How to prioritize student safety while maintaining data privacy

With the move to remote and hybrid learning, cyber safety for students is a critical issue. K-12 learners are online for live lessons, research, homework, assessments and discussions. When they’re learning virtually, they may come across inappropriate or harmful content. Plus, there are many opportunities for their personal data to be at risk. It’s now more important than ever that school districts prioritize student safety while maintaining data privacy. To do this, school districts need strategies so that networks, devices, tools and online environments are safe for learners.

Why are cyber safety and data privacy important in K-12?

Virtual instruction gives students the chance to learn from any device, anywhere, at any time. There are risks, though, when learners are online, and schools need to do everything they can to protect them. When digital safety for students is put into place, it allows them to have deeper online learning experiences. Students can collaborate, create and use digital tools to help their learning, rather than take away from it. 

Data can help guide educational decisions so that every learner succeeds. While it’s necessary for school districts to collect data, every student has the right to have their personal information protected. 

In fact, there were laws created in the United States to shield learners and their information online. Here are the federal laws related to cyber safety and student data privacy.

CIPA

Congress passed the Children’s Internet Protection Act (CIPA) in 2000. It allows schools and libraries to receive internet access discounts through the E-rate program, as long as they follow CIPA guidelines. First, schools must block or filter inappropriate and harmful content to keep learners safe online. They also need an internet safety policy that includes monitoring learners’ online activities. CIPA also states that digital citizenship should be part of instruction.

FERPA

The Family Educational Rights and Privacy Act (FERPA) was established in 1974. It explains how schools are allowed to disclose information from a student’s educational record. FERPA gives parents the right to access their children’s educational records. 

Under this law, parents can also ask for educational records to be corrected if they are inaccurate. Additionally, it gives parents the right to opt out of having their child’s personal information disclosed. There is an exception, though. Parents can’t opt out of records that a teacher needs for instruction. When a student turns 18, FERPA rights are transferred from the parent to the student.

PPRA

The Protection of Pupil Rights Amendment (PPRA) gives parents the right to limit the kind of personal information schools collect from students. When schools collect information during evaluations or surveys, they need to get written consent from parents. 

COPPA

The Children’s Online Privacy Protection Act (COPPA) was enacted in 1998. It limits the personally identifiable information that websites and online services collect from children under 13 without parental consent. 

Websites and online services must post a privacy policy and notify parents about how they collect information. They also need to get parental consent before collecting or sharing children’s personal information. 

Are there state laws for student data privacy?

There are 40 states that have passed student data privacy laws. These laws go beyond the federal laws. Some of them limit what kind of data can be used or stored. Others add specific requirements for edtech companies and contracts. Your school district should research what your state requires and make sure any platforms or tools comply with laws. 

What data can K-12 schools keep and share?

Schools keep data related to transcripts, grades, assessment scores, student schedules, health records, education plans and discipline. They also use information about enrollment, absences and student demographics. These records may contain students’ personally identifiable information. 

Personally identifiable information (PII) includes:

• the student’s name
• the name of a parent or family member
• their home address
• ID numbers
• their birth date

According to FERPA, schools can share data with authorized “school officials.” Those school officials include consultants such as therapists, IT workers or after-school tutors. 

They are also allowed to disclose records to software and application vendors for the purposes of “legitimate educational interest.” It’s imperative that school districts follow FERPA guidelines in order to protect PII and ensure any vendors follow them as well.

What are school districts doing to keep learners safe online?

School leaders have a duty to protect students from danger anywhere they are learning, including during remote learning. With planning, structure and tools, educators can work together to promote internet safety. Here are strategies that school districts can use to prioritize cyber safety for students. 

Collaborative team

Put together a collaborative team to create a digital safety plan. Decide how your schools will follow safety and privacy laws and positive expectations for learners. Also review how to communicate the plan to staff, learners and families. 

