As we look forward to a new school year, one of the exciting aspects of being a school IT leader or district administrator is choosing new edtech for your school. Each year, as data gets more relevant and precise, it’s easier to identify gaps in curriculum. Combined with feedback from educators, shopping for edtech products allows districts to improve offerings, support teachers in the classroom, and push learning forward. But there are risks involved in introducing new technology to a school that must be considered.
COPPA: Student Data Privacy Must Be Maintained
In May 2022, the FTC announced that they would be tightening the rules concerning how well edtech companies comply with COPPA, the federal Children’s Online Privacy Protection Act. COPPA is explicit in its protection of students; the entire ACT is published on the FTC website. It prohibits the “unfair or deceptive acts or practices in connection with the collection, use, and/or disclosure of personal information from and about children on the Internet.” Schools must be cautious about the edtech solutions they choose in order to maintain COPPA compliance.
How Schools Can Ensure EdTech Compliance
There are several steps that districts can take to ensure student data privacy. We recommend taking action on these five steps before school begins:
Take Stock of Existing EdTech
Every district should take a look internally at what edtech products they are already using. Review the agreements you have with the vendors and what information they’re requiring. It’s better to find a replacement for edtech that doesn’t meet COPPA, FERPA, and any local privacy guidelines you must meet than to risk continuing the contract.
Analyze Your Cybersecurity
Not all threats come directly from the vendor. If you have vulnerabilities in your systems that connect to third party vendors, don’t invest in cybersecurity, don’t train your staff, or don’t require your vendors to have sufficient security measures in place, your student data may be at risk. While you’re at it, review your policies regarding edtech and if you don’t already have clear guidelines in place about who can implement an edtech solution or upload roster data, get it under control.
Implement SSO
Single sign-on (SSO) means teachers, admins, parents, and students don’t have to log in to individual edtech solutions in order to access the software. Instead of entering roster information for each piece of technology, teachers go to an approved library of edtech solutions and choose the ones they want to use with their classroom. School IT leaders can ensure that the edtech solutions available in the library meet minimum security requirements. When you sign on once through GG4L, all of the edtech apps can be provisioned in an SSO environment to keep it simple for everyone.
Limit Access to Student Data
It had become widespread practice for edtech vendors to ask for access to all the roster data. They did this for ease of connection, but in some cases, it was also to have access to additional data for other purposes, like marketing to students and selling data. There has been a huge crackdown on unethical uses of student data, and the proliferation of edtech means there are plenty of ethical vendors to choose from. But it is still a good practice to limit access to student data to the very minimum needed to perform, whether that’s a piece of technology or a teacher. Through PII Shield offered by GG4L, the edtech vendor only has access to the data they must have for the application to work.
Partner with GG4L and let us help you protect student data.
GG4L’s School Passport is the first of its kind school-centric trusted digital engagement hub that empowers schools to centrally:
- Govern the exchange of student, staff, and parent PII data with SaaS vendors.
- Approve and publish apps to a district or school branded on-demand AppStore.
- Delegate to school staff and teachers the ability to activate apps within their managed groups on-demand.
School Passport will improve safety, privacy and security with advanced governance and privacy tools that monitor and regulate the sharing of PII data, including email accounts. Let GG4L help you protect your data providing only what is needed to edtech vendors. In addition, using GG4L’s single sign-on solution makes it easy for everyone to have access to the apps they need to use. Learn more.
