Skip to the main content

This Week in Student Privacy: 3/10

Several Ed Tech Companies “Falling Short” of Promise to Protect Student Privacy
According to Natasha Singer of The New York Times, several “Digital Learning Companies [are] Falling Short of [the] Student Privacy Pledge.” Singer reported that as of last week-- a month after she “wrote about security vulnerabilities with Raz-Kids.com, a popular reading program for elementary school students”-- while “[Raz-Kids.com] service ha[d] upgraded its data security by, among other things, encrypting its student accounts,” “it had not corrected some other serious security weaknesses.” Singer learned this information from “a new report from Tony Porterfield, a software engineer and father of two elementary school students who, in his spare time, tests the security practices of digital learning companies.” According to Porterfield’s blog, edtechinfosec.org, “the reading program had not encrypted teacher and parent accounts” and “security weakness...could potentially allow unauthorized users to obtain students’ personal information — like their real names, audio recordings and reading levels.” In her article, Singer added that “Cambium Learning Group, the parent company of Raz-Kids, recently signed on to a nationwide student privacy pledge in which signatory companies promise to protect students’ personal information.” The fact that “Cambium Learning Group and several other digital learning companies [that] signed the pledge even though, at the time they joined...had not begun full encryption, an elementary security measure,” according to Singer, “may call into question the trustworthiness of the industry pledge” for “school officials, teachers, parents and students.”

Colorado, Utah Student Privacy Bills Move Forward
Last week, the Colorado Senate Education Committee “voted 9-0 to advance a bill” which “would create new state regulations for companies that provide online services to schools.” Under the bill, “[t]echnology companies would be prohibited from sharing, mining, selling or using student data to peddle products.” According to The Denver Post, “fractures appeared over an amendment [to the bill] backed by Republicans and activist mothers that would require software and other data merchants to discard student information after three years,” as “Democrats on the Senate Education Committee questioned whether that would undermine the collaboration behind the bill and require school districts to build costly systems to house data longer.” Next, the bill will move to the Senate floor. In addition, last week, “[a] bill that seeks to protect student data was given unanimous approval [by Utah’s] House Education Committee.” Under the bill, which “seeks to address what kind of information can be collected and stored by schools,” “student data will be divided into three categories – allowable, optional, and prohibited.” According to The Salt Lake Tribune, the bill “in many cases would require parental consent before collection.” The bill now heads to the House for consideration.

Lynn University Plans to Try Out Student Attendance App “Class120”
Last year, “Lynn University, a small institution in Boca Raton, Fla., started giving away iPads to all its new students.” According to The Chronicle of Higher Education, “[t]he university is planning to try out a new app, called Class120, to ‘ping’ its students’ iPads during class periods.” Lynn students are required to bring their iPads to class, and “[i]f GPS or the campus wi-fi network indicates that someone’s device is not present, the app will send the student an automated reminder, and may notify his or her academic coach as well.” Student privacy advocates such as “Khaliah Barnes, director of the student-privacy project at the Electronic Privacy Information Center,” have expressed concern over Lynn’s tracking program: “‘Just because schools have access to tech does not mean it’s always appropriate to use it,’ she [said], ‘especially when it comes to tracking students.’” However, Lynn administrators “say they have no interest in stalking students outside of regular class hours.”

Some Reaction to New U.S. Department of Education Student Online Privacy Resources
Last month, the U.S. Department of Education “released model terms of service guidance to help schools identify which online educational services and apps have strong privacy and data security policies to protect our students.” The guidanceis intended to assist users in understanding how a given online service or app will collect, use and/or transmit user information, so that they can then decide whether or not to sign up.” Last week, the Center for Digital Education published a piece about the recently released model terms of service, and JD Supra published a blog post about why the model terms of service matter, what the model recommends, and how the model affects student privacy laws.

Articles/Resources

This update was compiled by Hannah Offer. Hannah is a senior at the Crossroads School for Arts & Sciences and a research assistant for the Student Privacy Initiative.

You might also like


Projects & Tools 01

Past

Student Privacy Initiative

The Student Privacy Initiative-- part of the Center's growing suite of Privacy Initiatives-- aims to surface, identify, and evaluate central privacy issues and opportunities that…