appropriate high school graduation plans and that colleges do access the databases.

Are my concerns founded?

November 22, 2013 | Unregistered CommenterConcerned Parent

Hi Concerned,

I can only speak for my own district, but the guidance department that runs Naviance assures me that only the student, his/her parents, and the counseling staff can view data in Naviance. It is not shared with anyone or any organization beyond that without parental permission.

I would definitely check with your school to see what its data privacy rules are.

Good luck!

Doug

November 22, 2013 | Registered CommenterDoug Johnson

This is a big reason for parental concern over data harvesting. The 2nd and 3rd parties that the data is submitted to beyond the district level is being saved and sold. Also, beware of signing your kids up for programs without the parents permission and without disclosing all of the privacy disclosures for each program (Scootpad, etc...) Especially if they are under the age od 13.

https://www.youtube.com/watch?v=Lr7Z7ysDluQ&feature=youtu.be

September 26, 2014 | Unregistered CommenterMichie

HI Michie,

Good advice, but I would not get overly paranoid either. I have to believe companies will abide by their own data privacy statements.

Doug

September 26, 2014 | Registered CommenterDoug Johnson

My daughters school, after threatening that her honor roll grades all suffer if she does not partake in Naviance testing, I was told it was all private information. If you go in the Naviance sight, read their privacy statement, it clearly says if you use Naviance, you give permission to let them share their personal data with all kinds of parties. Read the privacy statement, it's all there. They even go so far as to say they acquire kids ip addresses and keep tabs on where they go online, how often, how much tie spent on sites, and can even locate them using their IP address to find them online. This is terrible. It's data mining in the guise of helping your kids. Maybe they do, but they also categorize them by their personality, and tailor their classes etc..to what they feel the tests show where they belong. At what cost to our kids is this really costing us?

January 14, 2016 | Unregistered CommenterTara williams

Hi Tara,

I am sorry to read about your school's policy on testing. No testing should be required of any child - all parents should be able to opt out without penalty. Have you talked to one of your school board members about this?

I am not familiar with Naviance's data privacy protections but they should be held to COPPA standards which limits a vendor's use of any kind of student data.

Hope things work out.

All the best,

Doug

January 14, 2016 | Registered CommenterDoug Johnson

Just read the Naviance privacy statement. When I asked about the schools claims of privacy, but Naviances privacy statement which clearly reads, by using any Naviance programs, etc.. You agree to share your information. The school could not answer this, and still cannot. Also, after reaching out and much research, there is one boy, a senior who was being forced to out his rejection letters on the Naviance site for all other colleges, etc.. To see. He did not want to put that information on, but they are making him via fines!!! Please, you need to do your research on this. Where is the line drawn? A 10th grade student told me that his questions for his grade were worse and more private than the 9th grade questions. I have been told my many students, that they are so uncomfortable with answering them, that they are purposely lying, not to look bad. Doesn't that invalidate what they claim they are trying to do? Why can't it just be a school system database that keeps your grades? Why the personality tests, or arguably a psych evaluation, data mining and all the privacy issues? If it's for the kids, why not keep t local and private, and kids use guidance counselor as we always did. I don't want an algorithm saying who my child is or what should be. Fact that most schools don't use Naviance or use other programs, or none at all, if it's so wonderful, why not tell the parents about it? Why so secret? And why pushing it upon us via threats? It should be opt in, not opt out!

January 17, 2016 | Unregistered CommenterTara williams

Hi Tara,

First, I think that any parent should be able to opt out of any data collection system being used in a public school. (Private schools may be a different story.) Talk to your admin and your school board members and explain your concerns.

Why don't you call or email Naviance directly as well? Express your concerns to them. You might also contact the Electronic Freedom Foundation.

Please let me know if your effort bear fruit and all the best,

Doug​

January 18, 2016 | Registered CommenterDoug Johnson

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>