Predictions for the Future of Student Data Privacy
- By Patrick Peterson
Leah Plunkett (L) and Paulina Haduong, fellows at the Berkman Center for Internet & Society, spoke about privacy for students at the FETC 2015 conference Thursday in Orlando.
"In five years I think education technology will be completely ubiquitous, and it will be integrated into parts of the curriculum that we are just beginning to conceive of," said Leah Plunkett, a fellow at Berkman Center for Internet and Society, speaking at a session she hosted with colleague Paulina Haduong Thursday at the FETC 2015 convention in Orlando, FL.
This ubiquitousness will require that new privacy and security policies are implemented at schools.
"We will see it embedded seamlessly into many parts of school life," Plunkett said.
And Haduong added that President Obama has signaled that he is going to make student data protection a federal priority.
As a test of privacy attitudes at the session, Plunkett and Haduong posed hypothetical problems to attendees, which included whether school administrators should accept a security robot that roams a school's halls taking video and e-mailing the parents of students it catches breaking school rules. She also asked attendees whether they would accept a program that used technology to monitor what students ate and where they went in hopes of improving their health.
The audience had many concerns about the information collected in both scenarios. Where would the information go, into the cloud or onto a private server? Who would control it? Would students know they were monitored? And how long would the information be kept before it was deleted?
The conference attendees made other predictions for the next five years:
- What's called education technology will become routine.
- In five years we'll be struggling to be more efficient.
- Within five years the U.S. will face a catastrophic public privacy issue in the public space in the cloud.
- We'll be trying to get teachers up to speed on technology. Students are there.
- A reciprocated relationship will develop between advanced teachers and inexperienced teachers who don't have the (technological) savviness.
- We might line up legislation to allow teachers to be innovative in the classroom to protect privacy.
- We'll learn what data we can safely put in the cloud.
- Our privacy concerns will diversify over new several platforms that will develop over the next few years.
- In five years, there will be more devices with more operating systems that will lead to more data being collected and more privacy breaches.
Schools may also need to take more responsibility for careless students.
Plunkett said students often are not given accounts that can be secured. For example, students younger than 13 cannot open their own e-mail accounts and must piggyback on a teacher's account to communicate on the Internet, which can result in a liability for the teacher.
"It's sometimes tricky to use education technology for students who are under 13," she said. "Students accessing each other's accounts is definitely a concern, so, the student's older brother can't get in and ruin his math homework."
Children on the Internet, even for educational purposes, can be vulnerable.
"Very young people can't tell the difference between advertising and content," Plunkett said. "We've seen a lot of student data move to public clouds."
Students are notoriously careless with information they post on the Internet.
"How do we teach students to monitor their own privacy online," said Plunkett, who often warns students. "I tell them, 'I don't want to hear you didn't get the job because of the drunken pictures on Facebook," she said.
Additionally, many privacy policies are written so they can be changed at will by the vendors. This difficulty is compounded because many people do not read privacy policies when they sign up for a service.
"They can be very difficult and tricky and difficult to parse," Plunkett said. "Consent may get less and less meaningful when you're taking about very large vendors. They write in clauses that the policy is subject to change at any time."
Best Practices for Student Privacy
- School district-level decision making is crucial.
- Use negotiated contracts to enforce agreements.
- Preserve space for classroom innovation.
- Protect security as a baseline.
- Know where the server is located. Avoid overseas locations.
- Hire a chief privacy officer.
- Make sure your third party contractor is under your district's control, especially with contract clauses that allow terms to change.
- Remember that federal enforcement of privacy laws is minimal.
- There is no limit to the possible loss of data.
- Be wary of public data storage systems, which your district doesn't control.
See https://brk.mm/spi for more information.