Web filter

School districts should use a web filter to block or restrict inappropriate and harmful content. Some web filters available for K-12 education work on specific devices or operating systems, while others are cloud-based. Some also require IT administrators to manually block URLs and make updates. 

Deledao ActiveScan, presented by Hāpara, on the other hand, is an AI-based K-12 web filter that works in real time across devices. After a quick installation, it starts analyzing content so that students can learn safely online. It even allows students to use YouTube for learning experiences by blurring or muting inappropriate content.

Tool to assess mental wellness risks

The Pew Research Center found that 58% of teens have experienced cyberbullying. There is an urgent need for schools to have a plan in place for dealing with cyberbullying. A tool that assesses mental wellness risks across learners’ virtual activity can help schools be proactive. 

Responsible Use Policy

Every school district should develop a Responsible Use Policy (RUP). It’s more impactful if it’s written with input from stakeholders across the district. An RUP outlines how students can use the internet during remote or in-person learning. Consider social media, devices, games, interactive tools and online etiquette. Also communicate filtering, monitoring and data privacy practices and expectations. Ask students and families to sign the RUP at the beginning of the school year. 

How can teachers keep learners safe during virtual learning?

Teachers work with learners directly day-to-day, so they are in the best position to protect them. Not only should cyber safety for students be part of instruction, but there are also tools that can help. Here are ways teachers can keep learners safe during virtual learning.

Clear expectations

Whether virtual learning is synchronous or asynchronous, teachers need to clearly outline their expectations. Learners should have an understanding of how to use the internet in a positive way. It may take practice, though, so expectations should be revisited throughout the year.

Digital citizenship

During remote instruction, it’s the perfect time for teachers to incorporate lessons on digital citizenship. Learners will  understand how to make positive decisions online and understand the effects of technology use. Digital citizenship covers tops such as:

• social media
• virtual discussion etiquette
• copyright for online materials
• evaluating digital content
• mental wellness
• online security settings
• digital footprint

Downloading content

Learners need to be careful when downloading content from websites and email attachments. Teachers should remind them not to download content that asks about personal information, such as their full name, account logins, their address or phone numbers. These types of downloads are usually scams, so students need to be aware of the warning signs.

Video call platforms

When students learn remotely through a live video platform, Zoomboming and/or Google Meet bombing is a possibility. That’s when an uninvited person joins the call and takes control of the screen. Their goal may be to disrupt the call or share inappropriate content. 

This certainly poses a threat to virtual learning safety. Educators can use a tool built for K-12 safety, such as Deledao ActiveScan, presented by Hāpara. Since it works in real-time to restrict inappropriate content, it also stops Zoombombing from happening. With a safety tool, teachers don’t have to worry about learning being interrupted.  

Monitoring tools

Teachers can also use a classroom monitoring tool to help learners stay focused during online instruction. A digital monitoring tool can help them check learners’ open tabs during virtual instruction. Hāpara Highlights is a monitoring tool that also allows teachers to remind learners about being on task. They can also guide the class or a group. They can do this by sharing an educational link or creating a session that opens only a particular website.

What are school districts doing to ensure online data privacy?

School districts are continuing to try new digital platforms and tools to enhance learning. It’s essential to have a game plan in place for upholding data privacy laws, whether learning is in-person or remote. So what common measures are used to protect student privacy? Here are ways school districts are protecting data. 

Approved platforms, tools and websites 

Your collaborative safety team should create a list of platforms, tools and websites that are secure. Look at how they perform across devices, too, since there are malicious apps that pose threats on specific devices. Share your approved list with staff members, students and families so that they can all stay safe. 

Network protection

Some school district networks in recent years have been attacked by malware and ransomware. 

Make sure your K-12 district has software in place that will protect your network from threats. 

It should also scan emails for spam and phishing so that data isn’t stolen. 

Password strength policy

Another way to protect data is by developing a password strength policy. Passwords for staff members or learners should not be easily predicted. Of course, passwords should also not contain any PII, such as names. It’s recommended that they contain at least six or more characters and include numbers and symbols.

