Written by Christine Witcher When a student walks up to a lab bench and turns on a hotplate, they (and their families) are trusting that I have provided them with the information and equipment necessary to stay safe as they learn. As their teacher, I have what's called a Duty of Care. This includes knowing the possible risks, weighing those risks against the educational benefits of the activity, and providing students with reasonable protections, like wearing goggles and lab aprons. I take this duty very seriously, even writing it into each lesson plan. The physical risks associated with lab work are no greater than the security risks associated with using connected technology. So why aren't we all taking cybersecurity just as seriously? There are laws regulating how student information can be collected, stored, and used. In general, "student data" is any information collected from a student. However, when we're talking about cybercrime, we're usually referring to Personally Identifiable Information (PII) and sensitive information. PII is any information that could be used, alone or in combination with other data, to determine the identity of the student. Sensitive information is any that, if lost, exposed, or misused, could cause adverse impacts for the student. When it comes to developing and using edtech services, there are two main laws that we pay attention to: FERPA and COPPA (though others exist that may apply in educational settings). The Federal Education Records Protection Act (FERPA) dictates that parents and students over 18 have the right to access student educational records. The Children's Online Privacy Protection Rule (COPPA) controls the type of data that can be collected from students under the age of 13. In addition to these federal regulations, states often have additional regulations in place. Companies have a responsibility to protect student information. When it comes to student data, companies have three main jobs: to comply, to inform, and to protect. These jobs include tasks like:
There are best practices that schools and teachers should follow. Schools and/or districts should have a process for vetting edtech, obtaining parental consent, and notifying parents of the sites that collect data from student. The Federal Trade Commission has great resources for establishing an effective process. As a teacher, you should familiarize yourself with your school's policies, give feedback to your administration about the practicality of those policies, and encourage your administrators to adopt policies if none are in place. We'd love to support you with this process, because we care about student privacy as much as you. Please note that this post is not intended to be a legal guide. All legal questions should be directed to the appropriate legal counsel.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
ArchivesCategories |