Vetting Apps Across the District#Data
by Casey ThompsonRead time:
CTOs focus so much on building a secure network and all it takes is one weak link to slip a security breach into the district. As learning applications have stormed onto the scene, it can be hard to know what to look for, and what’s safe, for students to use in classrooms.
FERPA rules allRegardless of the purpose of the app, its compliance with FERPA is a must. FERPA governs the privacy of students’ education records, and yes, the data contained in apps students use counts. The way apps handle data is important, but what ultimately matters is the school’s role—by giving even tacit or absent approval, FERPA complaints could come home to roost with schools.
The sneaky ways apps could cause problemsNo app is 100% trustworthy. Every single one requires permissions to use, some which make sense (like allowing a photo editing app to save to the camera roll) and some which don’t quite make sense. Some of the most problematic areas of educational apps deal with these 6 red flags:
RED FLAG: Third party information sharingWhile third-party data collection is sometimes a calculated tradeoff adults make in exchange for an app experience, selling students’ data to third-parties is not at all worth using a free classroom application. Even if the main application uses student data securely and responsibly, there’s no guarantee a third party will—and sometimes there’s no good way to tell who the third party even is.
RED FLAG: Collecting personally identifiable informationPII can include names, demographic information, social security numbers, addresses, and more. Schools are tasked with keeping this information secure and private. The more apps collect it, the harder it becomes to maintain compliance. More PII records also make it more likely to encounter instances of data breaches and other leaks of PII.
RED FLAG: Location trackingLocation tracking must be carefully monitored. There are legitimate uses for it—a geography app or an augmented reality app, for example—but consider this a big red flag for an app that really has no business tracking a student’s location.
RED FLAG: Stranger interactionMany apps facilitate carefully vetted connections between students, even those across the globe. Some are designed for an entire class of students to interact virtually with each other in the same digital space. What’s never necessary is for students to encounter strangers outside their class, and outside their teacher’s knowledge. School buildings are secured for a reason, and school apps must be treated exactly the same.
RED FLAG: No social monitoring, including anti-bullying measuresCyberbullying claims lives. By permitting interactions between students and providing no safety net for reporting poor behavior, students are vulnerable to harm. If they are required to use the app for school, there’s no escape and few options for reporting (and proving) the bullying they experience.
RED FLAG: Personal or educational records are collected for studentsAny type of educational progress report, personal progress report, or marker of growth for students must be protected and shared with parents. Again, this doesn’t necessarily mean an app is inappropriate—it simply means the app and its data must be carefully monitored in order to maintain FERPA compliance.
Teachers choose apps based on their specific needs and pain points. It can be so tempting to download something that looks cool and sounds like it will solve issues quickly. However, taking a moment to scrutinize the permissions can keep the entire district network, and student information, safer.
Learn three ways your password can be compromised—by kids.
Follow-up resource: Password security
|Casey Thompson Web & Digital Media Manager