Safer emailing

School districts can also create a policy for safer emailing. For example, staff members need to be careful about emailing students’ PII. If they must send sensitive information, it’s better to send it into an encrypted attachment. 

Cybersecurity training for staff members

Once your district has policies in place, provide cybersecurity training for staff members. That way everyone is aware of requirements and why those requirements are important. Once staff members have been trained, they can work together to safeguard student data. 

How can teachers address data privacy during remote learning? 

During the COVID-19 pandemic, schools switched to 100% remote learning. Data privacy regulations for students still applied even though they weren’t on campus. In fact, it was even more critical for educators to ensure data privacy with online risks. That still applies as students continue to learn virtually. Here are ways for teachers to address data privacy during remote learning.

District-approved list

As mentioned, school districts should create a list of acceptable platforms, tools and websites. Teachers then have the responsibility of sticking primarily to that list. It’s especially important since the resources were chosen to keep student information safe. There are a lot of online resources for educators, but some websites or apps may collect data and not protect it. Teachers should look closely at any that may not be on the list and get approval if they’re not sure. 

Secure sites

If teachers do visit other educational websites, they should check that they are secure sites. Secure sites use an SSL certificate, which means that data being passed through the site is encrypted. If the URL has an “s” after the “http,” it means that the site transmits data securely. Teachers can also check for the lock icon in the address bar, showing that it’s a secure site.

Photos and videos

The US Department of Education notes that a photo or video of a student is an educational record when it’s directly related to a student. Some teachers may want to record a class session so that learners can watch it later. That’s okay as long as a specific learner is not the focus and PII isn’t shared. 

If a one-on-one meeting with a teacher and learner is recorded, it could be considered an educational record. For example, grades or attendance may be discussed during the meeting. In that case, it’s important to follow FERPA guidelines for storing or sharing that record.

Remote class observers

When learners attend a live virtual class, they may have family members hanging out in the background. Teachers also may have spouses or children around who could potentially observe the class. Just like an in-person class can have visitors stop by the classroom, it’s okay for family members to be in the background. 

What’s important, though, for data privacy is that teachers cannot disclose students’ PII. This information should not be shared during the live class since family members could be observing. 

Transparency with families

Another way for educators to address data privacy is by being transparent with families. Teachers need to communicate online expectations and platforms and tools that learners will use. They should also share edtech tool privacy policies with families so that they are clear about how student data will be protected.

How can schools check if an edtech tool protects learners and safeguards their data?

Company student privacy policy

The company or organization should have a student privacy policy posted on their website. Review the privacy policy and pay attention to how they collect and use data. Do they follow FERPA and COPPA or other data privacy laws? Do they encrypt data? You can also share the information with families and parents. 

Student Privacy Pledge

Another way to learn if a company is dedicated to internet safety for students is to check the Student Privacy Pledge. If a company voluntarily signed the pledge, they are committed to safeguarding student privacy. The pledge includes:

• only using data for educational purposes
• not selling personally identifiable information
• not storing information beyond the time they are using it for educational purposes

Advertisements

Check if the edtech tool or platform includes advertisements targeted to kids and their online behavior. According to a 2018 Common Sense report, many free tools show traditional or targeted ads to students. Targeted ads mean that information was collected and then shared with advertisers. Be sure to take a look at what students will see when using the tool or platform. 

Identity authentication

Also review a tool or platform’s authentication process for administrators, teachers and students. Strong authentication helps keep accounts and data safe. Does the tool or platform use single sign-on (SSO)? Having one login process for multiple online tools makes it easier for everyone. SSO is also safer to use than having multiple email and password combinations.

The best way to prioritize learner safety and maintain data privacy is by working together as a community. School districts with a plan in place, a clear line of communication and the right tools can protect students. Training committed staff members will also help ensure learning stays safe. Lastly, it’s crucial to teach students how to navigate virtual environments so they can make safe decisions themselves.