3. How are they using student data, and can you get this in writing?
Asking vendors to certify in writing that they are only using data for educational purposes could give you legal recourse to sue if they break their promise, which is another way to protect your students.
4. What policies do they have in place for securing student data?
For instance, how do they store user passwords and transmit information? Some ed-tech companies have done poorly in this area, storing passwords in plain text or sending unencrypted data back and forth—and that’s not acceptable. The onus of protecting the integrity of student data is on the vendor. Any educational software should have basic data security measures in place. If it doesn’t, then you should not work with that vendor.
5. Have they had a security audit?
A computer security audit tests for vulnerabilities in an app or program. Have the ed-tech companies you are working with done any penetration testing on their app, either themselves or by a third-party security auditor? If so, when is the last time this was done—and what were the results?
6. Can you request a copy of your schools’ data?
Having access to your data enables you to see what student information your vendors are collecting and storing, so you can make sure they are collecting only what is needed to improve education.If you ask for a copy of your data, will vendors comply with this request? You might have to pay a fee for this service, but it’s a good idea to build this capability into your contracts with vendors, if possible, as yet another way to protect your students.
7. What will they do with your data once the relationship is over?
If a teacher stops her account, or when students leave your district, or when your contract or subscription with a vendor ends, what happens to the data? If this information is no longer needed, it should be destroyed within an agreed-upon period of time.
Asking these questions when making district-level software purchases is a good first step to safeguarding student privacy. But you also need clear policies in place to prevent teachers and students from downloading unauthorized apps and tools—and you need to educate teachers and students about this issue.Taken together, these measures can safeguard the privacy of student information as effectively, or better, than any federal legislation can.
Jim Marshall is the CEO of Promethean, which provides hardware, software, and professional services to help personalize instruction.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply